From df2b41aed3cf41c8990d701b4628de02285f8f98 Mon Sep 17 00:00:00 2001
From: Marco Fargetta <mfargett@redhat.com>
Date: Thu, 13 Feb 2025 11:38:41 +0100
Subject: [PATCH] Fix SSL alert in CI

Jss has fixed ssl alert for non blocking socket and the messages are
updated in CI tests.

See: https://github.com/dogtagpki/jss/commit/2f516c6e1f04c1dd4333d257e71007786e2ae5c5
---
 .github/workflows/server-https-nss-test.yml | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/server-https-nss-test.yml b/.github/workflows/server-https-nss-test.yml
index 6cf9d6b0f2e..49ef2f1abef 100644
--- a/.github/workflows/server-https-nss-test.yml
+++ b/.github/workflows/server-https-nss-test.yml
@@ -195,13 +195,10 @@ jobs:
           # check stderr
           cat > expected << EOF
           WARNING: UNKNOWN_ISSUER encountered on 'CN=pki.example.com' indicates an unknown CA cert 'CN=CA Signing Certificate'
-          Trust this certificate (y/N)? IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Unknown issuer: CN=CA Signing Certificate
+          Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: UNKNOWN_CA
+          IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Unknown issuer: CN=CA Signing Certificate
           EOF
 
-          # TODO: Update the expected stderr once the missing SSL alert is fixed
-          # Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: UNKNOWN_CA
-          # IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Unknown issuer: CN=CA Signing Certificate
-
           diff expected stderr
 
           # the cert should not be stored
@@ -229,13 +226,10 @@ jobs:
           cat > expected << EOF
           WARNING: BAD_CERT_DOMAIN encountered on 'CN=pki.example.com' indicates a common-name mismatch
           WARNING: UNKNOWN_ISSUER encountered on 'CN=pki.example.com' indicates an unknown CA cert 'CN=CA Signing Certificate'
-          Trust this certificate (y/N)? IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Bad certificate domain: CN=pki.example.com
+          Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: ACCESS_DENIED
+          IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Bad certificate domain: CN=pki.example.com
           EOF
 
-          # TODO: Update the expected stderr once the missing SSL alert is fixed
-          # Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: ACCESS_DENIED
-          # IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Bad certificate domain: CN=pki.example.com
-
           diff expected stderr
 
           # the cert should not be stored
@@ -359,12 +353,10 @@ jobs:
           # check stderr
           cat > expected << EOF
           ERROR: EXPIRED_CERTIFICATE encountered on 'CN=pki.example.com' results in a denied SSL server cert!
+          SEVERE: FATAL: SSL alert sent: CERTIFICATE_EXPIRED
           IOException: Unable to write to socket: Unable to validate CN=pki.example.com: Expired certificate: CN=pki.example.com
           EOF
 
-          # TODO: Update the expected stderr once the missing SSL alert is fixed
-          # SEVERE: FATAL: SSL alert sent: CERTIFICATE_EXPIRED
-
           diff expected stderr
 
       - name: Stop PKI server