From 673ed5b45e92be8919b29ee033770913dc7c0ba9 Mon Sep 17 00:00:00 2001
From: Thomas Kriechbaumer <thomas@kriechbaumer.name>
Date: Wed, 24 May 2017 17:22:59 +0200
Subject: pathod: properly verify certificate in tests

---
 test/pathod/test_test.py | 41 ++++++++++++-----------------------------
 1 file changed, 12 insertions(+), 29 deletions(-)

(limited to 'test/pathod/test_test.py')

diff --git a/test/pathod/test_test.py b/test/pathod/test_test.py
index 40f45f53..30d0a473 100644
--- a/test/pathod/test_test.py
+++ b/test/pathod/test_test.py
@@ -1,15 +1,10 @@
-import logging
+import os
 import requests
 import pytest
 
-from pathod import test
-
 from mitmproxy.test import tutils
-
-import requests.packages.urllib3
-
-requests.packages.urllib3.disable_warnings()
-logging.disable(logging.CRITICAL)
+from pathod import test
+from pathod.pathod import SSLOptions, CA_CERT_NAME
 
 
 class TestDaemonManual:
@@ -22,29 +17,17 @@ class TestDaemonManual:
         with pytest.raises(requests.ConnectionError):
             requests.get("http://localhost:%s/p/202:da" % d.port)
 
-    def test_startstop_ssl(self):
-        d = test.Daemon(ssl=True)
-        rsp = requests.get(
-            "https://localhost:%s/p/202:da" %
-            d.port,
-            verify=False)
-        assert rsp.ok
-        assert rsp.status_code == 202
-        d.shutdown()
-        with pytest.raises(requests.ConnectionError):
-            requests.get("http://localhost:%s/p/202:da" % d.port)
-
-    def test_startstop_ssl_explicit(self):
-        ssloptions = dict(
-            certfile=tutils.test_data.path("pathod/data/testkey.pem"),
-            cacert=tutils.test_data.path("pathod/data/testkey.pem"),
-            ssl_after_connect=False
+    @pytest.mark.parametrize('not_after_connect', [True, False])
+    def test_startstop_ssl(self, not_after_connect):
+        ssloptions = SSLOptions(
+            cn=b'localhost',
+            sans=[b'localhost', b'127.0.0.1'],
+            not_after_connect=not_after_connect,
         )
-        d = test.Daemon(ssl=ssloptions)
+        d = test.Daemon(ssl=True, ssloptions=ssloptions)
         rsp = requests.get(
-            "https://localhost:%s/p/202:da" %
-            d.port,
-            verify=False)
+            "https://localhost:%s/p/202:da" % d.port,
+            verify=os.path.join(d.thread.server.ssloptions.confdir, CA_CERT_NAME))
         assert rsp.ok
         assert rsp.status_code == 202
         d.shutdown()
-- 
cgit v1.2.3