4 files changed, 64 insertions, 4 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 443c07236f71..2705a6e35a70 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = python-pyhanko-certvalidator
 	pkgdesc = Validates X.509 certificates and paths
 	pkgver = 0.19.5
-	pkgrel = 2
+	pkgrel = 3
 	url = https://github.com/MatthiasValvekens/certvalidator
 	arch = any
 	license = MIT
@@ -14,6 +14,10 @@ pkgbase = python-pyhanko-certvalidator
 	depends = python-cryptography
 	depends = python-uritools
 	source = pyhanko-certvalidator-0.19.5.tar.gz::https://github.com/MatthiasValvekens/certvalidator/archive/refs/tags/0.19.5.tar.gz
+	source = revocation-test.patch
+	source = digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt
 	sha256sums = 2b3eabe4383340f8939eb559e7accfcf68e79a609bbd05ece3a7e959af1fcf4e
+	sha256sums = 73f997673be82a9d75f9a127e5303a05cf539e0955f7730e5a1f73596701da8c
+	sha256sums = 16ce93e1e0126da8be9b77e70446ed5e3faa8b7c3ebc514b512919633b2b5ca6
 
 pkgname = python-pyhanko-certvalidator
diff --git a/PKGBUILD b/PKGBUILD
index 0a6db358b6b5..8bb8a7732133 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,7 +2,7 @@
 _name=pyhanko-certvalidator
 pkgname='python-pyhanko-certvalidator'
 pkgver=0.19.5
-pkgrel=2
+pkgrel=3
 pkgdesc="Validates X.509 certificates and paths"
 url="https://github.com/MatthiasValvekens/certvalidator"
 license=('MIT')
@@ -11,8 +11,19 @@ depends=('python-requests' 'python-asn1crypto' 'python-oscrypto' 'python-cryptog
          'python-uritools')
 makedepends=('python-setuptools')
 checkdepends=('python-oscrypto-tests' 'python-aiohttp')
-source=("${_name}-${pkgver}.tar.gz::https://github.com/MatthiasValvekens/certvalidator/archive/refs/tags/$pkgver.tar.gz")
-sha256sums=('2b3eabe4383340f8939eb559e7accfcf68e79a609bbd05ece3a7e959af1fcf4e')
+source=("${_name}-${pkgver}.tar.gz::https://github.com/MatthiasValvekens/certvalidator/archive/refs/tags/$pkgver.tar.gz"
+        "revocation-test.patch"
+        "digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt")
+sha256sums=('2b3eabe4383340f8939eb559e7accfcf68e79a609bbd05ece3a7e959af1fcf4e'
+            '73f997673be82a9d75f9a127e5303a05cf539e0955f7730e5a1f73596701da8c'
+            '16ce93e1e0126da8be9b77e70446ed5e3faa8b7c3ebc514b512919633b2b5ca6')
+
+prepare() {
+  cd certvalidator-${pkgver}
+  # https://github.com/MatthiasValvekens/certvalidator/commit/54e09a087bc6a46c67205f2596d5a3cb7d4e61c8
+  mv ../digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt tests/fixtures
+  patch -Np1 -i ../revocation-test.patch
+}
 
 build() {
   cd certvalidator-${pkgver}
diff --git a/digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt b/digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt
new file mode 100644
index 000000000000..2ce21adc7091
--- /dev/null
+++ b/digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt
diff --git a/revocation-test.patch b/revocation-test.patch
new file mode 100644
index 000000000000..30755dd0c822
--- /dev/null
+++ b/revocation-test.patch
@@ -0,0 +1,45 @@
+--- a/tests/test_validate.py
++++ b/tests/test_validate.py
+@@ -171,7 +171,8 @@ def test_revocation_mode_hard(self):
+ 
+         expected = (
+             '(CRL|OCSP response) indicates the end-entity certificate was '
+-            'revoked at 22:42:35 on 2021-08-17, due to an unspecified reason'
++            'revoked at \\d\\d:\\d\\d:\\d\\d on \\d\\d\\d\\d-\\d\\d-\\d\\d'
++            ', due to an unspecified reason'
+         )
+         with self.assertRaisesRegex(RevokedError, expected):
+             validate_path(context, path)
+@@ -201,8 +202,8 @@ async def test_revocation_mode_hard_async(self):
+ 
+             expected = (
+                 '(CRL|OCSP response) indicates the end-entity certificate was '
+-                'revoked at 22:42:35 on 2021-08-17, due to an unspecified '
+-                'reason'
++                'revoked at \\d\\d:\\d\\d:\\d\\d on \\d\\d\\d\\d-\\d\\d-\\d\\d'
++                ', due to an unspecified reason'
+             )
+             with self.assertRaisesRegex(RevokedError, expected):
+                 await async_validate_path(context, path)
+@@ -229,8 +230,8 @@ async def test_revocation_mode_hard_aiohttp_autofetch(self):
+ 
+             expected = (
+                 '(CRL|OCSP response) indicates the end-entity certificate was '
+-                'revoked at 22:42:35 on 2021-08-17, due to an unspecified '
+-                'reason'
++                'revoked at \\d\\d:\\d\\d:\\d\\d on \\d\\d\\d\\d-\\d\\d-\\d\\d'
++                ', due to an unspecified reason'
+             )
+             with self.assertRaisesRegex(RevokedError, expected):
+                 await async_validate_path(context, path)
+@@ -257,8 +258,8 @@ async def test_revocation_mode_hard_requests_autofetch(self):
+ 
+             expected = (
+                 '(CRL|OCSP response) indicates the end-entity certificate was '
+-                'revoked at 22:42:35 on 2021-08-17, due to an unspecified '
+-                'reason'
++                'revoked at \\d\\d:\\d\\d:\\d\\d on \\d\\d\\d\\d-\\d\\d-\\d\\d'
++                ', due to an unspecified reason'
+             )
+             with self.assertRaisesRegex(RevokedError, expected):
+                 await async_validate_path(context, path)