Error format of untrusted certificate errors should depend on OS

Go 1.18.1 started using MacOS' x509 verification APIs on Macs rather than Go's own. The error messages are different. Signed-off-by: Margo Crawford <margaretc@vmware.com>
2026-01-05 04:56:11 +00:00 · 2022-04-14 17:37:36 -07:00
parent c624846eaa
commit d5337c9c19
5 changed files with 26 additions and 5 deletions
--- a/test/integration/ldap_client_test.go
+++ b/test/integration/ldap_client_test.go
@@ -20,6 +20,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/user"

 	"go.pinniped.dev/internal/authenticators"
+	"go.pinniped.dev/internal/testutil"
 	"go.pinniped.dev/internal/upstreamldap"
 	"go.pinniped.dev/test/testlib"
 )
@@ -467,7 +468,7 @@ func TestLDAPSearch_Parallel(t *testing.T) {
 			username:  "pinny",
 			password:  pinnyPassword,
 			provider:  upstreamldap.New(*providerConfig(func(p *upstreamldap.ProviderConfig) { p.CABundle = nil })),
-			wantError: fmt.Sprintf(`error dialing host "127.0.0.1:%s": LDAP Result Code 200 "Network Error": x509: certificate signed by unknown authority`, ldapsLocalhostPort),
+			wantError: fmt.Sprintf(`error dialing host "127.0.0.1:%s": LDAP Result Code 200 "Network Error": %s`, ldapsLocalhostPort, testutil.X509UntrustedCertError("Pinniped Test")),
 		},
 		{
 			name:     "when the CA bundle does not cause the host to be trusted with StartTLS",
@@ -478,7 +479,7 @@ func TestLDAPSearch_Parallel(t *testing.T) {
 				p.ConnectionProtocol = upstreamldap.StartTLS
 				p.CABundle = nil
 			})),
-			wantError: fmt.Sprintf(`error dialing host "127.0.0.1:%s": LDAP Result Code 200 "Network Error": TLS handshake failed (x509: certificate signed by unknown authority)`, ldapLocalhostPort),
+			wantError: fmt.Sprintf(`error dialing host "127.0.0.1:%s": LDAP Result Code 200 "Network Error": TLS handshake failed (%s)`, ldapLocalhostPort, testutil.X509UntrustedCertError("Pinniped Test")),
 		},
 		{
 			name:      "when trying to use TLS to connect to a port which only supports StartTLS",