libsoup/SOURCES/fix-ssl-test.patch

From c720f9c696b3b39d8c386abf8c8a9ddad447cda0 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Wed, 9 Sep 2020 14:44:25 +0200
Subject: [PATCH 1/2] tests: fix SSL test with glib-networking >= 2.65.90

To make SSL tests fail with our testing certificate we create and empty
GTlsDatabase passing /dev/null to g_tls_file_database_new(). This no
longer works with newer glib-networking, since an empty file is
considered an error by gnutls and
g_tls_file_database_gnutls_populate_trust_list() now handles gnutls
errors properly. Instead, we can just use the system CA file that won't
contain our testing certificate for sure.

Fixes #201
---
 tests/ssl-test.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/tests/ssl-test.c b/tests/ssl-test.c
index 735ba416..2c93ca85 100644
--- a/tests/ssl-test.c
+++ b/tests/ssl-test.c
@@ -3,7 +3,6 @@
 #include "test-utils.h"
 
 SoupURI *uri;
-GTlsDatabase *null_tlsdb;
 
 static void
 do_properties_test_for_session (SoupSession *session)
@@ -37,7 +36,7 @@ do_async_properties_tests (void)
 
 	session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
 	g_object_set (G_OBJECT (session),
-		      SOUP_SESSION_TLS_DATABASE, null_tlsdb,
+		      SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
 		      SOUP_SESSION_SSL_STRICT, FALSE,
 		      NULL);
 	do_properties_test_for_session (session);
@@ -53,7 +52,7 @@ do_sync_properties_tests (void)
 
 	session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL);
 	g_object_set (G_OBJECT (session),
-		      SOUP_SESSION_TLS_DATABASE, null_tlsdb,
+		      SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
 		      SOUP_SESSION_SSL_STRICT, FALSE,
 		      NULL);
 	do_properties_test_for_session (session);
@@ -106,7 +105,7 @@ do_strictness_test (gconstpointer data)
 	}
 	if (!test->with_ca_list) {
 		g_object_set (G_OBJECT (session),
-			      SOUP_SESSION_TLS_DATABASE, null_tlsdb,
+			      SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
 			      NULL);
 	}
 
@@ -433,7 +432,6 @@ main (int argc, char **argv)
 {
 	SoupServer *server = NULL;
 	int i, ret;
-	GError *error = NULL;
 
 	test_init (argc, argv, NULL);
 
@@ -441,9 +439,6 @@ main (int argc, char **argv)
 		server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
 		soup_server_add_handler (server, NULL, server_handler, NULL, NULL);
 		uri = soup_test_server_get_uri (server, "https", "127.0.0.1");
-
-		null_tlsdb = g_tls_file_database_new ("/dev/null", &error);
-		g_assert_no_error (error);
 	} else
 		uri = NULL;
 
@@ -463,7 +458,6 @@ main (int argc, char **argv)
 	if (tls_available) {
 		soup_uri_free (uri);
 		soup_test_server_quit_unref (server);
-		g_object_unref (null_tlsdb);
 	}
 
 	test_cleanup ();
-- 
2.43.5


From 0fbc7e8220c32f4848d6f1407efe81cc13ab18ef Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Sat, 18 Jan 2025 01:20:24 -0600
Subject: [PATCH 2/2] Add workaround for flaky ssl-test connection failures

---
 tests/ssl-test.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/ssl-test.c b/tests/ssl-test.c
index 2c93ca85..1b48c6aa 100644
--- a/tests/ssl-test.c
+++ b/tests/ssl-test.c
@@ -348,6 +348,19 @@ got_connection (GThreadedSocketService *service,
 		g_clear_error (&error);
 	}
 
+	// Work around a race condition where do_tls_interaction_test's call to
+	// soup_session_send_message() fails due to the server having closed the
+	// connection:
+	//
+	// ERROR:../tests/ssl-test.c:405:do_tls_interaction_test: Unexpected status 7 Connection terminated unexpectedly (expected 200 OK)
+	//
+	// This bug is already fixed upstream, so no sense in spending a bunch
+	// of time trying to find a proper fix.
+	//
+	// I'm not certain, but I suspect it's fixed by:
+	// https://gitlab.gnome.org/GNOME/libsoup/-/commit/bd6de90343839125bd07c43c97e1000deb0b40c3
+	sleep (1);
+
 	g_io_stream_close (tls, NULL, &error);
 	g_assert_no_error (error);
 
-- 
2.43.5