Adjust tests to temporary failures with CPython 3.13.0a5 (#3371)

urllib3 · Mar 28, 2024 · 84b0c47 · 84b0c47
1 parent 2df2003
commit 84b0c47
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 1 deletion.
diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -5,7 +5,10 @@ pytest==8.0.2
 pytest-timeout==2.1.0
 pyOpenSSL==24.0.0
 idna==3.4
-trustme==1.1.0
+# As of v1.1.0, child CA certificates generated by trustme fail 
+# verification by CPython 3.13.
+# https://github.com/python-trio/trustme/pull/642 
+trustme @ git+https://github.com/python-trio/trustme@b3a767f336e20600f30c9ff78385a58352ff6ee3
 cryptography==42.0.4
 backports.zoneinfo==0.2.1;python_version<"3.9"
 towncrier==23.6.0

diff --git a/test/with_dummyserver/test_proxy_poolmanager.py b/test/with_dummyserver/test_proxy_poolmanager.py
@@ -9,6 +9,7 @@
 import shutil
 import socket
 import ssl
+import sys
 import tempfile
 from test import LONG_TIMEOUT, SHORT_TIMEOUT, resolvesLocalhostFQDN, withPyOpenSSL
 from test.conftest import ServerConfig
@@ -42,6 +43,11 @@
 
 from .. import TARPIT_HOST, requires_network
 
+_broken_on_python313a5 = pytest.mark.xfail(
+    sys.version_info == (3, 13, 0, "alpha", 5),
+    reason="https://github.com/python/cpython/issues/116764",
+)
+
 
 def assert_is_verified(pm: ProxyManager, *, proxy: bool, target: bool) -> None:
     pool = list(pm.pools._container.values())[-1]  # retrieve last pool entry
@@ -77,6 +83,7 @@ def teardown_class(cls) -> None:
         super().teardown_class()
         shutil.rmtree(cls.certs_dir)
 
+    @_broken_on_python313a5
     def test_basic_proxy(self) -> None:
         with proxy_from_url(self.proxy_url, ca_certs=DEFAULT_CA) as http:
             r = http.request("GET", f"{self.http_url}/")
@@ -85,6 +92,7 @@ def test_basic_proxy(self) -> None:
             r = http.request("GET", f"{self.https_url}/")
             assert r.status == 200
 
+    @_broken_on_python313a5
     def test_https_proxy(self) -> None:
         with proxy_from_url(self.https_proxy_url, ca_certs=DEFAULT_CA) as https:
             r = https.request("GET", f"{self.https_url}/")
@@ -93,6 +101,7 @@ def test_https_proxy(self) -> None:
             r = https.request("GET", f"{self.http_url}/")
             assert r.status == 200
 
+    @_broken_on_python313a5
     def test_is_verified_http_proxy_to_http_target(self) -> None:
         with proxy_from_url(self.proxy_url, ca_certs=DEFAULT_CA) as http:
             r = http.request("GET", f"{self.http_url}/")
@@ -105,6 +114,7 @@ def test_is_verified_http_proxy_to_https_target(self) -> None:
             assert r.status == 200
             assert_is_verified(http, proxy=False, target=True)
 
+    @_broken_on_python313a5
     def test_is_verified_https_proxy_to_http_target(self) -> None:
         with proxy_from_url(self.https_proxy_url, ca_certs=DEFAULT_CA) as https:
             r = https.request("GET", f"{self.http_url}/")
@@ -117,6 +127,7 @@ def test_is_verified_https_proxy_to_https_target(self) -> None:
             assert r.status == 200
             assert_is_verified(https, proxy=True, target=True)
 
+    @_broken_on_python313a5
     def test_http_and_https_kwarg_ca_cert_data_proxy(self) -> None:
         with open(DEFAULT_CA) as pem_file:
             pem_file_data = pem_file.read()
@@ -127,6 +138,7 @@ def test_http_and_https_kwarg_ca_cert_data_proxy(self) -> None:
             r = https.request("GET", f"{self.http_url}/")
             assert r.status == 200
 
+    @_broken_on_python313a5
     def test_https_proxy_with_proxy_ssl_context(self) -> None:
         proxy_ssl_context = create_urllib3_context()
         proxy_ssl_context.load_verify_locations(DEFAULT_CA)
@@ -142,6 +154,7 @@ def test_https_proxy_with_proxy_ssl_context(self) -> None:
             assert r.status == 200
 
     @withPyOpenSSL
+    @_broken_on_python313a5
     def test_https_proxy_pyopenssl_not_supported(self) -> None:
         with proxy_from_url(self.https_proxy_url, ca_certs=DEFAULT_CA) as https:
             r = https.request("GET", f"{self.http_url}/")
@@ -152,6 +165,7 @@ def test_https_proxy_pyopenssl_not_supported(self) -> None:
             ):
                 https.request("GET", f"{self.https_url}/")
 
+    @_broken_on_python313a5
     def test_https_proxy_forwarding_for_https(self) -> None:
         with proxy_from_url(
             self.https_proxy_url,
@@ -164,6 +178,7 @@ def test_https_proxy_forwarding_for_https(self) -> None:
             r = https.request("GET", f"{self.https_url}/")
             assert r.status == 200
 
+    @_broken_on_python313a5
     def test_nagle_proxy(self) -> None:
         """Test that proxy connections do not have TCP_NODELAY turned on"""
         with ProxyManager(self.proxy_url) as http:
@@ -202,6 +217,7 @@ def test_proxy_conn_fail_from_dns(
                 e.value.reason.original_error, urllib3.exceptions.NameResolutionError
             )
 
+    @_broken_on_python313a5
     def test_oldapi(self) -> None:
         with ProxyManager(
             connection_from_url(self.proxy_url), ca_certs=DEFAULT_CA  # type: ignore[arg-type]
@@ -258,6 +274,7 @@ def test_proxy_verified(self) -> None:
                     https_fail_pool.request("GET", "/", retries=0)
                 assert isinstance(e.value.reason, SSLError)
 
+    @_broken_on_python313a5
     def test_redirect(self) -> None:
         with proxy_from_url(self.proxy_url) as http:
             r = http.request(
@@ -278,6 +295,7 @@ def test_redirect(self) -> None:
             assert r.status == 200
             assert r.data == b"Dummy server!"
 
+    @_broken_on_python313a5
     def test_cross_host_redirect(self) -> None:
         with proxy_from_url(self.proxy_url) as http:
             cross_host_location = f"{self.http_url_alt}/echo?a=b"
@@ -299,6 +317,7 @@ def test_cross_host_redirect(self) -> None:
             assert r._pool is not None
             assert r._pool.host != self.http_host_alt
 
+    @_broken_on_python313a5
     def test_cross_protocol_redirect(self) -> None:
         with proxy_from_url(self.proxy_url, ca_certs=DEFAULT_CA) as http:
             cross_protocol_location = f"{self.https_url}/echo?a=b"
@@ -320,6 +339,7 @@ def test_cross_protocol_redirect(self) -> None:
             assert r._pool is not None
             assert r._pool.host == self.https_host
 
+    @_broken_on_python313a5
     def test_headers(self) -> None:
         with proxy_from_url(
             self.proxy_url,
@@ -395,6 +415,7 @@ def test_headers(self) -> None:
                 returned_headers.get("Host") == f"{self.https_host}:{self.https_port}"
             )
 
+    @_broken_on_python313a5
     def test_https_headers(self) -> None:
         with proxy_from_url(
             self.https_proxy_url,
@@ -427,6 +448,7 @@ def test_https_headers(self) -> None:
                 returned_headers.get("Host") == f"{self.https_host}:{self.https_port}"
             )
 
+    @_broken_on_python313a5
     def test_https_headers_forwarding_for_https(self) -> None:
         with proxy_from_url(
             self.https_proxy_url,
@@ -443,6 +465,7 @@ def test_https_headers_forwarding_for_https(self) -> None:
                 returned_headers.get("Host") == f"{self.https_host}:{self.https_port}"
             )
 
+    @_broken_on_python313a5
     def test_headerdict(self) -> None:
         default_headers = HTTPHeaderDict(a="b")
         proxy_headers = HTTPHeaderDict()
@@ -500,6 +523,10 @@ def test_proxy_pooling_ext(self) -> None:
             assert sc3 == sc4
 
