Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:103536
To: internals@lists.php.net
Reply-To: Alexander Kurilo <alex@kurilo.me>
Date: Sun, 2 Dec 2018 11:35:16 +0300
Lines: 27
Message-ID: <pu05c2$shu$1@blaine.gmane.org>
References: <19588601-decc-1110-3d1d-21207b1908c0@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.3.1
In-Reply-To: <19588601-decc-1110-3d1d-21207b1908c0@gmail.com>
Content-Language: en-US-large
Subject: Re: [PHP-DEV] Broken openssl tests on Travis
From: internals@lists.php.net ("Alexander Kurilo via internals")

On 02/12/2018 09:16, Stanislav Malyshev wrote:
> Hi!
> 
> I am seeing tons of broken openssl tests on Travis CI. Example:
> https://travis-ci.org/php/php-src/jobs/462367522
> 
> All errors seem to be the same:
> 001+ Warning: stream_socket_client(): SSL operation failed with code 1.
> OpenSSL Error messages:
> 002+ error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed in
> /home/travis/build/php/php-src/ext/openssl/tests/ServerClientTestCase.inc(96)
> : eval()'d code on line 10
> 
> Anybody knows anything about this?

Certificated that had been used for openssl tests, expired yesterday.
There are 2 ways to proceed, as I see it:

* generate new ones ASAP to get rid of false alarms;
* check if there's anything to be done to avoid this in the future.

To address the latter, certificates can be generated for each test run 
to make sure their expiration dates are never in the past but I'm not 
sure openssl binary has been a requirement for running tests, so maybe 
we're better off just generating another certificate for an upcoming 
decade or two.