From 0e24036a931af6dae589d58da76a93e9d0ee9c09 Mon Sep 17 00:00:00 2001
From: Ross Peoples <rpeoples@redhat.com>
Date: Fri, 15 Jul 2022 14:42:03 -0500
Subject: [PATCH] Bug 2097830: macOS: certificate is untrusted error

---
 pkg/cli/login/loginoptions.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/cli/login/loginoptions.go b/pkg/cli/login/loginoptions.go
index c472a3203e..6d6700f59e 100644
--- a/pkg/cli/login/loginoptions.go
+++ b/pkg/cli/login/loginoptions.go
@@ -9,6 +9,7 @@ import (
 	"net"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
@@ -136,6 +137,10 @@ func (o *LoginOptions) getClientConfig() (*restclient.Config, error) {
 	// try to TCP connect to the server to make sure it's reachable, and discover
 	// about the need of certificates or insecure TLS
 	if err := dialToServer(*clientConfig); err != nil {
+		if strings.Contains(err.Error(), "certificate is not trusted") {
+			err = x509.CertificateInvalidError{Reason: x509.Expired, Detail: err.Error()}
+		}
+
 		switch err.(type) {
 		// certificate authority unknown, check or prompt if we want an insecure
 		// connection or if we already have a cluster stanza that tells us to