kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

webhook: alter regex to account for x509sha1 GODEBUG removal 

go1.24 removes the x509sha1 GODEBUG variable, and with it the
support for SHA-1 signed certs. This commit alters the regex
in unit tests to account for that and prep for go1.24.

Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>

Kubernetes-commit: cff0f4009f17c84141553c143872d47756209f4d
This commit is contained in:
Madhav Jivrajani 2024-12-30 13:39:17 -08:00 committed by Kubernetes Publisher
parent e6eb58901f
commit 7c924dc3c8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/util/webhook/webhook_test.go
View File

@ -406,14 +406,14 @@ func TestTLSConfig(t *testing.T) {
test: "server cert with SHA1 signature",
clientCA: caCert,
serverCert: append(append(sha1ServerCertInter, byte('\n')), caCertInter...), serverKey: serverKey,
errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA \\(temporarily override with GODEBUG=x509sha1=1\\)",
errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA",
increaseSHA1SignatureWarnCounter: true,
},
{
test: "server cert signed by an intermediate CA with SHA1 signature",
clientCA: caCert,
serverCert: append(append(serverCertInterSHA1, byte('\n')), caCertInterSHA1...), serverKey: serverKey,
errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA \\(temporarily override with GODEBUG=x509sha1=1\\)",
errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA",
increaseSHA1SignatureWarnCounter: true,
},
}