TLS alert "internal error" when using expired APNs certificate

[jessepeterson]

1. What version of Go are you using (go version)?

$ go version
go version go1.8 darwin/amd64

2. What operating system (GOOS) are you using (go env) and what version?

$ go env GOOS
darwin
$ sw_vers
ProductName:	Mac OS X
ProductVersion:	10.12.4
BuildVersion:	16E195

3. What did you do? (steps to reproduce or a code sample is helpful)

Sent an APNs Push (using the specialized MDM payload) with an expired APNs push certificate.

4. What did you expect to see?

Some sort of appropriate error related to an expired certificate.

5. What did you see instead?

Error string of:

Post https://api.push.apple.com/3/device/XXXXXXXX: remote error: tls: internal error

The above error string is a low-level TLS alert (as explored here in micromdm/micromdm/issues/150) seemingly returned from Apple's servers.

Pretty sure this is not an issue with buford per se, but I'm curious what others see when they've used an expired APNs certificate. I'm wondering if perhaps this is related to sending MDM pushes vs. more typical pushes.

[nathany]

Thanks for the report.

It would be nice to get a test case for this, but that requires figuring out how to do #1.