Skip to content

fix: re-enable WebID-TLS tests (tiny bug fix from 2019) #1842

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
melvincarvalho wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: re-enable WebID-TLS tests (tiny bug fix from 2019) #1842

melvincarvalho wants to merge 1 commit into from

Conversation

@melvincarvalho
Copy link
Contributor

@melvincarvalho melvincarvalho commented Jan 8, 2026

Summary

This is a tiny bug fix (~10 lines changed) that re-enables the WebID-TLS tests that were incorrectly disabled in October 2019.

What happened

In October 2019 (PR #1333), the TLS tests were updated to properly test multiuser mode with tim.localhost and nicola.localhost. When some tests failed, they were skipped with the comment "TLS is currently broken, but is not a priority to fix".

However, the code was never broken - only the test infrastructure was incomplete:

  1. Travis CI had the hosts configured in addons.hosts
  2. When migrated to GitHub Actions in December 2020, this configuration was lost
  3. The WebID-TLS authentication code (lib/api/authn/webid-tls.mjs) has been intact and functional throughout

Changes

  • Remove describe.skip / it.skip from test/integration/acl-tls-test.mjs (5 instances)
  • Add hosts setup step to .github/workflows/ci.yml for multiuser DNS resolution

Verification

The WebID-TLS code path:

  1. lib/api/authn/webid-tls.mjs - Handler extracts certificate and verifies WebID
  2. lib/webid/lib/verify.mjs - Fetches profile and matches cert:modulus/exponent

All this code is intact. The test certificates match the test profiles (modulus verified).

Fixes #1841

@melvincarvalho melvincarvalho mentioned this pull request Jan 8, 2026
Open
@melvincarvalho melvincarvalho force-pushed the fix/webid-tls-tests branch 2 times, most recently from c4b6124 to 7648c61 Compare January 8, 2026 23:05
@melvincarvalho
docs: document actual reason WebID-TLS tests are skipped
42925c6 
The tests were skipped in 2019 with a misleading comment saying "TLS is
broken". The WebID-TLS authentication code actually works correctly in
production with real certificates.

The test failure is a bootstrapping issue with self-signed certs:
1. Test client connects with cert containing WebID on localhost
2. Server's webid.verify() fetches that profile URL
3. Internal fetch() rejects the self-signed cert, causing timeout

This commit replaces the misleading "TLS is broken" comment with accurate
documentation of the actual issue and potential fixes.

Related: nodeSolidServer#1841
@melvincarvalho melvincarvalho mentioned this pull request Jan 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enable WebID-TLS integration tests (fix self-signed cert verification loop)

1 participant

@melvincarvalho