Skip to content

Commit 4903840

Browse files
pquentinsethmlarson
pquentin
authored and
sethmlarson
committed
Use trustme to generate IP_SAN cert
1 parent 9971e27 commit 4903840

File tree

4 files changed

+29
-31
lines changed

4 files changed

+29
-31
lines changed

dummyserver/certs/server.ip_san.crt

Lines changed: 0 additions & 21 deletions
This file was deleted.

dummyserver/server.py

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -39,10 +39,6 @@
3939
CLIENT_CERT = os.path.join(CERTS_PATH, CLIENT_INTERMEDIATE_PEM)
4040
PASSWORD_KEYFILE = os.path.join(CERTS_PATH, "server_password.key")
4141
PASSWORD_CLIENT_KEYFILE = os.path.join(CERTS_PATH, "client_password.key")
42-
IP_SAN_CERTS = {
43-
"certfile": os.path.join(CERTS_PATH, "server.ip_san.crt"),
44-
"keyfile": DEFAULT_CERTS["keyfile"],
45-
}
4642
IPV6_ADDR_CERTS = {
4743
"certfile": os.path.join(CERTS_PATH, "server.ipv6addr.crt"),
4844
"keyfile": os.path.join(CERTS_PATH, "server.ipv6addr.key"),

test/conftest.py

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,3 +89,26 @@ def no_san_server(tmp_path_factory):
8989
{"keyfile": server_key_path, "certfile": server_cert_path},
9090
) as cfg:
9191
yield cfg
92+
93+
94+
@pytest.fixture
95+
def ip_san_server(tmp_path_factory):
96+
tmpdir = tmp_path_factory.mktemp("certs")
97+
ca = trustme.CA()
98+
# IP address in Subject Alternative Name
99+
server_cert = ca.issue_cert(u"127.0.0.1")
100+
101+
ca_cert_path = str(tmpdir / "ca.pem")
102+
server_cert_path = str(tmpdir / "server.pem")
103+
server_key_path = str(tmpdir / "server.key")
104+
ca.cert_pem.write_to_path(ca_cert_path)
105+
server_cert.private_key_pem.write_to_path(server_key_path)
106+
server_cert.cert_chain_pems[0].write_to_path(server_cert_path)
107+
108+
with run_server_in_thread(
109+
"https",
110+
"127.0.0.1",
111+
ca_cert_path,
112+
{"keyfile": server_key_path, "certfile": server_cert_path},
113+
) as cfg:
114+
yield cfg

test/with_dummyserver/test_https.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,6 @@
2121
IPV6_ADDR_CERTS,
2222
IPV6_ADDR_CA,
2323
HAS_IPV6,
24-
IP_SAN_CERTS,
2524
IPV6_SAN_CERTS,
2625
IPV6_SAN_CA,
2726
PASSWORD_CLIENT_KEYFILE,
@@ -721,18 +720,19 @@ def test_warning_for_certs_without_a_san(self, no_san_server):
721720
assert warn.called
722721

723722

724-
class TestHTTPS_IPSAN(HTTPSDummyServerTestCase):
725-
certs = IP_SAN_CERTS
726-
727-
def test_can_validate_ip_san(self):
723+
class TestHTTPS_IPSAN:
724+
def test_can_validate_ip_san(self, ip_san_server):
728725
"""Ensure that urllib3 can validate SANs with IP addresses in them."""
729726
try:
730727
import ipaddress # noqa: F401
731728
except ImportError:
732729
pytest.skip("Only runs on systems with an ipaddress module")
733730

734731
with HTTPSConnectionPool(
735-
"127.0.0.1", self.port, cert_reqs="CERT_REQUIRED", ca_certs=DEFAULT_CA
732+
ip_san_server.host,
733+
ip_san_server.port,
734+
cert_reqs="CERT_REQUIRED",
735+
ca_certs=ip_san_server.ca_certs,
736736
) as https_pool:
737737
r = https_pool.request("GET", "/")
738738
assert r.status == 200

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy