e2e/openssl: set hostname explicitly

As of Go 1.23, crypto/x509 no longer allows bare wildcard SANs [^1]. We don't connect directly to the pod, we connect to the local end of a port-forwarding, so the hostname expected by crypto/x509 is localhost. localhost is not one of the SAN values in the certificate. Instead, override the expected ServerName to match the one in the certificate. [^1]: golang/go@375031d
edgelesssys · Nov 4, 2024 · e37b657 · e37b657
1 parent 233a221
commit e37b657
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/e2e/openssl/openssl_test.go b/e2e/openssl/openssl_test.go
@@ -102,7 +102,7 @@ func TestOpenSSL(t *testing.T) {
 			require.NoError(ct.Kubeclient.WaitFor(ctx, kubeclient.Ready, kubeclient.Pod{}, ct.Namespace, "port-forwarder-openssl-frontend"))
 
 			require.NoError(ct.Kubeclient.WithForwardedPort(ctx, ct.Namespace, "port-forwarder-openssl-frontend", "443", func(addr string) error {
-				dialer := &tls.Dialer{Config: &tls.Config{RootCAs: pool}}
+				dialer := &tls.Dialer{Config: &tls.Config{RootCAs: pool, ServerName: opensslFrontend}}
 				conn, err := dialer.DialContext(ctx, "tcp", addr)
 				if err == nil {
 					conn.Close()