From c720f9c696b3b39d8c386abf8c8a9ddad447cda0 Mon Sep 17 00:00:00 2001 From: Carlos Garcia Campos Date: Wed, 9 Sep 2020 14:44:25 +0200 Subject: [PATCH 1/2] tests: fix SSL test with glib-networking >= 2.65.90 To make SSL tests fail with our testing certificate we create and empty GTlsDatabase passing /dev/null to g_tls_file_database_new(). This no longer works with newer glib-networking, since an empty file is considered an error by gnutls and g_tls_file_database_gnutls_populate_trust_list() now handles gnutls errors properly. Instead, we can just use the system CA file that won't contain our testing certificate for sure. Fixes #201 --- tests/ssl-test.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/tests/ssl-test.c b/tests/ssl-test.c index 735ba416..2c93ca85 100644 --- a/tests/ssl-test.c +++ b/tests/ssl-test.c @@ -3,7 +3,6 @@ #include "test-utils.h" SoupURI *uri; -GTlsDatabase *null_tlsdb; static void do_properties_test_for_session (SoupSession *session) @@ -37,7 +36,7 @@ do_async_properties_tests (void) session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL); g_object_set (G_OBJECT (session), - SOUP_SESSION_TLS_DATABASE, null_tlsdb, + SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, SOUP_SESSION_SSL_STRICT, FALSE, NULL); do_properties_test_for_session (session); @@ -53,7 +52,7 @@ do_sync_properties_tests (void) session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL); g_object_set (G_OBJECT (session), - SOUP_SESSION_TLS_DATABASE, null_tlsdb, + SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, SOUP_SESSION_SSL_STRICT, FALSE, NULL); do_properties_test_for_session (session); @@ -106,7 +105,7 @@ do_strictness_test (gconstpointer data) } if (!test->with_ca_list) { g_object_set (G_OBJECT (session), - SOUP_SESSION_TLS_DATABASE, null_tlsdb, + SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, NULL); } @@ -433,7 +432,6 @@ main (int argc, char **argv) { SoupServer *server = NULL; int i, ret; - GError *error = NULL; test_init (argc, argv, NULL); @@ -441,9 +439,6 @@ main (int argc, char **argv) server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD); soup_server_add_handler (server, NULL, server_handler, NULL, NULL); uri = soup_test_server_get_uri (server, "https", "127.0.0.1"); - - null_tlsdb = g_tls_file_database_new ("/dev/null", &error); - g_assert_no_error (error); } else uri = NULL; @@ -463,7 +458,6 @@ main (int argc, char **argv) if (tls_available) { soup_uri_free (uri); soup_test_server_quit_unref (server); - g_object_unref (null_tlsdb); } test_cleanup (); -- 2.43.5 From 0fbc7e8220c32f4848d6f1407efe81cc13ab18ef Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Sat, 18 Jan 2025 01:20:24 -0600 Subject: [PATCH 2/2] Add workaround for flaky ssl-test connection failures --- tests/ssl-test.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ssl-test.c b/tests/ssl-test.c index 2c93ca85..1b48c6aa 100644 --- a/tests/ssl-test.c +++ b/tests/ssl-test.c @@ -348,6 +348,19 @@ got_connection (GThreadedSocketService *service, g_clear_error (&error); } + // Work around a race condition where do_tls_interaction_test's call to + // soup_session_send_message() fails due to the server having closed the + // connection: + // + // ERROR:../tests/ssl-test.c:405:do_tls_interaction_test: Unexpected status 7 Connection terminated unexpectedly (expected 200 OK) + // + // This bug is already fixed upstream, so no sense in spending a bunch + // of time trying to find a proper fix. + // + // I'm not certain, but I suspect it's fixed by: + // https://gitlab.gnome.org/GNOME/libsoup/-/commit/bd6de90343839125bd07c43c97e1000deb0b40c3 + sleep (1); + g_io_stream_close (tls, NULL, &error); g_assert_no_error (error); -- 2.43.5