Manually building v1.17.0 tag fails

[ymatsiuk]

Describe the bug: Manually building v1.17.0 fails due to expired certificate

To Reproduce:

1. Checkout v1.17.0 tag
2. Build it

Expected behavior: It should always build, even in a 100 years from now the code should just build and tests succeed :wink:

Additional context: NixOS builds binaries from the source by fetching the code from the repository. Most of the time it's enough to build something once and cache it, but sometimes dependencies change triggering massive rebuilds. This has started to fail now due to expired certificate:

ok      github.com/synfinatic/aws-sso-cli/internal/ecs/client   0.074s
time="2024-08-20T10:29:21Z" level=error msg="Invalid GET request: /foo"
time="2024-08-20T10:29:21Z" level=error msg="Invalid HEAD request: /"
time="2024-08-20T10:29:21Z" level=error msg="Invalid request: /profile"
time="2024-08-20T10:29:21Z" level=error msg="Skipping expired creds for expired"
time="2024-08-20T10:29:21Z" level=error msg="Skipping expired creds for expired"
time="2024-08-20T10:29:21Z" level=info msg="http: 127.0.0.1:52396: 403 GET / (22.044µs)"
time="2024-08-20T10:29:21Z" level=info msg="http: 127.0.0.1:60684: 404 GET / (28.859µs)"
2024/08/20 10:29:21 http: TLS handshake error from 127.0.0.1:33380: read tcp4 127.0.0.1:41697->127.0.0.1:33380: use of closed network connection
--- FAIL: TestServerWithSSL (0.05s)
    server_test.go:192:
                Error Trace:    /tmp/nix-build-aws-sso-cli-1.17.0.drv-0/source/internal/ecs/server/server_test.go:192
                Error:          Received unexpected error:
                                Get "https://127.0.0.1:41697/": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-08-20T10:29:21Z is after 2024-07-28T23:16:24Z
                Test:           TestServerWithSSL
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x74a7fb]

goroutine 136 [running]:
testing.tRunner.func1.2({0x78d620, 0xad77f0})
        /nix/store/4ay992wzksf59aapkkh5lflv4rkbmdjy-go-1.22.5/share/go/src/testing/testing.go:1631 +0x24a
testing.tRunner.func1()
        /nix/store/4ay992wzksf59aapkkh5lflv4rkbmdjy-go-1.22.5/share/go/src/testing/testing.go:1634 +0x377
panic({0x78d620?, 0xad77f0?})
        /nix/store/4ay992wzksf59aapkkh5lflv4rkbmdjy-go-1.22.5/share/go/src/runtime/panic.go:770 +0x132
github.com/synfinatic/aws-sso-cli/internal/ecs/server.TestServerWithSSL(0xc0002b89c0)
        /tmp/nix-build-aws-sso-cli-1.17.0.drv-0/source/internal/ecs/server/server_test.go:194 +0x35b
testing.tRunner(0xc0002b89c0, 0x82b9d0)
        /nix/store/4ay992wzksf59aapkkh5lflv4rkbmdjy-go-1.22.5/share/go/src/testing/testing.go:1689 +0xfb
created by testing.(*T).Run in goroutine 1
        /nix/store/4ay992wzksf59aapkkh5lflv4rkbmdjy-go-1.22.5/share/go/src/testing/testing.go:1742 +0x390
FAIL    github.com/synfinatic/aws-sso-cli/internal/ecs/server   0.092s
FAIL

To be frank it seems like an interesting challenge to solve, and in general interesting perspective to put own software into. Will my software build in a hundred years from now? :wink: First thing that comes to my mind is to generate these certs on the fly in the test, WDYT?

[synfinatic]

Yeah, this was somewhat fixed in 2.0.0-beta2 with a new 10 year cert. There's limited good options since I'm too lazy to write the code to generate the cert/key in Go. I don't want to add external dependencies to the tests, hence not making generating the cert on the fly via make test and I also want to enable people running tests via go test.

If it really bothers you, I'd accept a PR to do it in pure Go as part of go test if you feel strongly about the 100 year thing.

[ymatsiuk]

if you feel strongly about the 100 year thing

Haha, not at all. I'll switch to beta for now. Thanks :+1:

[synfinatic]

Would love feedback on the beta... there are some big and likely somewhat controversial changes. Squeaky wheel will get the grease!