webhook: alter regex to account for x509sha1 GODEBUG removal

go1.24 removes the x509sha1 GODEBUG variable, and with it the
support for SHA-1 signed certs. This commit alters the regex
in unit tests to account for that and prep for go1.24.

Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
This commit is contained in:
Madhav Jivrajani
2024-12-30 13:39:17 -08:00
parent 5ac4d36d67
commit 774adff447

View File

@@ -406,14 +406,14 @@ func TestTLSConfig(t *testing.T) {
test: "server cert with SHA1 signature", test: "server cert with SHA1 signature",
clientCA: caCert, clientCA: caCert,
serverCert: append(append(sha1ServerCertInter, byte('\n')), caCertInter...), serverKey: serverKey, serverCert: append(append(sha1ServerCertInter, byte('\n')), caCertInter...), serverKey: serverKey,
errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA \\(temporarily override with GODEBUG=x509sha1=1\\)", errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA",
increaseSHA1SignatureWarnCounter: true, increaseSHA1SignatureWarnCounter: true,
}, },
{ {
test: "server cert signed by an intermediate CA with SHA1 signature", test: "server cert signed by an intermediate CA with SHA1 signature",
clientCA: caCert, clientCA: caCert,
serverCert: append(append(serverCertInterSHA1, byte('\n')), caCertInterSHA1...), serverKey: serverKey, serverCert: append(append(serverCertInterSHA1, byte('\n')), caCertInterSHA1...), serverKey: serverKey,
errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA \\(temporarily override with GODEBUG=x509sha1=1\\)", errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA",
increaseSHA1SignatureWarnCounter: true, increaseSHA1SignatureWarnCounter: true,
}, },
} }