Skip to content

Commit

Permalink
Update PKI CA test
Browse files Browse the repository at this point in the history 
Previously if a client tries to connect to a server but it does
not have the CA signing cert installed and trusted it will get
an UNTRUSTED_ISSUER error from NSS. In the latest NSS the error
has changed to UNKNOWN_ISSUER, so the test has been updated
accordingly.
  • Loading branch information
@edewata
edewata committed Aug 21, 2024
1 parent c194dd8 commit 1999e32
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/pki-ca-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ jobs:
# check stderr
cat > expected << EOF
WARNING: UNTRUSTED ISSUER encountered on 'CN=pki.example.com,OU=pki-tomcat,O=EXAMPLE' indicates a non-trusted CA cert 'CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE'
WARNING: UNKNOWN_ISSUER encountered on 'CN=pki.example.com,OU=pki-tomcat,O=EXAMPLE' indicates an unknown CA cert 'CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE'
Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: BAD_CERTIFICATE
IOException: Unable to write to socket: Failed to write to socket: (-5987) Invalid function argument.
EOF
Expand All @@ -169,8 +169,8 @@ jobs:
# check stderr
cat > expected << EOF
WARNING: UNKNOWN_ISSUER encountered on 'CN=pki.example.com,OU=pki-tomcat,O=EXAMPLE' indicates an unknown CA cert 'CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE'
WARNING: BAD_CERT_DOMAIN encountered on 'CN=pki.example.com,OU=pki-tomcat,O=EXAMPLE' indicates a common-name mismatch
WARNING: UNTRUSTED ISSUER encountered on 'CN=pki.example.com,OU=pki-tomcat,O=EXAMPLE' indicates a non-trusted CA cert 'CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE'
Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: BAD_CERTIFICATE
IOException: Unable to write to socket: Failed to write to socket: (-12276) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
EOF
Expand All @@ -194,7 +194,7 @@ jobs:
# check stderr
cat > expected << EOF
WARNING: UNTRUSTED ISSUER encountered on 'CN=pki.example.com,OU=pki-tomcat,O=EXAMPLE' indicates a non-trusted CA cert 'CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE'
WARNING: UNKNOWN_ISSUER encountered on 'CN=pki.example.com,OU=pki-tomcat,O=EXAMPLE' indicates an unknown CA cert 'CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE'
Trust this certificate (y/N)?
EOF
Expand Down

0 comments on commit 1999e32

Please sign in to comment.