Accept more error messages in test_tls_ext_noca

OpenSSL 1.0, 1.1, and NSS return different error messages for untrusted certificate and missing CA. https://github.com/python-ldap/python-ldap/pull/92 Closes: https://github.com/python-ldap/python-ldap/issues/87 Signed-off-by: Christian Heimes <cheimes@redhat.com>
ECN · Dec 4, 2017 · ed0f6ed · ed0f6ed
1 parent 5687863
commit ed0f6ed
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/Tests/t_cext.py b/Tests/t_cext.py
@@ -833,9 +833,16 @@ def test_tls_ext_noca(self):
         l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3)
         with self.assertRaises(_ldap.CONNECT_ERROR) as e:
             l.start_tls_s()
-        # some platforms return '(unknown error code)' as reason
-        if '(unknown error code)' not in str(e.exception):
-            self.assertIn('not trusted', str(e.exception))
+        # known resaons:
+        # Ubuntu on Travis: '(unknown error code)'
+        # OpenSSL 1.1: error:1416F086:SSL routines:\
+        #    tls_process_server_certificate:certificate verify failed
+        # NSS: TLS error -8172:Peer's certificate issuer has \
+        #    been marked as not trusted by the user.
+        msg = str(e.exception)
+        candidates = ('certificate', 'tls', '(unknown error code)')
+        if not any(s in msg.lower() for s in candidates):
+            self.fail(msg)
 
     @requires_tls(skip_nss=True)
     def test_tls_ext_clientcert(self):