From 1ae1d14c93b9175c4aa035620e2410e8cf87e0cd Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Mon, 4 Nov 2024 07:39:38 +0100 Subject: [PATCH 1/7] flake: switch to nixos-unstable Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index bf61d2b5e2..a8ecae89cd 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,7 @@ { inputs = { nixpkgs = { - url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + url = "github:NixOS/nixpkgs?ref=nixos-unstable"; }; flake-utils = { url = "github:numtide/flake-utils"; From bef8b46b93f4aa450440e50d36ea6f7eb69418be Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Mon, 4 Nov 2024 07:39:56 +0100 Subject: [PATCH 2/7] deps: update nix lock file Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index dd131f7eb9..ff650d9884 100644 --- a/flake.lock +++ b/flake.lock @@ -20,16 +20,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726871744, - "narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=", + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1726734507, - "narHash": "sha256-VUH5O5AcOSxb0uL/m34dDkxFKP6WLQ6y4I1B4+N3L2w=", + "lastModified": 1730321837, + "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ee41a466c2255a3abe6bc50fc6be927cdee57a9f", + "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", "type": "github" }, "original": { From 7deba0cd3cc64fcdd8fe6eb4b64c15197b2ad81a Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Mon, 4 Nov 2024 08:40:55 +0100 Subject: [PATCH 3/7] deps: regenerate proto go code Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- internal/meshapi/meshapi.pb.go | 50 ++------ internal/meshapi/meshapi_grpc.pb.go | 2 +- internal/userapi/userapi.pb.go | 182 ++++++---------------------- internal/userapi/userapi_grpc.pb.go | 2 +- 4 files changed, 46 insertions(+), 190 deletions(-) diff --git a/internal/meshapi/meshapi.pb.go b/internal/meshapi/meshapi.pb.go index aeb33125ec..9801d5ce9c 100644 --- a/internal/meshapi/meshapi.pb.go +++ b/internal/meshapi/meshapi.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 -// protoc v4.25.4 +// protoc-gen-go v1.35.1 +// protoc v5.28.2 // source: meshapi.proto package meshapi @@ -28,11 +28,9 @@ type NewMeshCertRequest struct { func (x *NewMeshCertRequest) Reset() { *x = NewMeshCertRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_meshapi_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_meshapi_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *NewMeshCertRequest) String() string { @@ -43,7 +41,7 @@ func (*NewMeshCertRequest) ProtoMessage() {} func (x *NewMeshCertRequest) ProtoReflect() protoreflect.Message { mi := &file_meshapi_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -75,11 +73,9 @@ type NewMeshCertResponse struct { func (x *NewMeshCertResponse) Reset() { *x = NewMeshCertResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_meshapi_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_meshapi_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *NewMeshCertResponse) String() string { @@ -90,7 +86,7 @@ func (*NewMeshCertResponse) ProtoMessage() {} func (x *NewMeshCertResponse) ProtoReflect() protoreflect.Message { mi := &file_meshapi_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -194,32 +190,6 @@ func file_meshapi_proto_init() { if File_meshapi_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_meshapi_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*NewMeshCertRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_meshapi_proto_msgTypes[1].Exporter = func(v any, i int) any { - switch v := v.(*NewMeshCertResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/internal/meshapi/meshapi_grpc.pb.go b/internal/meshapi/meshapi_grpc.pb.go index b6ca1af229..949d13c5ce 100644 --- a/internal/meshapi/meshapi_grpc.pb.go +++ b/internal/meshapi/meshapi_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v4.25.4 +// - protoc v5.28.2 // source: meshapi.proto package meshapi diff --git a/internal/userapi/userapi.pb.go b/internal/userapi/userapi.pb.go index effd4750e8..dcd252994d 100644 --- a/internal/userapi/userapi.pb.go +++ b/internal/userapi/userapi.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 -// protoc v4.25.4 +// protoc-gen-go v1.35.1 +// protoc v5.28.2 // source: userapi.proto package userapi @@ -31,11 +31,9 @@ type SetManifestRequest struct { func (x *SetManifestRequest) Reset() { *x = SetManifestRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_userapi_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_userapi_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SetManifestRequest) String() string { @@ -46,7 +44,7 @@ func (*SetManifestRequest) ProtoMessage() {} func (x *SetManifestRequest) ProtoReflect() protoreflect.Message { mi := &file_userapi_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -90,11 +88,9 @@ type SetManifestResponse struct { func (x *SetManifestResponse) Reset() { *x = SetManifestResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_userapi_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_userapi_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SetManifestResponse) String() string { @@ -105,7 +101,7 @@ func (*SetManifestResponse) ProtoMessage() {} func (x *SetManifestResponse) ProtoReflect() protoreflect.Message { mi := &file_userapi_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -152,11 +148,9 @@ type SeedShareDocument struct { func (x *SeedShareDocument) Reset() { *x = SeedShareDocument{} - if protoimpl.UnsafeEnabled { - mi := &file_userapi_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_userapi_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SeedShareDocument) String() string { @@ -167,7 +161,7 @@ func (*SeedShareDocument) ProtoMessage() {} func (x *SeedShareDocument) ProtoReflect() protoreflect.Message { mi := &file_userapi_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -207,11 +201,9 @@ type SeedShare struct { func (x *SeedShare) Reset() { *x = SeedShare{} - if protoimpl.UnsafeEnabled { - mi := &file_userapi_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_userapi_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SeedShare) String() string { @@ -222,7 +214,7 @@ func (*SeedShare) ProtoMessage() {} func (x *SeedShare) ProtoReflect() protoreflect.Message { mi := &file_userapi_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -259,11 +251,9 @@ type GetManifestsRequest struct { func (x *GetManifestsRequest) Reset() { *x = GetManifestsRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_userapi_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_userapi_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetManifestsRequest) String() string { @@ -274,7 +264,7 @@ func (*GetManifestsRequest) ProtoMessage() {} func (x *GetManifestsRequest) ProtoReflect() protoreflect.Message { mi := &file_userapi_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -304,11 +294,9 @@ type GetManifestsResponse struct { func (x *GetManifestsResponse) Reset() { *x = GetManifestsResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_userapi_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_userapi_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetManifestsResponse) String() string { @@ -319,7 +307,7 @@ func (*GetManifestsResponse) ProtoMessage() {} func (x *GetManifestsResponse) ProtoReflect() protoreflect.Message { mi := &file_userapi_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -373,11 +361,9 @@ type RecoverRequest struct { func (x *RecoverRequest) Reset() { *x = RecoverRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_userapi_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_userapi_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *RecoverRequest) String() string { @@ -388,7 +374,7 @@ func (*RecoverRequest) ProtoMessage() {} func (x *RecoverRequest) ProtoReflect() protoreflect.Message { mi := &file_userapi_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -425,11 +411,9 @@ type RecoverResponse struct { func (x *RecoverResponse) Reset() { *x = RecoverResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_userapi_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_userapi_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *RecoverResponse) String() string { @@ -440,7 +424,7 @@ func (*RecoverResponse) ProtoMessage() {} func (x *RecoverResponse) ProtoReflect() protoreflect.Message { mi := &file_userapi_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -563,104 +547,6 @@ func file_userapi_proto_init() { if File_userapi_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_userapi_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*SetManifestRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_userapi_proto_msgTypes[1].Exporter = func(v any, i int) any { - switch v := v.(*SetManifestResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_userapi_proto_msgTypes[2].Exporter = func(v any, i int) any { - switch v := v.(*SeedShareDocument); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_userapi_proto_msgTypes[3].Exporter = func(v any, i int) any { - switch v := v.(*SeedShare); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_userapi_proto_msgTypes[4].Exporter = func(v any, i int) any { - switch v := v.(*GetManifestsRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_userapi_proto_msgTypes[5].Exporter = func(v any, i int) any { - switch v := v.(*GetManifestsResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_userapi_proto_msgTypes[6].Exporter = func(v any, i int) any { - switch v := v.(*RecoverRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_userapi_proto_msgTypes[7].Exporter = func(v any, i int) any { - switch v := v.(*RecoverResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/internal/userapi/userapi_grpc.pb.go b/internal/userapi/userapi_grpc.pb.go index 01a22d9f1c..792a5ae94a 100644 --- a/internal/userapi/userapi_grpc.pb.go +++ b/internal/userapi/userapi_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v4.25.4 +// - protoc v5.28.2 // source: userapi.proto package userapi From 86fb20367928e52b2981db9a45cceece0f485b6e Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Mon, 4 Nov 2024 08:46:48 +0100 Subject: [PATCH 4/7] overlays/dtc: add fix for static build Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- overlays/nixpkgs.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/overlays/nixpkgs.nix b/overlays/nixpkgs.nix index 9e092499c4..499b5f6780 100644 --- a/overlays/nixpkgs.nix +++ b/overlays/nixpkgs.nix @@ -44,4 +44,14 @@ final: prev: --set SOURCE_DATE_EPOCH 0 ''; }); + + # Upstream PR is currently in staging: https://github.com/NixOS/nixpkgs/pull/349201. + dtc = prev.dtc.overrideAttrs (prev: { + patches = final.lib.optionals (prev ? patches) prev.patches ++ [ + (final.fetchpatch2 { + url = "https://github.com/dgibson/dtc/commit/56a7d0cb3be5f2f7604bc42299e24d13a39c72d8.patch"; + hash = "sha256-GmAyk/K2OolH/Z8SsgwCcq3/GOlFuSpnVPr7jsy8Cs0="; + }) + ]; + }); } From a84f6f9bc055e1bc06ca6476fa18e7578886b882 Mon Sep 17 00:00:00 2001 From: Tom Dohrmann Date: Mon, 4 Nov 2024 10:52:02 +0100 Subject: [PATCH 5/7] qemu-static: re-add dtc buildInput --- packages/by-name/qemu-static/package.nix | 5 +++++ packages/by-name/qemu-tdx-static/package.nix | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/packages/by-name/qemu-static/package.nix b/packages/by-name/qemu-static/package.nix index cd29c64f02..f855e725db 100644 --- a/packages/by-name/qemu-static/package.nix +++ b/packages/by-name/qemu-static/package.nix @@ -21,6 +21,11 @@ "-Dlinux_fdt_path=${dtc}/lib" ]; + # The upstream derivation removes the dtc dependency when minimal is set, + # but QEMU needs it when not only building usermode emulators. + # TODO(freax13): Fix this upstream. + buildInputs = previousAttrs.buildInputs ++ [ dtc ]; + nativeBuildInputs = previousAttrs.nativeBuildInputs ++ [ python3Packages.packaging ]; patches = [ diff --git a/packages/by-name/qemu-tdx-static/package.nix b/packages/by-name/qemu-tdx-static/package.nix index 574c41a19c..521cf11487 100644 --- a/packages/by-name/qemu-tdx-static/package.nix +++ b/packages/by-name/qemu-tdx-static/package.nix @@ -36,6 +36,11 @@ in "-Dlinux_fdt_path=${dtc}/lib" ]; + # The upstream derivation removes the dtc dependency when minimal is set, + # but QEMU needs it when not only building usermode emulators. + # TODO(freax13): Fix this upstream. + buildInputs = previousAttrs.buildInputs ++ [ dtc ]; + nativeBuildInputs = previousAttrs.nativeBuildInputs ++ [ python3Packages.packaging ]; prePatch = '' From 233a22175440998ef8a0d8873b84a5f0cb8dc75e Mon Sep 17 00:00:00 2001 From: Tom Dohrmann Date: Mon, 4 Nov 2024 11:44:52 +0100 Subject: [PATCH 6/7] qemu-static: add TODO for upstreamed patch --- packages/by-name/qemu-static/package.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/by-name/qemu-static/package.nix b/packages/by-name/qemu-static/package.nix index f855e725db..ac244f30db 100644 --- a/packages/by-name/qemu-static/package.nix +++ b/packages/by-name/qemu-static/package.nix @@ -34,6 +34,7 @@ # We applied the same change done to libaio to libfdt as well. ./0002-add-options-for-library-paths.patch # Fix needed for a behaviour change in Linux 6.11-rc4. + # TODO(freax13): Remove this when QEMU 9.1.2 is released. ./0003-accel-kvm-check-for-KVM_CAP_READONLY_MEM-on-VM.patch ]; }) From e37b657fda876e4d816f8729d5a71859ecb00d8a Mon Sep 17 00:00:00 2001 From: Tom Dohrmann Date: Mon, 4 Nov 2024 13:44:35 +0100 Subject: [PATCH 7/7] e2e/openssl: set hostname explicitly As of Go 1.23, crypto/x509 no longer allows bare wildcard SANs [^1]. We don't connect directly to the pod, we connect to the local end of a port-forwarding, so the hostname expected by crypto/x509 is localhost. localhost is not one of the SAN values in the certificate. Instead, override the expected ServerName to match the one in the certificate. [^1]: https://github.com/golang/go/commit/375031d8dcec9ae74d2dbc437b201107dba3bb5f --- e2e/openssl/openssl_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/openssl/openssl_test.go b/e2e/openssl/openssl_test.go index a69728b010..88bd3b6116 100644 --- a/e2e/openssl/openssl_test.go +++ b/e2e/openssl/openssl_test.go @@ -102,7 +102,7 @@ func TestOpenSSL(t *testing.T) { require.NoError(ct.Kubeclient.WaitFor(ctx, kubeclient.Ready, kubeclient.Pod{}, ct.Namespace, "port-forwarder-openssl-frontend")) require.NoError(ct.Kubeclient.WithForwardedPort(ctx, ct.Namespace, "port-forwarder-openssl-frontend", "443", func(addr string) error { - dialer := &tls.Dialer{Config: &tls.Config{RootCAs: pool}} + dialer := &tls.Dialer{Config: &tls.Config{RootCAs: pool, ServerName: opensslFrontend}} conn, err := dialer.DialContext(ctx, "tcp", addr) if err == nil { conn.Close()