From c1d897188ffa3857192a9ba0e6575109c1578386 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Mon, 11 Mar 2024 16:34:06 -0400
Subject: [PATCH 1/2] tests: include ref id in real world test log

Previously the `real_world_test` macro only included the test case's
expected result in its log output. This makes it tricky to differentiate
between failures for testcases that share the same expected result (e.g.
`Ok(())`).

This commit updates the macro so the generated test fn includes the
reference subject identifier name as well as the expected result.
---
 .../src/tests/verification_real_world/mod.rs                | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/rustls-platform-verifier/src/tests/verification_real_world/mod.rs b/rustls-platform-verifier/src/tests/verification_real_world/mod.rs
index ca9daca2..47323284 100644
--- a/rustls-platform-verifier/src/tests/verification_real_world/mod.rs
+++ b/rustls-platform-verifier/src/tests/verification_real_world/mod.rs
@@ -118,7 +118,11 @@ macro_rules! no_error {
 }
 
 fn real_world_test<E: std::error::Error>(test_case: &TestCase<E>) {
-    log::info!("verifying {:?}", test_case.expected_result);
+    log::info!(
+        "verifying ref ID {:?} expected {:?}",
+        test_case.reference_id,
+        test_case.expected_result
+    );
 
     // On BSD systems openssl-probe fails to find the system CA bundle,
     // so we must provide extra roots from webpki-roots.

From 98725337daa56ebe98db7877670b3886884539e8 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Mon, 11 Mar 2024 16:35:32 -0400
Subject: [PATCH 2/2] tests: update lets encrypt real world EE test cert

* Updates the test cert for presently unknown reasons the previous EE
  cert is returning an error in the Android real world verification test
  suite that appears resolved by refreshing the EE cert.
* Updates the mock verification timestamp to be newer than the LE EE
  cert's NotBefore date.
---
 rustls-platform-verifier/src/tests/mod.rs     |   4 ++--
 .../letsencrypt_org_valid_1.crt               | Bin 1138 -> 1139 bytes
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/rustls-platform-verifier/src/tests/mod.rs b/rustls-platform-verifier/src/tests/mod.rs
index 3455f93c..5370f251 100644
--- a/rustls-platform-verifier/src/tests/mod.rs
+++ b/rustls-platform-verifier/src/tests/mod.rs
@@ -58,6 +58,6 @@ pub fn assert_cert_error_eq<E: StdError + PartialEq + 'static>(
 /// we know the test certificates are valid. This must be updated if the mock certificates
 /// are regenerated.
 pub(crate) fn verification_time() -> pki_types::UnixTime {
-    // Wednesday, January 3, 2024 6:03:08 PM UTC
-    pki_types::UnixTime::since_unix_epoch(Duration::from_secs(1_704_304_988))
+    // Monday, March 11, 2024 8:30:25 PM UTC
+    pki_types::UnixTime::since_unix_epoch(Duration::from_secs(1_710_189_025))
 }
diff --git a/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_1.crt b/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_1.crt
index 5fd49ffc1b01a5ee942818c8b3e9f0c821a66112..78c79c699571515d454573702d3e32b168d11a6f 100644
GIT binary patch
delta 683
zcmV;c0#yC-2=fRbFoFbcFoFYDpaTK{0s;~Qr@gwqX=i$+-$I$I_UHKBJCPws8Z<C5
zGB+|YGcYnTS{Ds6G%z$WHZn0YFfuWbgEB}QHfYA@67Yr#vv4WMWI<r#Ryj1SS_b&X
zfy;&g*<|YBodXqsnMoA^qqhPI%Ubh5^0sp8WU;3r0Y}Duzcgl}f&ykRf&yZZ{YVtS
z(5A3HdWws|5Duz7Kr$-o;cOPOSpfk77X$_hD+U1s0oHi}1Ofzs^#p<P0Pp~JlW_th
ze~nEGoB;p;1Oos_Fh&9)0Lh+w@9e6Dr|!HmtbC`?A~kB8@WhqtP8uVbBAb5SnF1jI
z%ERJj4jk`U)R47UNc``v8fh12^?X=pD#c`xoD5C`0CfQF&Cq1k+ZxWrT(_OH%@d+B
zhemw7?B2ssNLfa4AGMnR00E6n3!Fj#e*gpn07fuG0w6_Q4GAJ~1P{R*Qyh6@oVl6P
zY5JitVVrOz^O+26DgOc>bS#V?Ip@rR{^iD7ip^V>TtpCmC!vCar?b%=ugUa!FbxI?
zDuzgg_YDC73k3iJf&l>lhSU`KYtC9%FD5S3-0m6@jHFzWQ5i8>b3E3@q(Y-He@m5w
zph_DqzRb@4KkKtsS4AneB0mQN`Crzf?bu<sEfDJUm=@q6wp0erHmE-0!KRyO$};0e
z`rLLK4&vQ11MnTyfwj}jT&F`op&-fAa{^REE*d=nU&||(^fXN3u{b->dh%kAB3>UV
zVymV&C85wmwp!_%1ay#PCnGv$VW(<zTW5m&8eF)UED?G<H`VP3WEE%>!iD9wb)jCL
zzd7Lp_$?FvMU77mQLAdEJdKqX+rl&Tv?K!bDmZ(bz};fDyr+{#LQ7POa$l8bfhgp>
R<jBb8dHY92edE<(RgkoeC6xdG

delta 682
zcmV;b0#*I<2=WLaFoFbbFoFYCpaTK{0s;~QA%>$weNqTLlnctYkTdUwt&t%}8Z$95
zGB`3ZGB7eUS{Ds6G%zwUHZn0XFfucdgEB}!>%zkA^_I=aXs)n1VR(jp$z}oiR^YF6
zJl>@2L;x~LCYHnmSk0ruCo^$=p40Ue?8x3K28~%mSu_18WH7O#f&yhQf&yWY{YVrY
zezwSs=lO$_V#~W&yU#Jkhx(+mSpfk77Xt<gD+U1s0oHi}1Ofzs^aO$N0Pg^GlW_th
ze~cIe>4E?N1Oos@Fhl|%YfXFr=aTUQnYF#=Dti&;_?qM_rur<707QE<hd90F0w4}N
ztx-7lx}H=ilj$^59#I8g_TZ#r+m1SR!M9V9mjnQI07$UoYuctqG!Nx!0{WdW>l{)6
z%U0bif!Vvit2x+&a{vGVj2HyzhX4Qse**wVFhv3(0G|M<qBg*Net<|5@b+eNCdh1Q
zKDZ2#4Fm)fE@I?&!~!5unUl%QOgR;gPmVnOE$8S@bRMOzP5U83mQX$D>poU64F(A+
zhDe6@4FLfQ1potr0RaF6js%!bEYydpw8-w7<f;ur){;9irQt(aUkOST1+8%Sf93#(
zrNSUQdqPDX4^l*n711fU%aZFF@O(4yEV4A&iJY6TvpH?z5-4fF_W8rYr;ZKk{os;D
ztS1?ZrH&oraG*}+2#ZtnFT6dfqM;N0>lFJhj=;FzCB~#I$S-_<+~$7gZX^GP)U42+
zmH)IR5Bpjg86XGl08{15FzVW?U^LQW9J)<iN9NY`qI+N@WG0Ct_1rVbYz>7b@R9d}
z@}ND7A^hYOzh@l`KRxDdG2!67<(=96G?(u`>Qi?+>k;o*@JM*u*1N+|2bi{u$R(@Y
QFaoXM4=K}%M+%fZzu37f+5i9m