commit beaf9f514ae9db428a17e96520111c27f3c330d9
author Paul Kehrer <paul.l.kehrer@gmail.com> Mon Aug 03 17:50:31 2020 -0500
committer GitHub <noreply@github.com> Mon Aug 03 18:50:31 2020 -0400
tree 120f41c553acc5f77f7885263a2a9e105224ba6c
parent c45a6ea2c9a792d1cf55eed024bad519d3174819

update cert fixtures and simplify tests (#927)

* simplify

* generate new certs and keys with 3072-bit RSA

* black

* add a test to avoid losing coverage

tests/test_ssl.py

diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index dffd3b2..5900ad1 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -130,13 +130,12 @@
 
 from .util import WARNING_TYPE_EXPECTED, NON_ASCII, is_consistent_type
 from .test_crypto import (
-    cleartextCertificatePEM,
-    cleartextPrivateKeyPEM,
     client_cert_pem,
     client_key_pem,
     server_cert_pem,
     server_key_pem,
     root_cert_pem,
+    root_key_pem,
 )
 
 
@@ -684,9 +683,7 @@
         # OpenSSL if the cert and key agree using check_privatekey.  Then as
         # long as check_privatekey works right we're good...
         ctx = Context(TLSv1_METHOD)
-        ctx.use_certificate(
-            load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
-        )
+        ctx.use_certificate(load_certificate(FILETYPE_PEM, root_cert_pem))
 
     def test_use_certificate_file_wrong_args(self):
         """
@@ -720,7 +717,7 @@
         # OpenSSL if the cert and key agree using check_privatekey.  Then as
         # long as check_privatekey works right we're good...
         with open(certificate_file, "wb") as pem_file:
-            pem_file.write(cleartextCertificatePEM)
+            pem_file.write(root_cert_pem)
 
         ctx = Context(TLSv1_METHOD)
         ctx.use_certificate_file(certificate_file)
@@ -975,12 +972,8 @@
 
         context = Context(TLSv1_METHOD)
         context.set_info_callback(info)
-        context.use_certificate(
-            load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
-        )
-        context.use_privatekey(
-            load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
-        )
+        context.use_certificate(load_certificate(FILETYPE_PEM, root_cert_pem))
+        context.use_privatekey(load_privatekey(FILETYPE_PEM, root_key_pem))
 
         serverSSL = Connection(context, server)
         serverSSL.set_accept_state()
@@ -1018,10 +1011,10 @@
         server_context = Context(TLSv1_METHOD)
         server_context.set_keylog_callback(keylog)
         server_context.use_certificate(
-            load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
+            load_certificate(FILETYPE_PEM, root_cert_pem)
         )
         server_context.use_privatekey(
-            load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+            load_privatekey(FILETYPE_PEM, root_key_pem)
         )
 
         client_context = Context(TLSv1_METHOD)
@@ -1054,10 +1047,10 @@
 
         serverContext = Context(TLSv1_METHOD)
         serverContext.use_certificate(
-            load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
+            load_certificate(FILETYPE_PEM, root_cert_pem)
         )
         serverContext.use_privatekey(
-            load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+            load_privatekey(FILETYPE_PEM, root_key_pem)
         )
 
         serverSSL = Connection(serverContext, server)
@@ -1080,7 +1073,7 @@
         connections created using that `Context`.
         """
         with open(cafile, "w") as fObj:
-            fObj.write(cleartextCertificatePEM.decode("ascii"))
+            fObj.write(root_cert_pem.decode("ascii"))
 
         self._load_verify_locations_test(cafile)
 
@@ -1124,7 +1117,7 @@
         for name in [b"c7adac82.0", b"c3705638.0"]:
             cafile = join_bytes_or_unicode(capath, name)
             with open(cafile, "w") as fObj:
-                fObj.write(cleartextCertificatePEM.decode("ascii"))
+                fObj.write(root_cert_pem.decode("ascii"))
 
         self._load_verify_locations_test(None, capath)
 
@@ -1308,10 +1301,10 @@
         """
         serverContext = Context(TLSv1_METHOD)
         serverContext.use_privatekey(
-            load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+            load_privatekey(FILETYPE_PEM, root_key_pem)
         )
         serverContext.use_certificate(
-            load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
+            load_certificate(FILETYPE_PEM, root_cert_pem)
         )
         serverConnection = Connection(serverContext, None)
 
@@ -1339,10 +1332,10 @@
         """
         serverContext = Context(TLSv1_METHOD)
         serverContext.use_privatekey(
-            load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+            load_privatekey(FILETYPE_PEM, root_key_pem)
         )
         serverContext.use_certificate(
-            load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
+            load_certificate(FILETYPE_PEM, root_cert_pem)
         )
         serverConnection = Connection(serverContext, None)
 
@@ -1365,10 +1358,10 @@
         """
         serverContext = Context(TLSv1_2_METHOD)
         serverContext.use_privatekey(
-            load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+            load_privatekey(FILETYPE_PEM, root_key_pem)
         )
         serverContext.use_certificate(
-            load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
+            load_certificate(FILETYPE_PEM, root_cert_pem)
         )
 
         clientContext = Context(TLSv1_2_METHOD)