Merge branch 'cpu-go-1.11' into test-cpu-go-1.11

letsencrypt · Sep 21, 2018 · b7c2843 · b7c2843
2 parents acd523a + 2ffe95c
commit b7c2843
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 11 deletions.
diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json
diff --git a/ra/ra.go b/ra/ra.go
@@ -1840,7 +1840,7 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
 		// An authz without an expiry is an unexpected internal server event
 		if authz.Expires == nil {
 			return nil, berrors.InternalServerError(
-				"SA.GetAuthorizations returned an authz (%d) with nil expiry",
+				"SA.GetAuthorizations returned an authz (%s) with nil expiry",
 				*authz.Id)
 		}
 		// If the reused authorization expires before the minExpiry, it's expiry

diff --git a/sa/sa.go b/sa/sa.go
@@ -795,13 +795,13 @@ func (ssa *SQLStorageAuthority) UpdatePendingAuthorization(ctx context.Context,
 	}
 
 	if !existingPending(tx, authz.ID) {
-		err = berrors.InternalServerError("authorization with ID '%d' not found", authz.ID)
+		err = berrors.InternalServerError("authorization with ID '%s' not found", authz.ID)
 		return Rollback(tx, err)
 	}
 
 	_, err = selectPendingAuthz(tx, "WHERE id = ?", authz.ID)
 	if err == sql.ErrNoRows {
-		err = berrors.InternalServerError("authorization with ID '%d' not found", authz.ID)
+		err = berrors.InternalServerError("authorization with ID '%s' not found", authz.ID)
 		return Rollback(tx, err)
 	}
 	if err != nil {

diff --git a/va/va.go b/va/va.go
@@ -499,8 +499,8 @@ func (va *ValidationAuthorityImpl) fetchHTTP(ctx context.Context, identifier cor
 	// io.LimitedReader will silently truncate a Reader so if the
 	// resulting payload is the same size as maxResponseSize fail
 	if len(body) >= maxResponseSize {
-		return nil, validationRecords, probs.Unauthorized("Invalid response from %s: q", url,
-			replaceInvalidUTF8(body))
+		return nil, validationRecords, probs.Unauthorized(fmt.Sprintf("Invalid response from %s: %q", url,
+			replaceInvalidUTF8(body)))
 	}
 
 	if httpResponse.StatusCode != 200 {

diff --git a/wfe2/wfe_test.go b/wfe2/wfe_test.go
@@ -1996,11 +1996,6 @@ func TestFinalizeOrder(t *testing.T) {
 			Request:      signAndPost(t, "1/7", "http://localhost/1/7", goodCertCSRPayload, 1, wfe.nonceService),
 			ExpectedBody: `{"type":"` + probs.V2ErrorNS + `malformed","detail":"Order 7 is expired","status":404}`,
 		},
-		{
-			Name:         "Invalid CSR",
-			Request:      signAndPost(t, "1/4", "http://localhost/1/4", `{"CSR": "ABCD"}`, 1, wfe.nonceService),
-			ExpectedBody: `{"type":"` + probs.V2ErrorNS + `malformed","detail":"Error parsing certificate request: asn1: structure error: tags don't match (16 vs {class:0 tag:0 length:16 isCompound:false}) {optional:false explicit:false application:false defaultValue:\u003cnil\u003e tag:\u003cnil\u003e stringType:0 timeType:0 set:false omitEmpty:false} certificateRequest @2","status":400}`,
-		},
 		{
 			Name:            "Good CSR, Pending Order",
 			Request:         signAndPost(t, "1/4", "http://localhost/1/4", goodCertCSRPayload, 1, wfe.nonceService),
@@ -2052,6 +2047,17 @@ func TestFinalizeOrder(t *testing.T) {
 				tc.ExpectedBody)
 		})
 	}
+
+	// Check a bad CSR request separately from the above testcases. We don't want
+	// to match the whole response body because the "detail" of a bad CSR problem
+	// contains a verbose Go error message that can change between versions (e.g.
+	// Go 1.10.4 to 1.11 changed the expected format)
+	badCSRReq := signAndPost(t, "1/4", "http://localhost/1/4", `{"CSR": "ABCD"}`, 1, wfe.nonceService)
+	responseWriter.Body.Reset()
+	responseWriter.HeaderMap = http.Header{}
+	wfe.FinalizeOrder(ctx, newRequestEvent(), responseWriter, badCSRReq)
+	responseBody := responseWriter.Body.String()
+	test.AssertContains(t, responseBody, "Error parsing certificate request")
 }
 
 func TestKeyRollover(t *testing.T) {