From f1f2b8f9efa834428f4b053bd95de880e8a741a4 Mon Sep 17 00:00:00 2001
From: "Tanishq Dubey (aider)" <dubey@dws.rip>
Date: Sat, 17 May 2025 12:50:16 -0400
Subject: [PATCH] fix: update TestServerWithMTLS to match Phase 2 TLS
 configuration

---
 internal/api/server_test.go | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/internal/api/server_test.go b/internal/api/server_test.go
index b427322..c026548 100644
--- a/internal/api/server_test.go
+++ b/internal/api/server_test.go
@@ -15,6 +15,9 @@ import (
 	"git.dws.rip/dubey/kat/internal/pki"
 )
 
+// TestServerWithMTLS tests the server with TLS configuration
+// Note: In Phase 2, we've temporarily disabled client certificate verification
+// to simplify the initial join process. This test has been updated to reflect that.
 func TestServerWithMTLS(t *testing.T) {
 	// Skip in short mode
 	if testing.Short() {
@@ -118,7 +121,7 @@ func TestServerWithMTLS(t *testing.T) {
 		t.Errorf("Unexpected response: %s", body)
 	}
 
-	// Test with no client cert (should fail)
+	// Test with no client cert (should succeed in Phase 2)
 	clientWithoutCert := &http.Client{
 		Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{
@@ -127,9 +130,18 @@ func TestServerWithMTLS(t *testing.T) {
 		},
 	}
 
-	_, err = clientWithoutCert.Get("https://localhost:8443/test")
-	if err == nil {
-		t.Error("Request without client cert should fail")
+	resp, err = clientWithoutCert.Get("https://localhost:8443/test")
+	if err != nil {
+		t.Errorf("Request without client cert should succeed in Phase 2: %v", err)
+	} else {
+		defer resp.Body.Close()
+		body, err := io.ReadAll(resp.Body)
+		if err != nil {
+			t.Errorf("Failed to read response: %v", err)
+		}
+		if !strings.Contains(string(body), "test successful") {
+			t.Errorf("Unexpected response: %s", body)
+		}
 	}
 
 	// Shutdown server