Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expired crls-demo/prod-cert.pem certificates #35

Open
yenn opened this issue Oct 28, 2017 · 3 comments
Open

Expired crls-demo/prod-cert.pem certificates #35

yenn opened this issue Oct 28, 2017 · 3 comments
Assignees

Comments

@yenn
Copy link

yenn commented Oct 28, 2017

Expired certs are causing MerlinWithCRLDistributionPointsExtensionTest unit tests to fail.

see: openssl x509 -in src/test/resources/keys/crls-demo-cert.pem -text -noout -enddate

out: notAfter=Jun 8 05:54:52 2017 GMT

There are also integration test failures.

@todvora
Copy link
Owner

todvora commented Oct 29, 2017

Hi @yenn,
Thank you for noticing this. There are actually two issues:

  • The cert expired, as you say
  • Playground switched from qica.der to the same set of CA certificates as in production.

I fixed most of the issues on this branch: https://github.com/todvora/eet-client/tree/fix-certificate-issues

The only missing part is to update a production certificate used to sign responses. One has to extract it from a real communication fragment against real endpoint (wsse:BinarySecurityToken value).

Unfortunately, I don't have access to any valid production communication so I could do it myself. Maybe you can do it? I am only interested in the certificate value and not the rest of the communication, so there is no value which is secret.

image

Otherwise, you can always @Ignore the MerlinWithCRLDistributionPointsExtensionTest.verifyTrustProduction test.

Thanks,
Tomas

@yenn
Copy link
Author

yenn commented Oct 29, 2017

Hi Tomas,
Thanks for swift reply.
I have ignored it for now, but figured that I would give you heads up as you would for sure find out at certain point.
I'll extract the public cert from the communication and submit a pull request.

Best,
Jan

@todvora
Copy link
Owner

todvora commented Oct 29, 2017

Perfect, thank you! Meanwhile, I merge the branch back to master, to not confuse other users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants