Switch default ssl protocol to PROTOCOL_TLS_CLIENT and improve tests #207
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TLDR:
In our current test suite, there are lots of cases when a local server is spun up in a separate greenlet. Errors in these greenlets so far only threw output to
std.err
, but didn't raise an actual error. This behavior is dangerous, as it can easily hide errors and pretend a passing test suite.One test in
test_ssl.py
had confusing delayed output tostd.err
. This made test runs withpytest -v -s
look like some random tests were erroring. This is fixed now. and the output tostd.err
is caught cleanly.The current
gevent.ssl
default protocol version for wrapping a SSL socket is stillssl.PROTOCOL_SSLv23
. This is outdated since python 3.10 and was replaced withssl.PROTOCOL_TLS_CLIENT
. This PR makes use of the new protocol, while the default ingevent
unfortunately is still unchanged. In short: This makes sure, our SSL sockets don't negotiate an outdated and possibly less secure connection.Some common code, which was present multiple times in different test modules, was moved to
conftest.py
. Makes maintenance easier.The tests now also don't monkey patch
http.client
in general, but only for the tests ofhttplib2
andurllib.request
, that depend on that patching. As the monkey patching is only required for a small subset of features, this makes sure, that the tests run in the environment, in which they'd be commonly used.