From 0e249812992390b5453fdbc09d35352c92afbf5d Mon Sep 17 00:00:00 2001
From: William Douglas <william.douglas@intel.com>
Date: Wed, 28 Aug 2024 12:17:57 -0700
Subject: [PATCH 1/2] Add missing test teardown skips as needed

---
 .../only_in_ci_system/add-client-certificate.bats          | 7 +++++++
 .../only_in_ci_system/chk-update-client-certificate.bats   | 7 +++++++
 .../only_in_ci_system/diagnose-client-certificate.bats     | 7 +++++++
 .../only_in_ci_system/list-client-certificate.bats         | 7 +++++++
 .../only_in_ci_system/remove-client-certificate.bats       | 7 +++++++
 .../only_in_ci_system/search-client-certificate.bats       | 7 +++++++
 .../only_in_ci_system/update-client-certificate.bats       | 7 +++++++
 7 files changed, 49 insertions(+)

diff --git a/test/functional/only_in_ci_system/add-client-certificate.bats b/test/functional/only_in_ci_system/add-client-certificate.bats
index 86043a4ca..ac8682791 100755
--- a/test/functional/only_in_ci_system/add-client-certificate.bats
+++ b/test/functional/only_in_ci_system/add-client-certificate.bats
@@ -38,6 +38,13 @@ setup_file() {
 
 teardown_file() {
 
+	# Skip this test for local development because it takes a long time. To run this test locally,
+	# configure swupd with --with-fallback-capaths=<path to top level of repo>/swupd_test_certificates
+	# and run: RUNNING_IN_CI=true make check
+	if [ -z "${RUNNING_IN_CI}" ]; then
+		return
+	fi
+
 	destroy_test_environment --force "$TEST_NAME"
 
 }
diff --git a/test/functional/only_in_ci_system/chk-update-client-certificate.bats b/test/functional/only_in_ci_system/chk-update-client-certificate.bats
index b2122270f..a6f876680 100755
--- a/test/functional/only_in_ci_system/chk-update-client-certificate.bats
+++ b/test/functional/only_in_ci_system/chk-update-client-certificate.bats
@@ -40,6 +40,13 @@ setup_file() {
 
 teardown_file() {
 
+	# Skip this test for local development because it takes a long time. To run this test locally,
+	# configure swupd with --with-fallback-capaths=<path to top level of repo>/swupd_test_certificates
+	# and run: RUNNING_IN_CI=true make check
+	if [ -z "${RUNNING_IN_CI}" ]; then
+		return
+	fi
+
 	destroy_test_environment --force "$TEST_NAME"
 
 }
diff --git a/test/functional/only_in_ci_system/diagnose-client-certificate.bats b/test/functional/only_in_ci_system/diagnose-client-certificate.bats
index efa93af52..07104c39d 100755
--- a/test/functional/only_in_ci_system/diagnose-client-certificate.bats
+++ b/test/functional/only_in_ci_system/diagnose-client-certificate.bats
@@ -37,6 +37,13 @@ setup_file() {
 
 teardown_file() {
 
+	# Skip this test for local development because it takes a long time. To run this test locally,
+	# configure swupd with --with-fallback-capaths=<path to top level of repo>/swupd_test_certificates
+	# and run: RUNNING_IN_CI=true make check
+	if [ -z "${RUNNING_IN_CI}" ]; then
+		return
+	fi
+
 	destroy_test_environment --force "$TEST_NAME"
 
 }
diff --git a/test/functional/only_in_ci_system/list-client-certificate.bats b/test/functional/only_in_ci_system/list-client-certificate.bats
index 9eac09e44..972c256c8 100755
--- a/test/functional/only_in_ci_system/list-client-certificate.bats
+++ b/test/functional/only_in_ci_system/list-client-certificate.bats
@@ -37,6 +37,13 @@ setup_file() {
 
 teardown_file() {
 
+	# Skip this test for local development because it takes a long time. To run this test locally,
+	# configure swupd with --with-fallback-capaths=<path to top level of repo>/swupd_test_certificates
+	# and run: RUNNING_IN_CI=true make check
+	if [ -z "${RUNNING_IN_CI}" ]; then
+		return
+	fi
+
 	destroy_test_environment --force "$TEST_NAME"
 
