From 58314be6576ba8cdc6bb2dbb6dae76bc6906213b Mon Sep 17 00:00:00 2001
From: Joseph Burnett <jburnett@gitlab.com>
Date: Tue, 6 Sep 2022 16:46:29 -0700
Subject: [PATCH] Accept MacOS SSL error message.

The error messages for invalid certificates is slightly different on
Linux and MacOS. We should accept both.

Once this issue is fixed: https://github.com/golang/go/issues/52010
we can just compare the error to the canonical UnknownAuthorityError.
---
 helpers/certificate/x509_test.go | 5 ++++-
 network/client_test.go           | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/helpers/certificate/x509_test.go b/helpers/certificate/x509_test.go
index 39074479e..7381dc79a 100644
--- a/helpers/certificate/x509_test.go
+++ b/helpers/certificate/x509_test.go
@@ -8,6 +8,7 @@ import (
 	"crypto/x509"
 	"net"
 	"net/http"
+	"regexp"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -61,5 +62,7 @@ func TestCertificate(t *testing.T) {
 
 	_, err = client.Do(req)
 	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "certificate signed by unknown authority")
+	// Error messages provided by Linux and MacOS respectively.
+	const want = "certificate signed by unknown authority|certificate is not trusted"
+	assert.Regexp(t, regexp.MustCompile(want), err.Error())
 }
diff --git a/network/client_test.go b/network/client_test.go
index 8ac1f0d17..9232fe326 100644
--- a/network/client_test.go
+++ b/network/client_test.go
@@ -20,6 +20,7 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strconv"
 	"strings"
 	"testing"
@@ -295,7 +296,9 @@ func TestClientInvalidSSL(t *testing.T) {
 		nil,
 	)
 	assert.Equal(t, -1, statusCode, statusText)
-	assert.Contains(t, statusText, "certificate signed by unknown authority")
+	// Error messages provided by Linux and MacOS respectively.
+	const want = "certificate signed by unknown authority|certificate is not trusted"
+	assert.Regexp(t, regexp.MustCompile(want), statusText)
 }
 
 func TestClientTLSCAFile(t *testing.T) {