bug(fulcio): Fixes #535

Signed-off-by: John Kjell <[email protected]>
in-toto · Dec 17, 2024 · 37dce52 · 37dce52
1 parent 2d32a4b
commit 37dce52
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 5 deletions.
diff --git a/signer/fulcio/fulcio.go b/signer/fulcio/fulcio.go
@@ -432,10 +432,7 @@ func newClient(fulcioURL string, fulcioPort int, isInsecure bool) (fulciopb.CACl
 	creds := credentials.NewTLS(tlsConfig)
 
 	// Set up the gRPC dial options
-	dialOpts := []grpc.DialOption{
-		grpc.WithAuthority(u.Hostname()),
-	}
-
+	dialOpts := []grpc.DialOption{}
 	if isInsecure {
 		dialOpts = append(dialOpts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	} else {

diff --git a/signer/fulcio/fulcio_test.go b/signer/fulcio/fulcio_test.go
@@ -199,8 +199,19 @@ func TestSigner(t *testing.T) {
 	require.NotNil(t, signer)
 	provider = New(WithFulcioURL("https://test"), WithToken(token))
 	_, err = provider.Signer(ctx)
+
+	// A bad url is getting system-specific dns error messages
+	// This checks for one of those messages
+	dnsErrChecker := func(err error) bool {
+		if strings.Contains(err.Error(), "zero addresses") ||
+			strings.Contains(err.Error(), "record lookup error") {
+			return true
+		}
+		return false
+	}
+
 	//this should be a tranport err since we cant actually test on 443 which is the default
-	require.ErrorContains(t, err, "lookup test")
+	require.True(t, dnsErrChecker(err))
 
 	// Test signer with token read from file
 	// NOTE: this function could be refactored to accept a fileSystem or io.Reader so reading the file can be mocked,