From 7c49fe2a5752a08f2bbc17d479d74f046eb50376 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Tue, 6 Aug 2024 11:17:18 +0200
Subject: [PATCH] test: mock-insights: switch away from ssl.wrap_socket()

ssl.wrap_socket() is long deprecated, and dropped in Python 3.12.
Switch to use an SSLContext for client authentication. Load also the
system CA store, as it contains the Candlepin CA: this way, the
CERT-based authentication (using the consumer certificate generated
by Candlepin) can be validated.
---
 test/files/mock-insights | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/test/files/mock-insights b/test/files/mock-insights
index ece876a..2ca0992 100755
--- a/test/files/mock-insights
+++ b/test/files/mock-insights
@@ -213,12 +213,10 @@ def insights_server(port):
         subprocess.check_call(["sscg"], cwd=certdir)
 
     httpd = HTTPServer(("", port), handler)
-    ssl_args = {
-        "certfile": f"{certdir}/service.pem",
-        "keyfile": f"{certdir}/service-key.pem",
-        "server_side": True,
-    }
-    httpd.socket = ssl.wrap_socket(httpd.socket, **ssl_args)
+    ctx = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
+    ctx.load_default_certs()
+    ctx.load_cert_chain(f"{certdir}/service.pem", f"{certdir}/service-key.pem")
+    httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True)
     httpd.serve_forever()