diff --git a/test/test_networking_utils.py b/test/test_networking_utils.py index ef46f79ed0..dbf656090d 100644 --- a/test/test_networking_utils.py +++ b/test/test_networking_utils.py @@ -95,17 +95,20 @@ def test_make_socks_proxy_unknown(self): @pytest.mark.skipif(not certifi, reason='certifi is not installed') def test_load_certifi(self): + context_certifi = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + context_certifi.load_verify_locations(cafile=certifi.where()) context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) - context2 = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) ssl_load_certs(context, use_certifi=True) - context2.load_verify_locations(cafile=certifi.where()) - assert context.get_ca_certs() == context2.get_ca_certs() + assert context.get_ca_certs() == context_certifi.get_ca_certs() - # Test load normal certs - # XXX: could there be a case where system certs are the same as certifi? - context3 = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) - ssl_load_certs(context3, use_certifi=False) - assert context3.get_ca_certs() != context.get_ca_certs() + context_default = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + context_default.load_default_certs() + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + ssl_load_certs(context, use_certifi=False) + assert context.get_ca_certs() == context_default.get_ca_certs() + + if context_default.get_ca_certs() == context_certifi.get_ca_certs(): + pytest.skip('System uses certifi as default. The test is not valid') @pytest.mark.parametrize('method,status,expected', [ ('GET', 303, 'GET'),