 }
diff --git a/test/functional/only_in_ci_system/remove-client-certificate.bats b/test/functional/only_in_ci_system/remove-client-certificate.bats
index d20f175cb..2433df994 100755
--- a/test/functional/only_in_ci_system/remove-client-certificate.bats
+++ b/test/functional/only_in_ci_system/remove-client-certificate.bats
@@ -38,6 +38,13 @@ setup_file() {
 
 teardown_file() {
 
+	# Skip this test for local development because it takes a long time. To run this test locally,
+	# configure swupd with --with-fallback-capaths=<path to top level of repo>/swupd_test_certificates
+	# and run: RUNNING_IN_CI=true make check
+	if [ -z "${RUNNING_IN_CI}" ]; then
+		return
+	fi
+
 	destroy_test_environment --force "$TEST_NAME"
 
 }
diff --git a/test/functional/only_in_ci_system/search-client-certificate.bats b/test/functional/only_in_ci_system/search-client-certificate.bats
index eafa8249c..d889acc4a 100755
--- a/test/functional/only_in_ci_system/search-client-certificate.bats
+++ b/test/functional/only_in_ci_system/search-client-certificate.bats
@@ -38,6 +38,13 @@ setup_file() {
 
 teardown_file() {
 
+	# Skip this test for local development because it takes a long time. To run this test locally,
+	# configure swupd with --with-fallback-capaths=<path to top level of repo>/swupd_test_certificates
+	# and run: RUNNING_IN_CI=true make check
+	if [ -z "${RUNNING_IN_CI}" ]; then
+		return
+	fi
+
 	destroy_test_environment --force "$TEST_NAME"
 
 }
diff --git a/test/functional/only_in_ci_system/update-client-certificate.bats b/test/functional/only_in_ci_system/update-client-certificate.bats
index 0a843468f..45b98ace3 100755
--- a/test/functional/only_in_ci_system/update-client-certificate.bats
+++ b/test/functional/only_in_ci_system/update-client-certificate.bats
@@ -40,6 +40,13 @@ setup_file() {
 
 teardown_file() {
 
+	# Skip this test for local development because it takes a long time. To run this test locally,
+	# configure swupd with --with-fallback-capaths=<path to top level of repo>/swupd_test_certificates
+	# and run: RUNNING_IN_CI=true make check
+	if [ -z "${RUNNING_IN_CI}" ]; then
+		return
+	fi
+
 	destroy_test_environment --force "$TEST_NAME"
 
 }

From 02a42b89f455ce95b05225363ebd83734dac75e6 Mon Sep 17 00:00:00 2001
From: William Douglas <william.douglas@intel.com>
Date: Wed, 28 Aug 2024 09:22:31 -0700
Subject: [PATCH 2/2] Update server.py ssl wrapping

The previous method for wrapping ssl was removed so update to the
replacement version.

Signed-off-by: William Douglas <william.douglas@intel.com>
---
 test/functional/server.py | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/test/functional/server.py b/test/functional/server.py
index 053ca599a..e7c17efa3 100755
--- a/test/functional/server.py
+++ b/test/functional/server.py
@@ -266,16 +266,13 @@ def parse_arguments():
 
     # configure ssl certificates
     if args.server_cert and args.server_key:
-        wrap_socket_args = {"certfile": args.server_cert,
-                            "keyfile": args.server_key,
-                            "server_side": True}
-
-        # add client certificate
+        wrap_socket_args = {"server_side": True}
+        context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+        context.load_cert_chain(args.server_cert, args.server_key)
         if args.client_cert:
-            wrap_socket_args.update({"ca_certs": args.client_cert,
-                                     "cert_reqs": ssl.CERT_REQUIRED})
-
-        httpd.socket = ssl.wrap_socket(httpd.socket, **wrap_socket_args)
+            context.load_verify_locations(cafile=args.client_cert)
+            context.verify_mode = ssl.CERT_REQUIRED
+        httpd.socket = context.wrap_socket(httpd.socket, **wrap_socket_args)
 
     # invalid certificate combination
     elif args.server_cert or args.server_key or args.client_cert: