From 4af07fc4d5e7a765f49fc698ac01632c27e32f61 Mon Sep 17 00:00:00 2001 From: samuel40791765 Date: Tue, 1 Oct 2024 02:38:14 +0000 Subject: [PATCH] Fix OCSP timebomb in tests --- crypto/ocsp/ocsp_test.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ocsp/ocsp_test.cc b/crypto/ocsp/ocsp_test.cc index 357e5bf564..81c0e235fd 100644 --- a/crypto/ocsp/ocsp_test.cc +++ b/crypto/ocsp/ocsp_test.cc @@ -416,6 +416,8 @@ TEST(OCSPTest, TestGoodOCSP) { // This will cause the function to fail in two places, once when checking // if "(current_time + nsec) > thisupd [Status Not Yet Valid]", and a second // time when checking if "nextupd > (current_time - nsec) [Status Expired]". + // The inverse happens when |thisupd| is outdated. + ERR_clear_error(); EXPECT_FALSE(OCSP_check_validity(thisupd, nextupd, -time(nullptr), -1)); err = ERR_get_error(); EXPECT_EQ(OCSP_R_STATUS_NOT_YET_VALID, ERR_GET_REASON(err));