From ae48b95d253542a715bb33a95d10390b19f1752c Mon Sep 17 00:00:00 2001 From: Anderson Queiroz Date: Tue, 8 Oct 2024 20:48:59 +0200 Subject: [PATCH] fix internal/pkg/agent/cmd.TestEnroll (#5741) fix the mock fleet server used on internal/pkg/agent/cmd.TestEnroll was using the root certificate instead its own TLS certificate. As soon as elasitc-agent-libs is updated to v1.12.0+ it becomes a problem as the root certificates do not come with IPs and SANs anymore. Therefore the client cannot verify the certificate indeed belongs to the server. --- internal/pkg/agent/cmd/enroll_cmd_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/pkg/agent/cmd/enroll_cmd_test.go b/internal/pkg/agent/cmd/enroll_cmd_test.go index cc13b2ab252..c175240abfa 100644 --- a/internal/pkg/agent/cmd/enroll_cmd_test.go +++ b/internal/pkg/agent/cmd/enroll_cmd_test.go @@ -817,7 +817,7 @@ func mTLSServer(t *testing.T, agentPassphrase string) ( // configure server's TLS fleetRootCertPool := x509.NewCertPool() fleetRootCertPool.AppendCertsFromPEM(fleetRootPair.Cert) - cert, err := tls.X509KeyPair(fleetRootPair.Cert, fleetRootPair.Key) + cert, err := tls.X509KeyPair(fleetChildPair.Cert, fleetChildPair.Key) require.NoError(t, err, "could not create tls.Certificates from child certificate") agentRootCertPool := x509.NewCertPool()