Bug #9341

IMAPTest#test_imaps_with_ca_file test failed after 2014-01-01.

Added by Heesob Park 4 months ago. Updated 3 months ago.

[ruby-core:59459]
Status:Closed
Priority:Normal
Assignee:Shugo Maeda
Category:test
Target version:current: 2.2.0
ruby -v:ruby 2.2.0dev (2014-01-02 trunk 44483) [x64-mswin64_100] Backport:1.9.3: DONE, 2.0.0: DONE, 2.1: DONE

Description

The test IMAPTest#testimapswithcafile failed with the following error after 2014-01-01 on all platforms in rubyci.org

IMAPTest#testimapswithcafile [D:/tmp/mswin-build20140102-4508-1arnv64/ruby/test/net/imap/testimap.rb:74]:
Exception raised:
<#<OpenSSL::SSL::SSLError: SSL
connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed>>.

IMAPTest#teststarttls:
OpenSSL::SSL::SSLError: SSL
write: certificate verify failed
D:/tmp/mswin-build20140102-4508-1arnv64/ruby/.ext/common/openssl/buffering.rb:326:in syswrite'
D:/tmp/mswin-build20140102-4508-1arnv64/ruby/.ext/common/openssl/buffering.rb:326:in
dowrite'
D:/tmp/mswin-build20140102-4508-1arnv64/ruby/.ext/common/openssl/buffering.rb:423:in print'
D:/tmp/mswin-build20140102-4508-1arnv64/ruby/lib/net/imap.rb:1225:in
put
string'
D:/tmp/mswin-build20140102-4508-1arnv64/ruby/lib/net/imap.rb:1197:in block in send_command'
D:/tmp/mswin-build20140102-4508-1arnv64/ruby/lib/monitor.rb:211:in
monsynchronize'
D:/tmp/mswin-build20140102-4508-1arnv64/ruby/lib/net/imap.rb:1192:in send_command'
D:/tmp/mswin-build20140102-4508-1arnv64/ruby/lib/net/imap.rb:368:in
logout'
D:/tmp/mswin-build20140102-4508-1arnv64/ruby/test/net/imap/test
imap.rb:524:in starttls_test'
D:/tmp/mswin-build20140102-4508-1arnv64/ruby/test/net/imap/test_imap.rb:113:in
test_starttls'

I found the cause of this failure is due to the expired certificate validity period.

The current validity period is defined as
Validity
Not Before: Dec 23 10:23:52 2010 GMT
Not After : Jan 1 10:23:52 2014 GMT

Found in test/net/imap/server.crt and test/net/imap/cacert.pem

Associated revisions

Revision 44488
Added by Aman Gupta 3 months ago

test/net/imap/test_imap.rb: fix test failures due to expired certs

  • test/net/imap/cacert.pem: generate new CA cert, since the last one expired. [Bug #9341]
  • test/net/imap/server.crt: new server cert signed with updated CA.
  • test/net/imap/Makefile: add make regen_certs to automate this process.

History

#1 Updated by Nobuyoshi Nakada 4 months ago

Yes, I know it, but not how to refresh it.

#2 Updated by Heesob Park 4 months ago

You must recreate the certificates.

Refer to http://www.lwithers.me.uk/articles/cacert.html

#3 Updated by Nobuyoshi Nakada 4 months ago

  • Category set to test
  • Status changed from Open to Assigned
  • Assignee set to Shugo Maeda
  • Target version set to current: 2.2.0
  • Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN to 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED

#4 Updated by Aman Gupta 3 months ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r44488.
Heesob, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


test/net/imap/test_imap.rb: fix test failures due to expired certs

  • test/net/imap/cacert.pem: generate new CA cert, since the last one expired. [Bug #9341]
  • test/net/imap/server.crt: new server cert signed with updated CA.
  • test/net/imap/Makefile: add make regen_certs to automate this process.

#5 Updated by Tomoyuki Chikanaga 3 months ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: REQUIRED, 2.0.0: DONE, 2.1: REQUIRED

r44488 and r44489 were backported to ruby20_0 branch at r44491.

#6 Updated by Usaku NAKAMURA 3 months ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: DONE, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: DONE, 2.1: DONE

backported into ruby193 at r44533.
and, seems to be backported into ruby
2_1 at r44528.

Also available in: Atom PDF