diff --git a/tests/test_download.py b/tests/test_download.py index 9a041088..5cf07af8 100755 --- a/tests/test_download.py +++ b/tests/test_download.py @@ -290,6 +290,9 @@ def test_https_connection(self): # Trust the certfile that happens to use a different hostname than we # will expect. os.environ['REQUESTS_CA_BUNDLE'] = bad_cert_fname + # Clear sessions to ensure that the certificate we just specified is used. + # TODO: Confirm necessity of this session clearing and lay out mechanics. + tuf.download._sessions = {} # Try connecting to the server process with the bad cert while trusting # the bad cert. Expect failure because even though we trust it, the @@ -316,8 +319,12 @@ def test_https_connection(self): with self.assertRaises(requests.exceptions.SSLError): download.unsafe_download(good2_https_url, target_data_length) + # Configure environment to now trust the certfile that is expired. os.environ['REQUESTS_CA_BUNDLE'] = expired_cert_fname + # Clear sessions to ensure that the certificate we just specified is used. + # TODO: Confirm necessity of this session clearing and lay out mechanics. + tuf.download._sessions = {} # Try connecting to the server process with the expired cert while # trusting the expired cert. Expect failure because even though we trust @@ -328,20 +335,23 @@ def test_https_connection(self): with self.assertRaises(requests.exceptions.SSLError): download.unsafe_download(expired_https_url, target_data_length) + # Try connecting to the server processes with the good certs while # trusting the appropriate good certs. Expect success. - # Note: running these OK downloads at the top of this try section causes - # a failure in a previous assertion: retrieving the same good URL - # again after no longer "trusting" the good certfile still succeeds - # if we had previously succeeded in retrieving that same URL while - # still trusting the good cert. Perhaps it's a caching issue....? - # I'm not especially concerned yet, but take note for later.... + # TODO: expand testing to switch expected certificates back and forth a + # bit more while clearing / not clearing sessions. os.environ['REQUESTS_CA_BUNDLE'] = good_cert_fname + # Clear sessions to ensure that the certificate we just specified is used. + # TODO: Confirm necessity of this session clearing and lay out mechanics. + tuf.download._sessions = {} logger.info('Trying HTTPS download of target file: ' + good_https_url) download.safe_download(good_https_url, target_data_length) download.unsafe_download(good_https_url, target_data_length) os.environ['REQUESTS_CA_BUNDLE'] = good2_cert_fname + # Clear sessions to ensure that the certificate we just specified is used. + # TODO: Confirm necessity of this session clearing and lay out mechanics. + tuf.download._sessions = {} logger.info('Trying HTTPS download of target file: ' + good2_https_url) download.safe_download(good2_https_url, target_data_length) download.unsafe_download(good2_https_url, target_data_length) diff --git a/tests/test_proxy_use.py b/tests/test_proxy_use.py index bed8ea43..90832ae7 100644 --- a/tests/test_proxy_use.py +++ b/tests/test_proxy_use.py @@ -238,6 +238,9 @@ def test_https_dl_via_smart_http_proxy(self): self.set_env_value('REQUESTS_CA_BUNDLE', os.path.join('ssl_certs', 'ssl_cert.crt')) + # Clear sessions to ensure that the certificate we just specified is used. + # TODO: Confirm necessity of this session clearing and lay out mechanics. + tuf.download._sessions = {} logger.info('Trying HTTPS download via HTTP proxy: ' + self.url_https) download.safe_download(self.url_https, self.target_data_length) @@ -259,6 +262,9 @@ def test_http_dl_via_https_proxy(self): # plain HTTP connection to the target server. self.set_env_value('REQUESTS_CA_BUNDLE', os.path.join('ssl_certs', 'proxy_ca.crt')) + # Clear sessions to ensure that the certificate we just specified is used. + # TODO: Confirm necessity of this session clearing and lay out mechanics. + tuf.download._sessions = {} logger.info('Trying HTTP download via HTTPS proxy: ' + self.url_https) download.safe_download(self.url, self.target_data_length) @@ -282,6 +288,9 @@ def test_https_dl_via_https_proxy(self): # started in setUpClass(). self.set_env_value('REQUESTS_CA_BUNDLE', os.path.join('ssl_certs', 'proxy_ca.crt')) + # Clear sessions to ensure that the certificate we just specified is used. + # TODO: Confirm necessity of this session clearing and lay out mechanics. + tuf.download._sessions = {} logger.info('Trying HTTPS download via HTTPS proxy: ' + self.url_https) download.safe_download(self.url_https, self.target_data_length) @@ -325,7 +334,7 @@ def restore_env_value(self, key): assert key in self.old_env_values, 'Test coding mistake: something is ' \ 'trying to restore environment variable ' + key + ', but that ' \ 'variable does not appear in the list of values to restore. ' \ - 'Please make sure to use _set_env_value().' + 'Please make sure to use set_env_value().' if self.old_env_values[key] is None: # If it was not previously set, try to unset it.