You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When CI starts spuriously failing, it is usually caused by the certificates inside `src/tests/vertification_real_world` reaching their max issuance lifetime and becoming expired. While most
4
+
of our tested platforms are able to handle this better by mocking out the verification time, some can't. At the time of writing these are:
- Windows ([1](https://github.com/rustls/rustls-platform-verifier/issues/117))
7
+
8
+
The other case that can cause failures (much less often) is the mock certificates expiring. Due to platform verifier security restrictions, we can't place absurdly high/unlimited expiry dates
9
+
on our mock CA and the certificates issued by it. As such, they will expire about every 2 years and need updated by hand.
10
+
11
+
Thankfully, updating these has become easy:
12
+
- If the `verification_real_world` tests are failing, do the following:
13
+
1. Run `cargo run --example update-certs.rs`
14
+
2. Using your tool of choice, update the hardcoded time in `verification_time` to match the current datetime.
15
+
3. Commit your changes and push up a fix branch/PR.
16
+
- If the `verification_mock` tests are failing, do the following:
17
+
1. Run `cd rustls-platform-verifier/src/tests/verification_mock`
18
+
2. Run `go run ca.go`
19
+
3. Using your tool of choice, update the hardcoded time in `verification_time` to match the current datetime.
20
+
4. Commit your changes and push up a fix branch/PR.
0 commit comments