I noticed that in test/config-next/ca.json we have the modern profile with maxValidityPeriod of 583200s. But that value is not listed in test/config-next/cert-checker.json's acceptableValidityDurations. That means we're not exercising cert-checker, or the modern profile, or both.
To test, I changed acceptableValidityDurations to remove 7776000s. After running ./tn.sh -i, I found that the output included:
# Finished processing certificates, report length: 69, good: 4, bad: 69
{
"good-certs": 4,
"bad-certs": 69,
"db-errs": 0,
"entries": {
...
However, the overall status of the tests was success. We should:
- Ensure cert-checker fails CI when it fails.
- Ensure each of our test profiles is exercised by integration tests (otherwise, why have that profile in CI?).
- Add
583200s to maxValidityPeriod for cert-checker in CI.
I noticed that in
test/config-next/ca.jsonwe have themodernprofile withmaxValidityPeriodof583200s. But that value is not listed intest/config-next/cert-checker.json'sacceptableValidityDurations. That means we're not exercising cert-checker, or themodernprofile, or both.To test, I changed
acceptableValidityDurationsto remove7776000s. After running./tn.sh -i, I found that the output included:However, the overall status of the tests was success. We should:
583200stomaxValidityPeriodfor cert-checker in CI.