Skip to content

test(@stdlib/net/http2-secure-server): renew expired self-signed test certificate#13330

Draft
Planeshifter wants to merge 1 commit into
developfrom
philipp/ci-fix-http2-secure-server-cert-2026-07-06
Draft

test(@stdlib/net/http2-secure-server): renew expired self-signed test certificate#13330
Planeshifter wants to merge 1 commit into
developfrom
philipp/ci-fix-http2-secure-server-cert-2026-07-06

Conversation

@Planeshifter

Copy link
Copy Markdown
Member

Description

What is the purpose of this pull request?

This pull request:

  • Renews the expired self-signed test certificate at lib/node_modules/@stdlib/net/http2-secure-server/test/fixtures/localhost-cert.pem. The old certificate (CN=localhost) expired 2025-09-15. test/test.js connects its HTTP/2 client with { ca: CERT }, trusting this certificate as its own CA, so once it expired, TLS validation failed deterministically on every run with CERT_HAS_EXPIRED / ERR_HTTP2_STREAM_CANCEL — this broke the macos_test workflow's Node.js v16 job on every scheduled run against develop. The new certificate uses the same, unchanged private key (test/fixtures/localhost-privkey.pem) and the same CN=localhost subject/issuer, valid for 20 years so the fixture doesn't need frequent manual renewal.

Related Issues

Does this pull request have any related issues?

None.

Questions

Any questions for reviewers of this pull request?

No.

Other

Any other information relevant to this pull request? This may include screenshots, references, and/or implementation notes.

Found and fixed as part of automated CI-failure triage. Failing run: https://github.com/stdlib-js/stdlib/actions/runs/28785523299 (job: macos_test, Node.js v16).

Validated locally by regenerating the certificate with the existing private key, confirming the moduli match, and replicating the exact connection pattern used in test/test.js (http2.connect(url, { ca: CERT }) against a real http2.createSecureServer) — the request/response round-trip now completes without a TLS error. Reviewed by three independent passes (correctness, regression scope, style/conventions); all approved with no blocking findings.

Note for a maintainer: the sibling lib/node_modules/@stdlib/net/http2-secure-server/examples/localhost-cert.pem (a separate fixture, not used by the test suite) is also expired but out of scope for this fix since no CI job in the failure window exercises it.

Checklist

Please ensure the following tasks are completed before submitting this pull request.

AI Assistance

When authoring the changes proposed in this PR, did you use any kind of AI assistance?

  • Yes
  • No

If you answered "yes" above, how did you use AI assistance?

  • Code generation (e.g., when writing an implementation or fixing a bug)
  • Test/benchmark generation
  • Documentation (including examples)
  • Research and understanding

Disclosure

If you answered "yes" to using AI assistance, please provide a short disclosure indicating how you used AI assistance. This helps reviewers determine how much scrutiny to apply when reviewing your contribution. Example disclosures: "This PR was written primarily by Claude Code." or "I consulted ChatGPT to understand the codebase, but the proposed changes were fully authored manually by myself.".

This PR was written primarily by Claude Code as part of an automated CI-failure triage and fix routine, based on live GitHub Actions job log analysis. The fix was reviewed by three independent automated review passes before being proposed here.


@stdlib-js/reviewers


Generated by Claude Code

… certificate

The `macos_test` workflow's Node.js v16 job failed on every scheduled
run against develop with `CERT_HAS_EXPIRED`
(`ERR_HTTP2_STREAM_CANCEL`) in test/test.js ("the server will use a
provided request listener"). Root cause: test/fixtures/localhost-cert.pem,
a self-signed CN=localhost certificate trusted by the test client via
`{ ca: CERT }`, expired 2025-09-15, so TLS validation fails
deterministically regardless of Node version or OS.

This commit regenerates the certificate with the existing, unchanged
private key (test/fixtures/localhost-privkey.pem), same CN=localhost
subject/issuer, valid for 20 years from today so the fixture does not
require frequent manual renewal.

Ref: https://github.com/stdlib-js/stdlib/actions/runs/28785523299
@stdlib-bot

Copy link
Copy Markdown
Contributor

Coverage Report

Package Statements Branches Functions Lines
net/http2-secure-server $\\color{red}413/418$
$\\color{green}+98.80\\%$
$\\color{red}48/50$
$\\color{green}+96.00\\%$
$\\color{red}5/6$
$\\color{green}+83.33\\%$
$\\color{red}413/418$
$\\color{green}+98.80\\%$

The above coverage report was generated for the changes in this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants