diff --git a/test/functional/only_in_ci_system/add-client-certificate.bats b/test/functional/only_in_ci_system/add-client-certificate.bats index 86043a4ca..ac8682791 100755 --- a/test/functional/only_in_ci_system/add-client-certificate.bats +++ b/test/functional/only_in_ci_system/add-client-certificate.bats @@ -38,6 +38,13 @@ setup_file() { teardown_file() { + # Skip this test for local development because it takes a long time. To run this test locally, + # configure swupd with --with-fallback-capaths=/swupd_test_certificates + # and run: RUNNING_IN_CI=true make check + if [ -z "${RUNNING_IN_CI}" ]; then + return + fi + destroy_test_environment --force "$TEST_NAME" } diff --git a/test/functional/only_in_ci_system/chk-update-client-certificate.bats b/test/functional/only_in_ci_system/chk-update-client-certificate.bats index b2122270f..a6f876680 100755 --- a/test/functional/only_in_ci_system/chk-update-client-certificate.bats +++ b/test/functional/only_in_ci_system/chk-update-client-certificate.bats @@ -40,6 +40,13 @@ setup_file() { teardown_file() { + # Skip this test for local development because it takes a long time. To run this test locally, + # configure swupd with --with-fallback-capaths=/swupd_test_certificates + # and run: RUNNING_IN_CI=true make check + if [ -z "${RUNNING_IN_CI}" ]; then + return + fi + destroy_test_environment --force "$TEST_NAME" } diff --git a/test/functional/only_in_ci_system/diagnose-client-certificate.bats b/test/functional/only_in_ci_system/diagnose-client-certificate.bats index efa93af52..07104c39d 100755 --- a/test/functional/only_in_ci_system/diagnose-client-certificate.bats +++ b/test/functional/only_in_ci_system/diagnose-client-certificate.bats @@ -37,6 +37,13 @@ setup_file() { teardown_file() { + # Skip this test for local development because it takes a long time. To run this test locally, + # configure swupd with --with-fallback-capaths=/swupd_test_certificates + # and run: RUNNING_IN_CI=true make check + if [ -z "${RUNNING_IN_CI}" ]; then + return + fi + destroy_test_environment --force "$TEST_NAME" } diff --git a/test/functional/only_in_ci_system/list-client-certificate.bats b/test/functional/only_in_ci_system/list-client-certificate.bats index 9eac09e44..972c256c8 100755 --- a/test/functional/only_in_ci_system/list-client-certificate.bats +++ b/test/functional/only_in_ci_system/list-client-certificate.bats @@ -37,6 +37,13 @@ setup_file() { teardown_file() { + # Skip this test for local development because it takes a long time. To run this test locally, + # configure swupd with --with-fallback-capaths=/swupd_test_certificates + # and run: RUNNING_IN_CI=true make check + if [ -z "${RUNNING_IN_CI}" ]; then + return + fi + destroy_test_environment --force "$TEST_NAME" } diff --git a/test/functional/only_in_ci_system/remove-client-certificate.bats b/test/functional/only_in_ci_system/remove-client-certificate.bats index d20f175cb..2433df994 100755 --- a/test/functional/only_in_ci_system/remove-client-certificate.bats +++ b/test/functional/only_in_ci_system/remove-client-certificate.bats @@ -38,6 +38,13 @@ setup_file() { teardown_file() { + # Skip this test for local development because it takes a long time. To run this test locally, + # configure swupd with --with-fallback-capaths=/swupd_test_certificates + # and run: RUNNING_IN_CI=true make check + if [ -z "${RUNNING_IN_CI}" ]; then + return + fi + destroy_test_environment --force "$TEST_NAME" } diff --git a/test/functional/only_in_ci_system/search-client-certificate.bats b/test/functional/only_in_ci_system/search-client-certificate.bats index eafa8249c..d889acc4a 100755 --- a/test/functional/only_in_ci_system/search-client-certificate.bats +++ b/test/functional/only_in_ci_system/search-client-certificate.bats @@ -38,6 +38,13 @@ setup_file() { teardown_file() { + # Skip this test for local development because it takes a long time. To run this test locally, + # configure swupd with --with-fallback-capaths=/swupd_test_certificates + # and run: RUNNING_IN_CI=true make check + if [ -z "${RUNNING_IN_CI}" ]; then + return + fi + destroy_test_environment --force "$TEST_NAME" } diff --git a/test/functional/only_in_ci_system/update-client-certificate.bats b/test/functional/only_in_ci_system/update-client-certificate.bats index 0a843468f..45b98ace3 100755 --- a/test/functional/only_in_ci_system/update-client-certificate.bats +++ b/test/functional/only_in_ci_system/update-client-certificate.bats @@ -40,6 +40,13 @@ setup_file() { teardown_file() { + # Skip this test for local development because it takes a long time. To run this test locally, + # configure swupd with --with-fallback-capaths=/swupd_test_certificates + # and run: RUNNING_IN_CI=true make check + if [ -z "${RUNNING_IN_CI}" ]; then + return + fi + destroy_test_environment --force "$TEST_NAME" } diff --git a/test/functional/server.py b/test/functional/server.py index 053ca599a..e7c17efa3 100755 --- a/test/functional/server.py +++ b/test/functional/server.py @@ -266,16 +266,13 @@ def parse_arguments(): # configure ssl certificates if args.server_cert and args.server_key: - wrap_socket_args = {"certfile": args.server_cert, - "keyfile": args.server_key, - "server_side": True} - - # add client certificate + wrap_socket_args = {"server_side": True} + context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + context.load_cert_chain(args.server_cert, args.server_key) if args.client_cert: - wrap_socket_args.update({"ca_certs": args.client_cert, - "cert_reqs": ssl.CERT_REQUIRED}) - - httpd.socket = ssl.wrap_socket(httpd.socket, **wrap_socket_args) + context.load_verify_locations(cafile=args.client_cert) + context.verify_mode = ssl.CERT_REQUIRED + httpd.socket = context.wrap_socket(httpd.socket, **wrap_socket_args) # invalid certificate combination elif args.server_cert or args.server_key or args.client_cert: