tests: fix ssl generation #3365
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
the "integration-dind-ssl" tests were failing due to an issue with the
test-certs created;
==================================== ERRORS ====================================
_________ ERROR at setup of BuildTest.test_build_container_with_target _________
/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py:464: in _make_request
self._validate_conn(conn)
/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py:1093: in _validate_conn
conn.connect()
/usr/local/lib/python3.12/site-packages/urllib3/connection.py:790: in connect
sock_and_verified = _ssl_wrap_socket_and_match_hostname(
/usr/local/lib/python3.12/site-packages/urllib3/connection.py:969: in _ssl_wrap_socket_and_match_hostname
ssl_sock = ssl_wrap_socket(
/usr/local/lib/python3.12/site-packages/urllib3/util/ssl_.py:480: in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
/usr/local/lib/python3.12/site-packages/urllib3/util/ssl_.py:524: in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
/usr/local/lib/python3.12/ssl.py:455: in wrap_socket
return self.sslsocket_class._create(
/usr/local/lib/python3.12/ssl.py:1041: in _create
self.do_handshake()
/usr/local/lib/python3.12/ssl.py:1319: in do_handshake
self._sslobj.do_handshake()
E ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: invalid CA certificate (_ssl.c:1010)
During handling of the above exception, another exception occurred:
/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py:787: in urlopen
response = self._make_request(
/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py:488: in _make_request
raise new_e
E urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: invalid CA certificate (_ssl.c:1010)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
There was a problem hiding this comment.
Pull Request Overview
This PR fixes SSL certificate generation issues in the integration test suite. The changes address certificate verification failures by properly configuring CA, server, and client certificates with correct X.509 v3 extensions and key usage attributes.
- Adds proper v3_ca extension configuration for the Certificate Authority
- Implements correct key usage and extended key usage for server certificates
- Configures proper client authentication extensions for client certificates
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
vvoland
approved these changes
Oct 14, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
the "integration-dind-ssl" tests were failing due to an issue with the test-certs created;