From 4900550e9ccc430ec8ccf2a24636916489e00fa3 Mon Sep 17 00:00:00 2001 From: metagn Date: Sun, 3 Nov 2024 16:56:20 +0300 Subject: [PATCH] disable all badssl tests indefinitely (#24403) Flaky not just due to recent ubuntu 24/GCC 14 upgrades, windows fails as well, assuming the issue is with badssl or it's just not worth testing here. (cherry picked from commit 5f056f87b265f3062588d14792d0f0ff80d8db9a) --- tests/untestable/thttpclient_ssl_disabled.nim | 3 ++- tests/untestable/thttpclient_ssl_env_var.nim | 14 +++++++------- tests/untestable/thttpclient_ssl_remotenetwork.nim | 5 +++-- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/tests/untestable/thttpclient_ssl_disabled.nim b/tests/untestable/thttpclient_ssl_disabled.nim index b95dad2c64..e3d214763e 100644 --- a/tests/untestable/thttpclient_ssl_disabled.nim +++ b/tests/untestable/thttpclient_ssl_disabled.nim @@ -9,7 +9,8 @@ ## nim r --putenv:NIM_TESTAMENT_REMOTE_NETWORKING:1 -d:nimDisableCertificateValidation -d:ssl -p:. tests/untestable/thttpclient_ssl_disabled.nim from stdtest/testutils import enableRemoteNetworking -when enableRemoteNetworking and (defined(nimTestsEnableFlaky) or not defined(openbsd)): +# badssl tests disabled indefinitely +when false and enableRemoteNetworking and (defined(nimTestsEnableFlaky) or not defined(openbsd)): import httpclient, net, unittest const expired = "https://expired.badssl.com/" diff --git a/tests/untestable/thttpclient_ssl_env_var.nim b/tests/untestable/thttpclient_ssl_env_var.nim index 3f25a6ff4c..5c99dc74e6 100644 --- a/tests/untestable/thttpclient_ssl_env_var.nim +++ b/tests/untestable/thttpclient_ssl_env_var.nim @@ -19,7 +19,6 @@ from net import newSocket, newContext, wrapSocket, connect, close, Port, from strutils import contains const - expired = "https://expired.badssl.com/" good = "https://google.com/" @@ -56,12 +55,13 @@ suite "SSL certificate check": var ctx = newContext(verifyMode=CVerifyPeerUseEnvVars) ctx.wrapSocket(sock) checkpoint("Socket created") - try: - sock.connect("expired.badssl.com", 443.Port) - fail() - except: - sock.close - check getCurrentExceptionMsg().contains("certificate verify failed") + when false: # badssl tests disabled indefinitely + try: + sock.connect("expired.badssl.com", 443.Port) + fail() + except: + sock.close + check getCurrentExceptionMsg().contains("certificate verify failed") elif existsEnv("SSL_CERT_DIR"): var sock = newSocket() diff --git a/tests/untestable/thttpclient_ssl_remotenetwork.nim b/tests/untestable/thttpclient_ssl_remotenetwork.nim index 3cb7595162..5603154897 100644 --- a/tests/untestable/thttpclient_ssl_remotenetwork.nim +++ b/tests/untestable/thttpclient_ssl_remotenetwork.nim @@ -33,7 +33,8 @@ when enableRemoteNetworking and (defined(nimTestsEnableFlaky) or not defined(win CertTest = tuple[url:string, category:Category, desc: string] # badssl certs sometimes expire, set to false when that happens - when true: + # badssl now disabled indefinitely + when false: const certificate_tests: array[0..54, CertTest] = [ ("https://wrong.host.badssl.com/", bad, "wrong.host"), ("https://captive-portal.badssl.com/", bad, "captive-portal"), @@ -197,7 +198,7 @@ when enableRemoteNetworking and (defined(nimTestsEnableFlaky) or not defined(win type NetSocketTest = tuple[hostname: string, port: Port, category:Category, desc: string] # badssl certs sometimes expire, set to false when that happens - when true: + when false: const net_tests:array[0..3, NetSocketTest] = [ ("imap.gmail.com", 993.Port, good, "IMAP"), ("wrong.host.badssl.com", 443.Port, bad, "wrong.host"),