From 2a20c0bd272cd1df0ed90557f513d032aea1e3b6 Mon Sep 17 00:00:00 2001
From: jholdstock <jholdstock@decred.org>
Date: Thu, 19 Feb 2026 12:18:08 +0000
Subject: [PATCH] Simplify x509 test retry code.

I stumbled into this test whilst researching how to use the synctest
package added in go 1.25. Whilst there is no clear opportunity to use
synctest here, using channels and goroutines to implement retrying is
definitely a bit long-winded and was easy to simplify.
---
 x509_test.go | 41 +++++++++++++++++------------------------
 1 file changed, 17 insertions(+), 24 deletions(-)

diff --git a/x509_test.go b/x509_test.go
index 67eed76a6..79cbc103b 100644
--- a/x509_test.go
+++ b/x509_test.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2020-2024 The Decred developers
+// Copyright (c) 2020-2026 The Decred developers
 // Use of this source code is governed by an ISC
 // license that can be found in the LICENSE file.
 
@@ -127,29 +127,24 @@ func TestUntrustedClientCert(t *testing.T) {
 
 	ca1, err := generateAuthority(pub1, priv1)
 	if err != nil {
-		t.Error(err)
-		return
+		t.Fatal(err)
 	}
 
 	ca2, err := generateAuthority(pub2, priv2)
 	if err != nil {
-		t.Error(err)
-		return
+		t.Fatal(err)
 	}
 	keyBlock2, err := marshalPrivateKey(ca2.PrivateKey)
 	if err != nil {
-		t.Error(err)
-		return
+		t.Fatal(err)
 	}
 	certBlock2, err := createSignedClientCert(pub2, ca2.PrivateKey, ca2.Cert)
 	if err != nil {
-		t.Error(err)
-		return
+		t.Fatal(err)
 	}
 	keypair2, err := tls.X509KeyPair(certBlock2, keyBlock2)
 	if err != nil {
-		t.Error(err)
-		return
+		t.Fatal(err)
 	}
 
 	s := httptest.NewUnstartedServer(http.HandlerFunc(echo))
@@ -170,29 +165,29 @@ func TestUntrustedClientCert(t *testing.T) {
 	tr := client.Transport.(*http.Transport)
 	tr.TLSClientConfig.Certificates = []tls.Certificate{keypair2}
 
+	// In slower environments (e.g. CI) the mock TLS HTTP server can take some
+	// time to start listening. Accomodate this by retrying for up to 5 seconds.
 	ctx := context.Background()
-	errChan := make(chan error, 2)
 	timeout := time.After(time.Second * 5)
 	for {
-		go func() {
-			req, err := http.NewRequestWithContext(ctx, http.MethodPut, s.URL, strings.NewReader("test"))
+		select {
+		case <-timeout:
+			t.Fatal("did not receive response before timeout")
+		default:
+			req, err := http.NewRequestWithContext(ctx, http.MethodPut, s.URL, nil)
 			if err != nil {
-				errChan <- err
-				return
+				t.Fatal(err)
 			}
+
 			_, err = s.Client().Do(req)
-			errChan <- err
-		}()
 
-		select {
-		case err := <-errChan:
 			if err == nil {
 				t.Fatalf("request with bad client cert did not error")
 			}
 			if strings.HasSuffix(err.Error(), "reset by peer") ||
 				strings.Contains(err.Error(), "connection was forcibly closed") {
 
-				// Retry.
+				// Retry (server isn't ready yet).
 				continue
 			}
 			if !(strings.HasSuffix(err.Error(), "tls: bad certificate") ||
@@ -203,9 +198,7 @@ func TestUntrustedClientCert(t *testing.T) {
 
 			// Success.
 			return
-
-		case <-timeout:
-			t.Fatal("Did not receive response before timeout")
 		}
+
 	}
 }