diff --git a/0001-update-expired-Lets-Encrypt-CA-fixture.patch b/0001-update-expired-Lets-Encrypt-CA-fixture.patch new file mode 100644 index 0000000..874340e --- /dev/null +++ b/0001-update-expired-Lets-Encrypt-CA-fixture.patch @@ -0,0 +1,86 @@ +From f454ee8e77fd2360bf8f49a76ab749c52eb58348 Mon Sep 17 00:00:00 2001 +From: Sebastiaan van Stijn +Date: Wed, 21 Jul 2021 23:24:54 +0200 +Subject: [PATCH] =?UTF-8?q?tlsconfig:=20update=20expired=20Let=E2=80=99s?= + =?UTF-8?q?=20Encrypt=20CA=20fixture?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It expired on Mar 17, 2021, causing tests to fail: + + === RUN TestConfigClientExclusiveRootPools + config_test.go:595: Unable to verify certificate 1: x509: certificate has expired or is not yet valid: current time 2021-07-21T14:20:01Z is after 2021-03-17T16:40:46Z + +Signed-off-by: Sebastiaan van Stijn +--- + tlsconfig/config_test.go | 52 +++++++++++++++++++++------------------- + 1 file changed, 27 insertions(+), 25 deletions(-) + +diff --git a/tlsconfig/config_test.go b/tlsconfig/config_test.go +index 8c99f879..50cfc2ca 100644 +--- a/tlsconfig/config_test.go ++++ b/tlsconfig/config_test.go +@@ -11,35 +11,37 @@ import ( + "testing" + ) + +-// This is the currently active LetsEncrypt IdenTrust cross-signed CA cert. It expires Mar 17, 2021. ++// This is the currently active Let’s Encrypt R3 (RSA 2048, O = Let's Encrypt, CN = R3) ++// cross-signed CA Intermediate cert, downloaded from: https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem ++// It expires Sep 29 19:21:40 2021 GMT ++// download updated versions from https://letsencrypt.org/certificates/ + const ( + systemRootTrustedCert = ` + -----BEGIN CERTIFICATE----- +-MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ ++MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/ + MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +-DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow +-SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT +-GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC +-AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF +-q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 +-SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 +-Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA +-a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj +-/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T +-AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG +-CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv +-bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k +-c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw +-VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC +-ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz +-MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu +-Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF +-AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo +-uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ +-wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu +-X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG +-PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 +-KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ++DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow ++MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT ++AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs ++jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp ++Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB ++U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7 ++gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel ++/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R ++oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E ++BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p ++ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE ++p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE ++AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu ++Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0 ++LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf ++r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B ++AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH ++ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8 ++S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL ++qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p ++O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw ++UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg== + -----END CERTIFICATE----- + ` + rsaPrivateKeyFile = "fixtures/key.pem" diff --git a/golang-github-docker-connections.spec b/golang-github-docker-connections.spec index d8f3a4b..feeb11e 100644 --- a/golang-github-docker-connections.spec +++ b/golang-github-docker-connections.spec @@ -7,11 +7,6 @@ Version: 0.4.0 %gometa -# Remove in F33: -%global godevelheader %{expand: -Obsoletes: golang-github-docker-go-connections-devel < 0.4.0-5 -} - %global common_description %{expand: Go-connections provides common package to work with network connections.} @@ -26,6 +21,8 @@ Summary: Utility package to work with network connections License: ASL 2.0 URL: %{gourl} Source0: %{gosource} +# update expired Lets Encrypt CA fixture +Patch0: https://github.com/docker/go-connections/commit/f454ee8e77fd2360bf8f49a76ab749c52eb58348.patch#/0001-update-expired-Lets-Encrypt-CA-fixture.patch BuildRequires: golang(github.com/pkg/errors) BuildRequires: golang(golang.org/x/net/proxy) @@ -42,6 +39,7 @@ BuildRequires: golang(github.com/stretchr/testify/assert) %prep %goprep +%patch0 -p1 %install %gopkginstall