Bug#1036769: lintian: Check for certificates .pem/.crt/.pkcs12 with expiry set

To: 1036769@bugs.debian.org
Subject: Bug#1036769: lintian: Check for certificates .pem/.crt/.pkcs12 with expiry set
From: Andrius Merkys <merkys@debian.org>
Date: Mon, 13 May 2024 10:40:25 +0300
Message-id: <[🔎] 4cae695c-a836-4e04-9bf1-fd078b0237b1@debian.org>
Reply-to: Andrius Merkys <merkys@debian.org>, 1036769@bugs.debian.org
In-reply-to: <168502846845.43509.12532775004004085723.reportbug@p5.zz.de>
References: <168502846845.43509.12532775004004085723.reportbug@p5.zz.de> <168502846845.43509.12532775004004085723.reportbug@p5.zz.de> <168502846845.43509.12532775004004085723.reportbug@p5.zz.de>

Control: owner -1 !

Hi,

On Thu, 25 May 2023 17:27:48 +0200 Florian Lohoff <f@zz.de> wrote:

i am in the middle of a stretch rebuild for mipsel (Upgrade path from
jessie as stretch dropped 75% of supported systems with mips32)

A big issue are certificates, mostly for build tests which have an
expire date set. This causes the package to fail just because we are a
couple years behind schedule.

I am interested in taking this. I have been bitten by expiredcertificates in tests previously, albeit not from standalone files, butembedded in test runners. Checking of expiry of standalone certificatesshould be pretty simple, whereas finding embedded certificates mightrequire a bit more magic.

I plan to employ a Perl module Net::SSL::ExpireDate to check the expirydate. It should be easy to use it in lintian code. Of course, first ofall, Net::SSL::ExpireDate needs to be packaged (on salsa, no ITP yet).


Andrius

Reply to:

Prev by Date: Debian bookworm update/backport
Next by Date: Processed: Re: lintian: Check for certificates .pem/.crt/.pkcs12 with expiry set
Previous by thread: Debian bookworm update/backport
Next by thread: Processed: Re: lintian: Check for certificates .pem/.crt/.pkcs12 with expiry set
Index(es):
- Date
- Thread