From 209d6489ab9a6d0ca5b288cb63c11bd038841029 Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Tue, 7 Jul 2026 22:37:10 -0600 Subject: [PATCH] fix(test): await startCrlServer so EADDRINUSE retry covers the listen MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The unawaited return let server.listen()'s rejection escape the try/catch, so the 5-attempt retry loop only guarded generateCrlCertificates, never the actual bind. Ports are drawn from 50000–59999 which overlaps Linux's ephemeral range (32768–60999), so collisions with kernel-assigned ports are realistic. Adding await matches the existing setupOcspResponderWithCerts pattern (which already awaits startOcspServer and is flake-free). Discovered via flaky crl-verification.test.ts on Node 22 in PR #1709's CI. Co-Authored-By: Claude Sonnet 4.6 --- integrationTests/utils/securityServices.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/integrationTests/utils/securityServices.ts b/integrationTests/utils/securityServices.ts index e62f6439f3..a01e810e46 100644 --- a/integrationTests/utils/securityServices.ts +++ b/integrationTests/utils/securityServices.ts @@ -112,7 +112,9 @@ export async function setupCrlServerWithCerts( try { const { generateCrlCertificates } = await import('./security/crl/generate-test-certs.ts'); const certs = await generateCrlCertificates(certsPath, hostname, port); - return startCrlServer(certsPath, port, certs); + // await so EADDRINUSE from server.listen() lands in the catch and triggers retry + // (matches setupOcspResponderWithCerts pattern) + return await startCrlServer(certsPath, port, certs); } catch (error: any) { if (error.code === 'EADDRINUSE' && attempt < maxRetries - 1) { continue;