Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix SSL alert in CI #4960

Merged
merged 1 commit into from
Feb 13, 2025
Merged

Fix SSL alert in CI #4960

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 5 additions & 13 deletions .github/workflows/server-https-nss-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,13 +195,10 @@ jobs:
# check stderr
cat > expected << EOF
WARNING: UNKNOWN_ISSUER encountered on 'CN=pki.example.com' indicates an unknown CA cert 'CN=CA Signing Certificate'
Trust this certificate (y/N)? IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Unknown issuer: CN=CA Signing Certificate
Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: UNKNOWN_CA
IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Unknown issuer: CN=CA Signing Certificate
EOF

# TODO: Update the expected stderr once the missing SSL alert is fixed
# Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: UNKNOWN_CA
# IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Unknown issuer: CN=CA Signing Certificate

diff expected stderr

# the cert should not be stored
Expand Down Expand Up @@ -229,13 +226,10 @@ jobs:
cat > expected << EOF
WARNING: BAD_CERT_DOMAIN encountered on 'CN=pki.example.com' indicates a common-name mismatch
WARNING: UNKNOWN_ISSUER encountered on 'CN=pki.example.com' indicates an unknown CA cert 'CN=CA Signing Certificate'
Trust this certificate (y/N)? IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Bad certificate domain: CN=pki.example.com
Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: ACCESS_DENIED
IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Bad certificate domain: CN=pki.example.com
EOF

# TODO: Update the expected stderr once the missing SSL alert is fixed
# Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: ACCESS_DENIED
# IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Bad certificate domain: CN=pki.example.com

diff expected stderr

# the cert should not be stored
Expand Down Expand Up @@ -359,12 +353,10 @@ jobs:
# check stderr
cat > expected << EOF
ERROR: EXPIRED_CERTIFICATE encountered on 'CN=pki.example.com' results in a denied SSL server cert!
SEVERE: FATAL: SSL alert sent: CERTIFICATE_EXPIRED
IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Expired certificate: CN=pki.example.com
EOF

# TODO: Update the expected stderr once the missing SSL alert is fixed
# SEVERE: FATAL: SSL alert sent: CERTIFICATE_EXPIRED

diff expected stderr

- name: Stop PKI server
Expand Down
Loading