Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix TLS_BadVerify test assertions on macOS #15903

Merged
merged 2 commits into from
Jan 5, 2023
Merged

Fix TLS_BadVerify test assertions on macOS #15903

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5628769
Fix TLS_BadVerify test assertions on macOS
Jan 4, 2023
f7c028a
Link to golang issue for invalid cert error message change
Jan 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 10 additions & 4 deletions agent/checks/check_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -836,12 +836,19 @@ func TestCheckHTTP_TLS_BadVerify(t *testing.T) {
if got, want := notif.State(cid), api.HealthCritical; got != want {
r.Fatalf("got state %q want %q", got, want)
}
if !strings.Contains(notif.Output(cid), "certificate signed by unknown authority") {
if !isInvalidCertificateError(notif.Output(cid)) {
r.Fatalf("should fail with certificate error %v", notif.OutputMap())
}
})
}

// isInvalidCertificateError checks the error string for an untrusted certificate error.
// The specific error message is different on Linux and macOS.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a "this is safe to remove when golang/go#52010 is addressed"

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 f7c028a

func isInvalidCertificateError(err string) bool {
return strings.Contains(err, "certificate signed by unknown authority") ||
strings.Contains(err, "certificate is not trusted")
}

func mockTCPServer(network string) net.Listener {
var (
addr string
Expand Down Expand Up @@ -1400,9 +1407,8 @@ func TestCheckH2PING_TLS_BadVerify(t *testing.T) {
if got, want := notif.State(cid), api.HealthCritical; got != want {
r.Fatalf("got state %q want %q", got, want)
}
expectedOutput := "certificate signed by unknown authority"
if !strings.Contains(notif.Output(cid), expectedOutput) {
r.Fatalf("should have included output %s: %v", expectedOutput, notif.OutputMap())
if !isInvalidCertificateError(notif.Output(cid)) {
r.Fatalf("should fail with certificate error %v", notif.OutputMap())
}
})
}
Expand Down