From 893139c2c12cec80c05707157fb880eb9018d6ab Mon Sep 17 00:00:00 2001
From: Cameron Bytheway <bythewc@amazon.com>
Date: Wed, 11 Dec 2024 11:02:21 -0700
Subject: [PATCH] test: update snapshots from s2n-tls 0.3.8 behavior

---
 quic/s2n-quic-tls/Cargo.toml                                | 2 ++
 quic/s2n-quic-tls/src/tests.rs                              | 6 +++---
 ...c__dc_mtls_handshake_auth_failure_self_test__events.snap | 3 ++-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/quic/s2n-quic-tls/Cargo.toml b/quic/s2n-quic-tls/Cargo.toml
index 42d106ab95..2616543415 100644
--- a/quic/s2n-quic-tls/Cargo.toml
+++ b/quic/s2n-quic-tls/Cargo.toml
@@ -35,6 +35,8 @@ openssl = { version = "0.10" }
 openssl-sys = { version = "0.9", features = ["vendored"] }
 s2n-quic-core = { path = "../s2n-quic-core", features = ["testing"] }
 s2n-quic-rustls = { path = "../s2n-quic-rustls" }
+# tests depend on alert behavior from >=0.3.8
+s2n-tls = { version = "0.3.8", features = ["quic"] }
 
 # we don't use openssl-sys directly; it's just here to pin and vendor in dev
 [package.metadata.cargo-udeps.ignore]
diff --git a/quic/s2n-quic-tls/src/tests.rs b/quic/s2n-quic-tls/src/tests.rs
index 369485b308..f46a2ac5f4 100644
--- a/quic/s2n-quic-tls/src/tests.rs
+++ b/quic/s2n-quic-tls/src/tests.rs
@@ -433,7 +433,7 @@ fn s2n_client_with_client_auth_s2n_server_does_not_trust_client_certificate() {
     // application level host verification check on the cert.
     assert!(test_result.is_err());
     let e = test_result.unwrap_err();
-    assert_eq!(e.description().unwrap(), "HANDSHAKE_FAILURE");
+    assert_eq!(e.description().unwrap(), "CERTIFICATE_UNKNOWN");
 }
 
 #[test]
@@ -448,7 +448,7 @@ fn s2n_client_with_client_auth_s2n_server_does_not_trust_issuer() {
     // by a CA that is not in the server trust store, even though the host name is validated.
     assert!(test_result.is_err());
     let e = test_result.unwrap_err();
-    assert_eq!(e.description().unwrap(), "HANDSHAKE_FAILURE");
+    assert_eq!(e.description().unwrap(), "CERTIFICATE_UNKNOWN");
 }
 
 #[test]
@@ -462,7 +462,7 @@ fn s2n_client_with_custom_hostname_auth_rejects_server_name() {
     // The handshake should fail because the hostname ("localhost") is not validated
     assert!(test_result.is_err());
     let e = test_result.unwrap_err();
-    assert_eq!(e.description().unwrap(), "HANDSHAKE_FAILURE");
+    assert_eq!(e.description().unwrap(), "CERTIFICATE_UNKNOWN");
 }
 
 #[test]
diff --git a/quic/s2n-quic/src/tests/snapshots/tests__dc__dc_mtls_handshake_auth_failure_self_test__events.snap b/quic/s2n-quic/src/tests/snapshots/tests__dc__dc_mtls_handshake_auth_failure_self_test__events.snap
index a77af2e5b0..bc7c6250a0 100644
--- a/quic/s2n-quic/src/tests/snapshots/tests__dc__dc_mtls_handshake_auth_failure_self_test__events.snap
+++ b/quic/s2n-quic/src/tests/snapshots/tests__dc__dc_mtls_handshake_auth_failure_self_test__events.snap
@@ -1,6 +1,7 @@
 ---
 source: quic/s2n-quic-core/src/event/snapshot.rs
 input_file: quic/s2n-quic/src/tests/dc.rs
+snapshot_kind: text
 ---
 === client ===
 count#platform_event_loop_started=1
@@ -451,7 +452,7 @@ count#packet_dropped=1
 count#packet_dropped.reason|CONNECTION_ERROR=1
 count#connection_closed=1
 timer#connection_closed.latency=100ms
-count#connection_closed.error|TLS_HANDSHAKE_FAILURE=1
+count#connection_closed.error|TLS_CERTIFICATE_UNKNOWN=1
 count#frame_sent=1
 count#frame_sent.packet|HANDSHAKE=1
 count#frame_sent.frame|CONNECTION_CLOSE=1