[PATCH] tests: regenerate x509 test certificates
Gregory Szorc
gregory.szorc at gmail.com
Sun Jul 17 14:29:28 EDT 2016
On Sun, Jul 17, 2016 at 12:02 AM, Julien Cristau <jcristau at debian.org>
wrote:
> On Tue, Jul 12, 2016 at 22:28:34 -0700, Gregory Szorc wrote:
>
> > +Now generate an expired certificate by turning back the system time:
> > +
> > + $ date --set='2016-01-01T00:00:00Z'
> > + $ printf '.\n.\n.\n.\n.\nlocalhost\nhg at localhost\n' | \
> > + openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 -out
> pub-expired.pem
> > +
> > +Generate a certificate not yet active by advancing the system time:
> > +
> > + $ date --set='2030-01-01T00:00:00Z'
> > + $ printf '.\n.\n.\n.\n.\nlocalhost\nhg at localhost\n' | \
> > + openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 -out
> pub-not-yet.pem
> > +
> > +Note: When adjusting system time, verify the time change sticks. If
> running
> > +systemd, you may want to use `timedatectl set-ntp false` and e.g.
> > +`timedatectl set-time '2016-01-01 00:00:00'` to set system time.
> > +
>
> FWIW, using faketime (https://github.com/wolfcw/libfaketime) makes these
> a bit easier. Folded with the other suggestion, it becomes
>
> faketime 2030-01-01T00:00:00Z \
> openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 -out
> pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg at localhost/'
>
> Cheers,
> Julien
>
Thank you, Julien and Anton for the suggestions. I just sent a patch with
revised instructions. It is definitely an improvement.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mercurial-scm.org/pipermail/mercurial-devel/attachments/20160717/b0078446/attachment.html>
More information about the Mercurial-devel
mailing list