Can I ask you to try again? I was working with neon, and after taking a break it now magically works again. I think some people were working on openssl which fixed the problems I was having.

And I, too, have been having trouble connecting to the upstream source. I'm not sure what to do about that.

(In reply to Bernhard Wiedemann from comment #0)
> Steps to Reproduce:
> osc build --vm-type=kvm --noservice \
>  "--build-opt=--vm-custom-opt=-rtc base=2019-09-01"
> 
> Actual Results:
> ssl................... 55/65 FAIL - fail_nul_cn (verification flags were 22
> not
> 4)
> ssl................... 56/65 FAIL - fail_nul_san (verification flags were 22
> not 4)
> 
> probably some builtin SSL cert expired then.
> 
> I wanted to file this upstream, but could not find it.

Can I ask you to try again? I was working with neon, and after taking a break it now magically works again. I think some people were working on openssl which fixed the problems I was having.

And I, too, have been having trouble connecting to the upstream source. I'm not sure what to do about that.

Still the same with current Factory.
Did you try the reproducer?

(In reply to Bernhard Wiedemann from comment #3)
> Still the same with current Factory.
> Did you try the reproducer?

Not exactly, I removed "--vm-type=kvm" from the command because my system doesn't like kvm.

But this time I did temporarily set my system date to "01 September 2019" and got the same results as you.

You're right. A few built-in ssl certs do expire in August, 2019:
test/nulca.pem, test/nulcn.pem, test/nulsan.pem, and test/nulsan.pem.

The certificates used in those two tests (fail_nul_cn and fail_nul_san) expire in September, 2019. They are specially-crafted with errors in them for those tests and are not used for anything else.

My suggestion is to disable the tests when the certificates expire.