use pytest-httpbin also for SSL tests

miguelgrinberg · miguelgrinberg · commit 4bf82b6e94c4 · 2025-07-09T17:29:35.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -56,13 +56,6 @@ jobs:
     runs-on: ${{ matrix.os }}
     name: test-${{ matrix.python-version }} ${{ matrix.nox-session }}
     continue-on-error: ${{ matrix.experimental }}
-    services:
-      elasticsearch:
-        image: docker.elastic.co/elasticsearch/elasticsearch:9.0.2
-        env:
-          discovery.type: single-node
-        ports:
-          - 9200:9200
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -66,18 +66,24 @@ async def perform_request(self, *args, **kwargs):
         return NodeApiResponse(meta, self.body)
 
 
-@pytest.fixture(scope="session", params=[True, False])
-def cert_fingerprint(request) -> str:
-    """Gets the SHA256 fingerprint of the certificate for localhost:9200"""
-    sock = socket.create_connection(("localhost", 9200))
+@pytest.fixture(
+    scope="session", params=["short-lower", "short-upper", "long-lower", "long-upper"]
+)
+def cert_fingerprint(request, httpbin_secure) -> str:
+    """Gets the SHA256 fingerprint of the certificate for the secure httpbin"""
+    sock = socket.create_connection((httpbin_secure.host, httpbin_secure.port))
     ctx = ssl.create_default_context()
     ctx.check_hostname = False
     ctx.verify_mode = ssl.CERT_NONE
     sock = ctx.wrap_socket(sock)
     digest = hashlib.sha256(sock.getpeercert(binary_form=True)).hexdigest()
     assert len(digest) == 64
     sock.close()
-    if request.param:
+    if "upper" in request.param:
+        digest = digest.upper()
+    else:
+        digest = digest.lower()
+    if "short" in request.param:
         return digest
     else:
         return ":".join([digest[i : i + 2] for i in range(0, len(digest), 2)])
diff --git a/tests/node/test_http_aiohttp.py b/tests/node/test_http_aiohttp.py
@@ -290,19 +290,19 @@ async def test_head_workaround(self, aiohttp_fixed_head_bug):
 
 
 @pytest.mark.asyncio
-async def test_ssl_assert_fingerprint(cert_fingerprint):
+async def test_ssl_assert_fingerprint(cert_fingerprint, httpbin_secure):
     with warnings.catch_warnings(record=True) as w:
         node = AiohttpHttpNode(
             NodeConfig(
                 scheme="https",
-                host="localhost",
-                port=9200,
+                host=httpbin_secure.host,
+                port=httpbin_secure.port,
                 ssl_assert_fingerprint=cert_fingerprint,
             )
         )
         resp, _ = await node.perform_request("GET", "/")
 
-    assert resp.status == 401
+    assert resp.status == 200
     assert [str(x.message) for x in w if x.category != DeprecationWarning] == []
 
 
diff --git a/tests/node/test_http_httpx.py b/tests/node/test_http_httpx.py
@@ -145,13 +145,13 @@ async def test_merge_headers(self):
         assert request.headers["h3"] == "v3"
 
 
-def test_ssl_assert_fingerprint(cert_fingerprint):
+def test_ssl_assert_fingerprint(cert_fingerprint, httpbin_secure):
     with pytest.raises(ValueError, match="httpx does not support certificate pinning"):
         HttpxAsyncHttpNode(
             NodeConfig(
                 scheme="https",
-                host="localhost",
-                port=9200,
+                host=httpbin_secure.host,
+                port=httpbin_secure.port,
                 ssl_assert_fingerprint=cert_fingerprint,
             )
         )
diff --git a/tests/node/test_urllib3_chain_certs.py b/tests/node/test_urllib3_chain_certs.py
@@ -30,13 +30,13 @@
 
 @requires_ssl_assert_fingerprint_in_chain
 @pytest.mark.parametrize("node_cls", [Urllib3HttpNode, RequestsHttpNode])
-def test_ssl_assert_fingerprint_invalid_length(node_cls):
+def test_ssl_assert_fingerprint_invalid_length(node_cls, httpbin_secure):
     with pytest.raises(ValueError) as e:
         node_cls(
             NodeConfig(
                 "https",
-                "localhost",
-                9200,
+                httpbin_secure.host,
+                httpbin_secure.port,
                 ssl_assert_fingerprint="0000",
             )
         )
@@ -49,22 +49,14 @@ def test_ssl_assert_fingerprint_invalid_length(node_cls):
 
 @requires_ssl_assert_fingerprint_in_chain
 @pytest.mark.parametrize("node_cls", [Urllib3HttpNode, RequestsHttpNode])
-@pytest.mark.parametrize(
-    "ssl_assert_fingerprint",
-    [
-        "18efbd94dda87e3598a1251f9440cd2f4fd1dbf08be007c1012e992e830ca262",
-        "18:EF:BD:94:DD:A8:7E:35:98:A1:25:1F:94:40:CD:2F:4F:D1:DB:F0:8B:E0:07:C1:01:2E:99:2E:83:0C:A2:62",
-        "18EFBD94DDA87E3598A1251F9440CD2F4FD1DBF08BE007C1012E992E830CA262",
-    ],
-)
-def test_assert_fingerprint_in_cert_chain(node_cls, ssl_assert_fingerprint):
+def test_assert_fingerprint_in_cert_chain(node_cls, cert_fingerprint, httpbin_secure):
     with warnings.catch_warnings(record=True) as w:
         node = node_cls(
             NodeConfig(
                 "https",
-                "www.elastic.co",
-                443,
-                ssl_assert_fingerprint=ssl_assert_fingerprint,
+                httpbin_secure.host,
+                httpbin_secure.port,
+                ssl_assert_fingerprint=cert_fingerprint,
             )
         )
         meta, _ = node.perform_request("GET", "/")
@@ -75,7 +67,9 @@ def test_assert_fingerprint_in_cert_chain(node_cls, ssl_assert_fingerprint):
 
 @requires_ssl_assert_fingerprint_in_chain
 @pytest.mark.parametrize("node_cls", [Urllib3HttpNode, RequestsHttpNode])
-def test_assert_fingerprint_in_cert_chain_failure(node_cls):
+def test_assert_fingerprint_in_cert_chain_failure(
+    node_cls, httpbin_secure, cert_fingerprint
+):
     node = node_cls(
         NodeConfig(
             "https",
@@ -89,12 +83,11 @@ def test_assert_fingerprint_in_cert_chain_failure(node_cls):
         node.perform_request("GET", "/")
 
     err = str(e.value)
-    print(err)
     assert "Fingerprints did not match." in err
     # This is the bad value we "expected"
     assert (
         'Expected "0000000000000000000000000000000000000000000000000000000000000000",'
         in err
     )
     # This is the root CA for httpbin.org with a leading comma to denote more than one cert was listed.
-    assert '"18efbd94dda87e3598a1251f9440cd2f4fd1dbf08be007c1012e992e830ca262"' in err
+    assert ', "cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b"' in err
