Fix TLS_BadVerify test assertions on macOS (#15903)

2023-01-05 11:47:45 -06:00 · 2023-01-05 11:47:45 -06:00 · 666c2b2e2b
parent b78de5a7a2
commit 666c2b2e2b
1 changed files with 13 additions and 4 deletions
--- a/agent/checks/check_test.go
+++ b/agent/checks/check_test.go
@ -836,12 +836,22 @@ func TestCheckHTTP_TLS_BadVerify(t *testing.T) {
 		if got, want := notif.State(cid), api.HealthCritical; got != want {
 			r.Fatalf("got state %q want %q", got, want)
 		}
-		if !strings.Contains(notif.Output(cid), "certificate signed by unknown authority") {
+		if !isInvalidCertificateError(notif.Output(cid)) {
 			r.Fatalf("should fail with certificate error %v", notif.OutputMap())
 		}
 	})
 }

+// isInvalidCertificateError checks the error string for an untrusted certificate error.
+// The specific error message is different on Linux and macOS.
+//
+// TODO: Revisit this when https://github.com/golang/go/issues/52010 is resolved.
+// We may be able to simplify this to check only one error string.
+func isInvalidCertificateError(err string) bool {
+	return strings.Contains(err, "certificate signed by unknown authority") ||
+		strings.Contains(err, "certificate is not trusted")
+}
+
 func mockTCPServer(network string) net.Listener {
 	var (
 		addr string
@ -1400,9 +1410,8 @@ func TestCheckH2PING_TLS_BadVerify(t *testing.T) {
 		if got, want := notif.State(cid), api.HealthCritical; got != want {
 			r.Fatalf("got state %q want %q", got, want)
 		}
-		expectedOutput := "certificate signed by unknown authority"
-		if !strings.Contains(notif.Output(cid), expectedOutput) {
-			r.Fatalf("should have included output %s: %v", expectedOutput, notif.OutputMap())
+		if !isInvalidCertificateError(notif.Output(cid)) {
+			r.Fatalf("should fail with certificate error %v", notif.OutputMap())
 		}
 	})
 }