fix(test): ssl test to work with pytest 3.12 (#6059)

ssl.wrap_socket was deprecated in python 3.7 and is removed in 3.12.
This change fixes the test by using ssl.SSLContext instead.

Signed-off-by: Roman Gershman <[email protected]>

Author: romange

tests/dragonfly/connection_test.py

@@ -1088,21 +1088,22 @@ async def test_tls_when_read_write_is_interleaved(
     server: DflyInstance = df_factory.create(
         port=1211, **with_ca_tls_server_args, proactor_threads=1
     )
-    # TODO(kostas): to fix the deadlock in the test
+
     server.start()
 
     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
     ssl_key = with_ca_tls_client_args["ssl_keyfile"]
     ssl_cert = with_ca_tls_client_args["ssl_certfile"]
     ssl_ca_cert = with_ca_tls_client_args["ssl_ca_certs"]
-    ssl_sock = ssl.wrap_socket(
-        s,
-        keyfile=ssl_key,
-        certfile=ssl_cert,
-        ca_certs=ssl_ca_cert,
-        ssl_version=ssl.PROTOCOL_TLSv1_2,
-    )
+
+    context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+    context.load_verify_locations(ssl_ca_cert)
+    context.load_cert_chain(certfile=ssl_cert, keyfile=ssl_key)
+    context.verify_mode = ssl.CERT_REQUIRED
+    context.maximum_version = ssl.TLSVersion.TLSv1_2
+
+    ssl_sock = context.wrap_socket(s, server_hostname="localhost")
     ssl_sock.connect(("127.0.0.1", server.port))
     ssl_sock.settimeout(0.1)
 

tests/dragonfly/utility.py

@@ -752,15 +752,17 @@ def gen_ca_cert(ca_key_path, ca_cert_path):
     # In production, CA should be generated by a third party authority
     # Expires in one day and is not encrtypted (-nodes)
     # X.509 format for the key
-    step = rf'openssl req -x509 -newkey rsa:4096 -days 1 -nodes -keyout {ca_key_path} -out {ca_cert_path} -subj "/C=GR/ST=SKG/L=Thessaloniki/O=KK/OU=AcmeStudios/CN=Gr/[email protected]"'
+    step = rf"openssl req -x509 -newkey rsa:4096 -days 1 -nodes -keyout {ca_key_path} -out {ca_cert_path} "
+    step += '-subj "/C=GR/ST=SKG/L=Thessaloniki/O=KK/OU=AcmeStudios/CN=localhost/[email protected]"'
     subprocess.run(step, shell=True)
 
 
 def gen_certificate(
     ca_key_path, ca_certificate_path, certificate_request_path, private_key_path, certificate_path
 ):
     # Generate Dragonfly's private key and certificate signing request (CSR)
-    step1 = rf'openssl req -newkey rsa:4096 -nodes -keyout {private_key_path} -out {certificate_request_path} -subj "/C=GR/ST=SKG/L=Thessaloniki/O=KK/OU=Comp/CN=Gr/[email protected]"'
+    step1 = rf"openssl req -newkey rsa:4096 -nodes -keyout {private_key_path} -out {certificate_request_path} "
+    step1 += '-subj "/C=GR/ST=SKG/L=Thessaloniki/O=KK/OU=Comp/CN=localhost/[email protected]"'
     subprocess.run(step1, shell=True)
 
     # Use CA's private key to sign dragonfly's CSR and get back the signed certificate