From 76678d4186603fda18c929b0f09ca4ea312b72de Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Fri, 28 Jan 2022 18:55:32 +0300
Subject: Fix tests failures on i686 for glibc versions prior to 2.34 due to
 certificates expiration date beyond 2038

---
 tests/auth/cert | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'tests/auth/cert')

diff --git a/tests/auth/cert b/tests/auth/cert
index 87ec9b5..9355af8 100755
--- a/tests/auth/cert
+++ b/tests/auth/cert
@@ -4,25 +4,28 @@
 #
 # openssl genrsa 4096 > key.pem
 
-openssl req -x509 -new -key key.pem -days 36500 -config default-openssl.cnf > \
+# Note that for glibc versions prior to 2.34 there is an issue on i686 with
+# using certificates with expiration date beyond 2038.
+#
+openssl req -x509 -new -key key.pem -days 5475 -config default-openssl.cnf > \
 	default-cert.pem
 
 cat default-cert.pem | openssl x509 -sha256 -noout -fingerprint | \
   sed -n 's/^SHA256 Fingerprint=\(.*\)$/\1/p' >default-cert-fp
 
-openssl req -x509 -new -key key.pem -days 36500 -config mismatch-openssl.cnf > \
+openssl req -x509 -new -key key.pem -days 5475 -config mismatch-openssl.cnf > \
         mismatch-cert.pem
 
-openssl req -x509 -new -key key.pem -days 36500 -config noemail-openssl.cnf > \
+openssl req -x509 -new -key key.pem -days 5475 -config noemail-openssl.cnf > \
         noemail-cert.pem
 
-openssl req -x509 -new -key key.pem -days 36500 \
+openssl req -x509 -new -key key.pem -days 5475 \
 	-config subdomain-openssl.cnf > subdomain-cert.pem
 
-openssl req -x509 -new -key key.pem -days 36500 -config self-openssl.cnf > \
+openssl req -x509 -new -key key.pem -days 5475 -config self-openssl.cnf > \
         self-cert.pem
 
-openssl req -x509 -new -key key.pem -days 36500 -config self-any-openssl.cnf > \
+openssl req -x509 -new -key key.pem -days 5475 -config self-any-openssl.cnf > \
         self-any-cert.pem
 
 # Normally, you have no reason to regenerate expired-cert.pem, as need to keep
-- 
cgit v1.1