From 207f0cd7a1d03f8dfe035bb6583b4f4e68ba38b6 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 14 May 2026 13:14:52 +0200
Subject: Update test suite to match staging server behavior.

---
 tests/accountd-kid    | 4 ++--
 tests/cert-extensions | 6 +++---
 tests/cert-revoke     | 4 ++--
 tests/cert-verify     | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/tests/accountd-kid b/tests/accountd-kid
index 8a4b53c..e6f5ca4 100644
--- a/tests/accountd-kid
+++ b/tests/accountd-kid
@@ -28,7 +28,7 @@ sleep 1
 # newAccount resource fails as per RFC 8555 sec. 6.2 it requires a JWK
 ! lacme --socket="$SOCKET" account 2>"$STDERR" || fail
 grepstderr -Fxq "Warning: lacme-accountd supplied an empty JWK; try removing 'keyid' setting from lacme-accountd.conf if the ACME resource request fails."
-grepstderr -Fxq "400 Bad Request (Parse error reading JWS)"
+grepstderr -Fxq "400 Bad Request (Unable to validate JWS :: Parse error reading JWS)"
 grep -F "] SIGNED header=base64url({" ~lacme-account/.local/share/lacme/accountd.log >/tmp/signed
 ! grep -vF "] SIGNED header=base64url({\"alg\":\"RS256\",\"jwk\":{}," </tmp/signed
 
@@ -48,7 +48,7 @@ test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key
 lacme --socket="$SOCKET" revokeCert /etc/lacme/simpletest.rsa.crt
 ! lacme --socket="$SOCKET" revokeCert /etc/lacme/simpletest.rsa.crt 2>"$STDERR" || fail
 grepstderr -Fxq "Revoking /etc/lacme/simpletest.rsa.crt"
-grepstderr -Fq "400 Bad Request (unable to revoke"
+grepstderr -Eq "400 Bad Request \\(Unable to revoke :: no certificate with serial [0-9a-fA-F]+ and status other than revoked\\)"
 grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.rsa.crt"
 
 kill $PID
diff --git a/tests/cert-extensions b/tests/cert-extensions
index d7e7855..3cb0a43 100644
--- a/tests/cert-extensions
+++ b/tests/cert-extensions
@@ -25,7 +25,7 @@ x509_check /etc/lacme/test1.crt <<-EOF
 	X509v3 Key Usage: critical
 	    Digital Signature, Key Encipherment
 	X509v3 Extended Key Usage:
-	    TLS Web Server Authentication, TLS Web Client Authentication
+	    TLS Web Server Authentication
 	X509v3 Basic Constraints: critical
 	    CA:FALSE
 	X509v3 Subject Alternative Name:
@@ -54,7 +54,7 @@ x509_check /etc/lacme/test2.crt <<-EOF
 	X509v3 Key Usage: critical
 	    Digital Signature, Key Encipherment
 	X509v3 Extended Key Usage:
-	    TLS Web Server Authentication, TLS Web Client Authentication
+	    TLS Web Server Authentication
 	X509v3 Basic Constraints: critical
 	    CA:FALSE
 	X509v3 Subject Alternative Name:
@@ -79,7 +79,7 @@ x509_check /etc/lacme/test3.crt <<-EOF
 	X509v3 Key Usage: critical
 	    Digital Signature, Key Encipherment
 	X509v3 Extended Key Usage:
-	    TLS Web Server Authentication, TLS Web Client Authentication
+	    TLS Web Server Authentication
 	X509v3 Basic Constraints: critical
 	    CA:FALSE
 	X509v3 Subject Alternative Name:
diff --git a/tests/cert-revoke b/tests/cert-revoke
index 179ccba..ead6723 100644
--- a/tests/cert-revoke
+++ b/tests/cert-revoke
@@ -18,7 +18,7 @@ test /etc/lacme/simpletest.ecdsa.crt -nt /etc/lacme/simpletest.ecdsa.key
 lacme revokeCert /etc/lacme/simpletest.ecdsa.crt
 ! lacme revokeCert /etc/lacme/simpletest.ecdsa.crt 2>"$STDERR" || fail
 grepstderr -Fxq "Revoking /etc/lacme/simpletest.ecdsa.crt"
-grepstderr -Fq "400 Bad Request (unable to revoke"
+grepstderr -Fq "400 Bad Request (Unable to revoke ::"
 grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.ecdsa.crt"
 
 # and the RSA certificate using the service key
@@ -26,7 +26,7 @@ mv -vfT /etc/lacme/simpletest.rsa.key /etc/lacme/account.key
 lacme revokeCert /etc/lacme/simpletest.rsa.crt
 ! lacme revokeCert /etc/lacme/simpletest.rsa.crt 2>"$STDERR" || fail
 grepstderr -Fxq "Revoking /etc/lacme/simpletest.rsa.crt"
-grepstderr -Fq "400 Bad Request (unable to revoke"
+grepstderr -Fq "400 Bad Request (Unable to revoke ::"
 grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.rsa.crt"
 
 # vim: set filetype=sh :
diff --git a/tests/cert-verify b/tests/cert-verify
index a6cd336..2138e29 100644
--- a/tests/cert-verify
+++ b/tests/cert-verify
@@ -20,7 +20,7 @@ grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from
 # verification error for unrelated CA bundle
 cat /etc/ssl/certs/ssl-cert-snakeoil.pem >/usr/share/lacme/ca-certificates.crt
 ! lacme newOrder 2>"$STDERR" || fail
-grepstderr -Fxq "error 20 at 1 depth lookup: unable to get local issuer certificate"
+grepstderr -Eq "^error 20 at [1-9][0-9]* depth lookup: unable to get local issuer certificate$"
 grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!"
 
 # use saved bundle as custom CAfile
-- 
cgit v1.2.3