     @requires_network()
+    @pytest.mark.xfail(
+        sys.version_info == (3, 13, 0, "alpha", 5) and sys.platform == "win32",
+        reason="https://github.com/python/cpython/issues/116764",
+    )
     @pytest.mark.parametrize(
         ["proxy_scheme", "target_scheme", "use_forwarding_for_https"],
         [
@@ -668,6 +695,7 @@ def test_proxy_https_target_tls_error(
     # stdlib http.client.HTTPConnection._tunnel() causes a ResourceWarning
     # see https://github.com/python/cpython/issues/103472
     @pytest.mark.filterwarnings("default::ResourceWarning")
+    @_broken_on_python313a5
     def test_scheme_host_case_insensitive(self) -> None:
         """Assert that upper-case schemes and hosts are normalized."""
         with proxy_from_url(self.proxy_url.upper(), ca_certs=DEFAULT_CA) as http:
@@ -716,6 +744,7 @@ def setup_class(cls) -> None:
     # stdlib http.client.HTTPConnection._tunnel() causes a ResourceWarning
     # see https://github.com/python/cpython/issues/103472
     @pytest.mark.filterwarnings("default::ResourceWarning")
+    @_broken_on_python313a5
     def test_basic_ipv6_proxy(self) -> None:
         with proxy_from_url(self.proxy_url, ca_certs=DEFAULT_CA) as http:
             r = http.request("GET", f"{self.http_url}/")
@@ -750,6 +779,7 @@ def _get_certificate_formatted_proxy_host(host: str) -> str:
     # stdlib http.client.HTTPConnection._tunnel() causes a ResourceWarning
     # see https://github.com/python/cpython/issues/103472
     @pytest.mark.filterwarnings("default::ResourceWarning")
+    @_broken_on_python313a5
     def test_https_proxy_assert_fingerprint_md5(
         self, no_san_proxy_with_server: tuple[ServerConfig, ServerConfig]
     ) -> None:
@@ -792,6 +822,7 @@ def test_https_proxy_assert_fingerprint_md5_non_matching(
     # stdlib http.client.HTTPConnection._tunnel() causes a ResourceWarning
     # see https://github.com/python/cpython/issues/103472
     @pytest.mark.filterwarnings("default::ResourceWarning")
+    @_broken_on_python313a5
     def test_https_proxy_assert_hostname(
         self, san_proxy_with_server: tuple[ServerConfig, ServerConfig]
     ) -> None:
@@ -809,6 +840,11 @@ def test_https_proxy_assert_hostname(
     def test_https_proxy_assert_hostname_non_matching(
         self, san_proxy_with_server: tuple[ServerConfig, ServerConfig]
     ) -> None:
+        if (
+            sys.version_info == (3, 13, 0, "alpha", 5)
+            and san_proxy_with_server[0].host == "::1"
+        ):
+            pytest.xfail(reason="https://github.com/python/cpython/issues/116764")
         proxy, server = san_proxy_with_server
         destination_url = f"https://{server.host}:{server.port}"
 
@@ -860,6 +896,7 @@ def test_https_proxy_hostname_verification(
     # stdlib http.client.HTTPConnection._tunnel() causes a ResourceWarning
     # see https://github.com/python/cpython/issues/103472
     @pytest.mark.filterwarnings("default::ResourceWarning")
+    @_broken_on_python313a5
     def test_https_proxy_ipv4_san(
         self, ipv4_san_proxy_with_server: tuple[ServerConfig, ServerConfig]
     ) -> None:
@@ -870,6 +907,7 @@ def test_https_proxy_ipv4_san(
             r = https.request("GET", destination_url)
             assert r.status == 200
 
+    @_broken_on_python313a5
     def test_https_proxy_ipv6_san(
         self, ipv6_san_proxy_with_server: tuple[ServerConfig, ServerConfig]
     ) -> None:
@@ -903,6 +941,7 @@ def test_https_proxy_no_san(
                 ssl_error
             )
 
+    @_broken_on_python313a5
     def test_https_proxy_no_san_hostname_checks_common_name(
         self, no_san_proxy_with_server: tuple[ServerConfig, ServerConfig]
     ) -> None: