From 36833f5cce1a0d7c75759eeda5c3b382db121514 Mon Sep 17 00:00:00 2001 From: Gabriel Erzse Date: Thu, 9 May 2024 13:59:47 +0300 Subject: [PATCH] Fix tests --- tests/test_asyncio/test_connect.py | 14 ++++++++------ tests/test_connect.py | 14 ++++++++------ tests/test_ssl.py | 21 +++++++-------------- 3 files changed, 23 insertions(+), 26 deletions(-) diff --git a/tests/test_asyncio/test_connect.py b/tests/test_asyncio/test_connect.py index 6c902c2d0..0df7ebb43 100644 --- a/tests/test_asyncio/test_connect.py +++ b/tests/test_asyncio/test_connect.py @@ -61,13 +61,14 @@ async def test_uds_connect(uds_address): ) async def test_tcp_ssl_tls12_custom_ciphers(tcp_address, ssl_ciphers): host, port = tcp_address - certfile = get_ssl_filename("server-cert.pem") - keyfile = get_ssl_filename("server-key.pem") + certfile = get_ssl_filename("client-cert.pem") + keyfile = get_ssl_filename("client-key.pem") + ca_certfile = get_ssl_filename("ca-cert.pem") conn = SSLConnection( host=host, port=port, client_name=_CLIENT_NAME, - ssl_ca_certs=certfile, + ssl_ca_certs=ca_certfile, socket_timeout=10, ssl_min_version=ssl.TLSVersion.TLSv1_2, ssl_ciphers=ssl_ciphers, @@ -89,13 +90,14 @@ async def test_tcp_ssl_tls12_custom_ciphers(tcp_address, ssl_ciphers): ) async def test_tcp_ssl_connect(tcp_address, ssl_min_version): host, port = tcp_address - certfile = get_ssl_filename("server-cert.pem") - keyfile = get_ssl_filename("server-key.pem") + certfile = get_ssl_filename("client-cert.pem") + keyfile = get_ssl_filename("client-key.pem") + ca_certfile = get_ssl_filename("ca-cert.pem") conn = SSLConnection( host=host, port=port, client_name=_CLIENT_NAME, - ssl_ca_certs=certfile, + ssl_ca_certs=ca_certfile, socket_timeout=10, ssl_min_version=ssl_min_version, ) diff --git a/tests/test_connect.py b/tests/test_connect.py index fcc1a0526..71986dd8f 100644 --- a/tests/test_connect.py +++ b/tests/test_connect.py @@ -58,13 +58,14 @@ def test_uds_connect(uds_address): ) def test_tcp_ssl_connect(tcp_address, ssl_min_version): host, port = tcp_address - certfile = get_ssl_filename("server-cert.pem") - keyfile = get_ssl_filename("server-key.pem") + certfile = get_ssl_filename("client-cert.pem") + keyfile = get_ssl_filename("client-key.pem") + ca_certfile = get_ssl_filename("ca-cert.pem") conn = SSLConnection( host=host, port=port, client_name=_CLIENT_NAME, - ssl_ca_certs=certfile, + ssl_ca_certs=ca_certfile, socket_timeout=10, ssl_min_version=ssl_min_version, ) @@ -82,13 +83,14 @@ def test_tcp_ssl_connect(tcp_address, ssl_min_version): ) def test_tcp_ssl_tls12_custom_ciphers(tcp_address, ssl_ciphers): host, port = tcp_address - certfile = get_ssl_filename("server-cert.pem") - keyfile = get_ssl_filename("server-key.pem") + certfile = get_ssl_filename("client-cert.pem") + keyfile = get_ssl_filename("client-key.pem") + ca_certfile = get_ssl_filename("ca-cert.pem") conn = SSLConnection( host=host, port=port, client_name=_CLIENT_NAME, - ssl_ca_certs=certfile, + ssl_ca_certs=ca_certfile, socket_timeout=10, ssl_min_version=ssl.TLSVersion.TLSv1_2, ssl_ciphers=ssl_ciphers, diff --git a/tests/test_ssl.py b/tests/test_ssl.py index fd6fa51db..3edbc03ab 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -20,6 +20,7 @@ class TestSSL: SERVER_CERT = get_ssl_filename("server-cert.pem") SERVER_KEY = get_ssl_filename("server-key.pem") + CA_CERT = get_ssl_filename("ca-cert.pem") def test_ssl_with_invalid_cert(self, request): ssl_url = request.config.option.redis_ssl_url @@ -56,13 +57,13 @@ def test_validating_self_signed_certificate(self, request): ssl_certfile=self.SERVER_CERT, ssl_keyfile=self.SERVER_KEY, ssl_cert_reqs="required", - ssl_ca_certs=self.SERVER_CERT, + ssl_ca_certs=self.CA_CERT, ) assert r.ping() r.close() def test_validating_self_signed_string_certificate(self, request): - with open(self.SERVER_CERT) as f: + with open(self.CA_CERT) as f: cert_data = f.read() ssl_url = request.config.option.redis_ssl_url p = urlparse(ssl_url)[1].split(":") @@ -150,7 +151,7 @@ def _create_oscp_conn(self, request): ssl_certfile=self.SERVER_CERT, ssl_keyfile=self.SERVER_KEY, ssl_cert_reqs="required", - ssl_ca_certs=self.SERVER_CERT, + ssl_ca_certs=self.CA_CERT, ssl_validate_ocsp=True, ) return r @@ -171,14 +172,6 @@ def test_ssl_ocsp_called_withcrypto(self, request): assert "No AIA information present in ssl certificate" in str(e) r.close() - # rediss://, url based - ssl_url = request.config.option.redis_ssl_url - sslclient = redis.from_url(ssl_url) - with pytest.raises(ConnectionError) as e: - sslclient.ping() - assert "No AIA information present in ssl certificate" in str(e) - sslclient.close() - @skip_if_nocryptography() def test_valid_ocsp_cert_http(self): from redis.ocsp import OCSPVerifier @@ -256,7 +249,7 @@ def test_mock_ocsp_staple(self, request): ssl_certfile=self.SERVER_CERT, ssl_keyfile=self.SERVER_KEY, ssl_cert_reqs="required", - ssl_ca_certs=self.SERVER_CERT, + ssl_ca_certs=self.CA_CERT, ssl_validate_ocsp=True, ssl_ocsp_context=p, # just needs to not be none ) @@ -276,7 +269,7 @@ def test_mock_ocsp_staple(self, request): ssl_certfile=self.SERVER_CERT, ssl_keyfile=self.SERVER_KEY, ssl_cert_reqs="required", - ssl_ca_certs=self.SERVER_CERT, + ssl_ca_certs=self.CA_CERT, ssl_ocsp_context=ctx, ssl_ocsp_expected_cert=open(self.SERVER_KEY, "rb").read(), ssl_validate_ocsp_stapled=True, @@ -294,7 +287,7 @@ def test_mock_ocsp_staple(self, request): ssl_certfile=self.SERVER_CERT, ssl_keyfile=self.SERVER_KEY, ssl_cert_reqs="required", - ssl_ca_certs=self.SERVER_CERT, + ssl_ca_certs=self.CA_CERT, ssl_validate_ocsp_stapled=True, )