Fix SSL alert in CI

Jss has fixed ssl alert for non blocking socket and the messages are updated in CI tests. See: dogtagpki/jss@2f516c6
dogtagpki · Feb 13, 2025 · df2b41a · df2b41a
1 parent 150f160
commit df2b41a
Showing 1 changed file with 5 additions and 13 deletions.
diff --git a/.github/workflows/server-https-nss-test.yml b/.github/workflows/server-https-nss-test.yml
@@ -195,13 +195,10 @@ jobs:
           # check stderr
           cat > expected << EOF
           WARNING: UNKNOWN_ISSUER encountered on 'CN=pki.example.com' indicates an unknown CA cert 'CN=CA Signing Certificate'
-          Trust this certificate (y/N)? IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Unknown issuer: CN=CA Signing Certificate
+          Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: UNKNOWN_CA
+          IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Unknown issuer: CN=CA Signing Certificate
           EOF
 
-          # TODO: Update the expected stderr once the missing SSL alert is fixed
-          # Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: UNKNOWN_CA
-          # IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Unknown issuer: CN=CA Signing Certificate
-
           diff expected stderr
 
           # the cert should not be stored
@@ -229,13 +226,10 @@ jobs:
           cat > expected << EOF
           WARNING: BAD_CERT_DOMAIN encountered on 'CN=pki.example.com' indicates a common-name mismatch
           WARNING: UNKNOWN_ISSUER encountered on 'CN=pki.example.com' indicates an unknown CA cert 'CN=CA Signing Certificate'
-          Trust this certificate (y/N)? IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Bad certificate domain: CN=pki.example.com
+          Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: ACCESS_DENIED
+          IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Bad certificate domain: CN=pki.example.com
           EOF
 
-          # TODO: Update the expected stderr once the missing SSL alert is fixed
-          # Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: ACCESS_DENIED
-          # IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Bad certificate domain: CN=pki.example.com
-
           diff expected stderr
 
           # the cert should not be stored
@@ -359,12 +353,10 @@ jobs:
           # check stderr
           cat > expected << EOF
           ERROR: EXPIRED_CERTIFICATE encountered on 'CN=pki.example.com' results in a denied SSL server cert!
+          SEVERE: FATAL: SSL alert sent: CERTIFICATE_EXPIRED
           IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Expired certificate: CN=pki.example.com
           EOF
 
-          # TODO: Update the expected stderr once the missing SSL alert is fixed
-          # SEVERE: FATAL: SSL alert sent: CERTIFICATE_EXPIRED
-
           diff expected stderr
 
       - name: Stop PKI server