From 666c2b2e2b03e9da0d167a540e60442111be0dc7 Mon Sep 17 00:00:00 2001 From: Paul Glass Date: Thu, 5 Jan 2023 11:47:45 -0600 Subject: [PATCH] Fix TLS_BadVerify test assertions on macOS (#15903) --- agent/checks/check_test.go | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/agent/checks/check_test.go b/agent/checks/check_test.go index d95b87a924..495fc1472b 100644 --- a/agent/checks/check_test.go +++ b/agent/checks/check_test.go @@ -836,12 +836,22 @@ func TestCheckHTTP_TLS_BadVerify(t *testing.T) { if got, want := notif.State(cid), api.HealthCritical; got != want { r.Fatalf("got state %q want %q", got, want) } - if !strings.Contains(notif.Output(cid), "certificate signed by unknown authority") { + if !isInvalidCertificateError(notif.Output(cid)) { r.Fatalf("should fail with certificate error %v", notif.OutputMap()) } }) } +// isInvalidCertificateError checks the error string for an untrusted certificate error. +// The specific error message is different on Linux and macOS. +// +// TODO: Revisit this when https://github.com/golang/go/issues/52010 is resolved. +// We may be able to simplify this to check only one error string. +func isInvalidCertificateError(err string) bool { + return strings.Contains(err, "certificate signed by unknown authority") || + strings.Contains(err, "certificate is not trusted") +} + func mockTCPServer(network string) net.Listener { var ( addr string @@ -1400,9 +1410,8 @@ func TestCheckH2PING_TLS_BadVerify(t *testing.T) { if got, want := notif.State(cid), api.HealthCritical; got != want { r.Fatalf("got state %q want %q", got, want) } - expectedOutput := "certificate signed by unknown authority" - if !strings.Contains(notif.Output(cid), expectedOutput) { - r.Fatalf("should have included output %s: %v", expectedOutput, notif.OutputMap()) + if !isInvalidCertificateError(notif.Output(cid)) { + r.Fatalf("should fail with certificate error %v", notif.OutputMap()) } }) }