yeah, it's me :( was: Re: it looks like someone broke http:// in dev)

Vincent Ladeuil v.ladeuil+lp at free.fr
Mon Feb 9 09:36:15 GMT 2009


>>>>> "jam" == John Arbash Meinel <john at arbash-meinel.com> writes:

    jam> ...

    >> 
    >> Are you planning to submit something?
    >> 
    >> I'm quite surprised that we don't have tests for this.

Oh, we have.

    >> 
    >> Maybe we should add a http blackbox test (extending
    >> http_utils.TestCaseWithWebserver or something else?)
    >> testing some basic workflow actions like info, init, co,
    >> up, ci, push, pull, log to make sure that it doesn't break
    >> all of a sunday when nobody is looking.

You got the idea.

In fact, everything is in place to do so, it's called
test_transport_implementations.

All you need to do is add a test permutation for the http
transports.

Something like:

        permutations.append((HttpTransport_urllib,
                             https_server.HTTPSServer_urllib))

in _urllib.py and

        permutations.append((HTTPS_pycurl_transport,
                             https_server.HTTPSServer_PyCurl))


in _pycurl.py.

Both should be activated if tests.HTTPSServerFeature.available()
...

Oh wait, that's already the case !

The problem is that we have an https test server for python 2.6
only.

I ran the tests for python 2.6 before submitting the offending
patch...

But as John pointed out the bug is in httplib.py for python 2.4
and 2.5 where the SSLFile class provides a bogus readline method
:-(

And I didn't check *that*... I'm very sorry about it.

    >> 
    >> regards
    >> marius

    jam> We have HTTP tests. In fact, we have lots of them. What
    jam> we don't have is propert HTTPS testing, because of the
    jam> need for certificates, etc. I'm pretty sure that Vincent
    jam> has gotten 80% of the way to getting a proper HTTPS
    jam> server implementation for testing, he just hasn't had
    jam> time to finish it.

Oh, the server is there and fully functional. What we miss are
the tests around the certificates themselves, the test server
already has a self-signed certificate and when we use it for
pycurl we provide a special pycurl transport with the appropriate
CA bundle.

What we also miss is the certificate *verification* implemented
in the urllib client (that will come...)

    jam> We'll certainly get something submitted, though probably
    jam> not until Monday when someone else is around to discuss
    jam> it.

I'm working on it right now, for those that get bitten, John's
patch should be correct as an interim solution.

    Vincent



More information about the bazaar mailing list