diff --git a/admin/MAINTAINENCE.md b/admin/MAINTAINENCE.md index 3db38db..1ac3d71 100644 --- a/admin/MAINTAINENCE.md +++ b/admin/MAINTAINENCE.md @@ -10,7 +10,7 @@ on our mock CA and the certificates issued by it. As such, they will expire abou Thankfully, updating these has become easy: - If the `verification_real_world` tests are failing, do the following: - 1. Run `cargo run --example update-certs.rs` + 1. Run `cargo run --example update-certs` 2. Using your tool of choice, update the hardcoded time in `verification_time` to match the current datetime. 3. Commit your changes and push up a fix branch/PR. - If the `verification_mock` tests are failing, do the following: diff --git a/rustls-platform-verifier/src/tests/mod.rs b/rustls-platform-verifier/src/tests/mod.rs index b2cf3c4..134a20f 100644 --- a/rustls-platform-verifier/src/tests/mod.rs +++ b/rustls-platform-verifier/src/tests/mod.rs @@ -62,8 +62,8 @@ pub fn assert_cert_error_eq( /// we know the test certificates are valid. This must be updated if the mock certificates /// are regenerated. pub(crate) fn verification_time() -> pki_types::UnixTime { - // Wed, 13 August 2025 19:31:53 UTC - pki_types::UnixTime::since_unix_epoch(Duration::from_secs(1_755_113_506)) + // Sat, 3 January 2026 14:20:06 UTC + pki_types::UnixTime::since_unix_epoch(Duration::from_secs(1_767_450_006)) } fn test_provider() -> Arc { diff --git a/rustls-platform-verifier/src/tests/verification_real_world/aws_amazon_com_valid_1.crt b/rustls-platform-verifier/src/tests/verification_real_world/aws_amazon_com_valid_1.crt index 3ca3b8c..3e6174d 100644 Binary files a/rustls-platform-verifier/src/tests/verification_real_world/aws_amazon_com_valid_1.crt and b/rustls-platform-verifier/src/tests/verification_real_world/aws_amazon_com_valid_1.crt differ diff --git a/rustls-platform-verifier/src/tests/verification_real_world/aws_amazon_com_valid_2.crt b/rustls-platform-verifier/src/tests/verification_real_world/aws_amazon_com_valid_2.crt index f1e3552..46289c1 100644 Binary files a/rustls-platform-verifier/src/tests/verification_real_world/aws_amazon_com_valid_2.crt and b/rustls-platform-verifier/src/tests/verification_real_world/aws_amazon_com_valid_2.crt differ diff --git a/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_1.crt b/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_1.crt index e3991a7..d775756 100644 Binary files a/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_1.crt and b/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_1.crt differ diff --git a/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_2.crt b/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_2.crt index 67d933a..b187e36 100644 Binary files a/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_2.crt and b/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_2.crt differ diff --git a/rustls-platform-verifier/src/tests/verification_real_world/mod.rs b/rustls-platform-verifier/src/tests/verification_real_world/mod.rs index 6cec976..eeb3deb 100644 --- a/rustls-platform-verifier/src/tests/verification_real_world/mod.rs +++ b/rustls-platform-verifier/src/tests/verification_real_world/mod.rs @@ -69,12 +69,12 @@ const VALID_AWS_AMAZON_COM_CHAIN: &[&[u8]] = &[ fn valid_aws_chain_names() -> Vec { const VALID_AWS_NAMES: &[&str] = &[ "aws.amazon.com", - "www.aws.amazon.com", - "aws-us-east-1.amazon.com", "aws-us-west-2.amazon.com", + "www.aws.amazon.com", + "1.aws-lbr.amazonaws.com", "amazonaws-china.com", "www.amazonaws-china.com", - "1.aws-lbr.amazonaws.com", + "aws-us-east-1.amazon.com", ]; VALID_AWS_NAMES