commit e0d577c780ce7591040dc6b68b270cb80bc556b8
Author: Alberto Bertogli <albertito@blitiri.com.ar>
Date:   Thu Mar 12 20:08:30 2015 +0000

    tests: Fix SSL validation in test_tricky
    
    test_tricky uses httplib to create a client, which used to not validate the
    server certificate.
    
    Python 2.7.9 changes that, and now the test fail because the client cannot
    validate the server.
    
    The problem is that to fix this, we need to use the new "context" parameter
    which is not backwards-compatible. So we have to add a little version-specific
    code to work around this.
    
    Signed-off-by: Alberto Bertogli <albertito@blitiri.com.ar>

diff --git a/tests/run_tests b/tests/run_tests
index 85531ee..81de253 100755
--- a/tests/run_tests
+++ b/tests/run_tests
@@ -24,6 +24,7 @@ import shutil
 import socket
 import ssl
 import subprocess
+import sys
 import tempfile
 import time
 import unittest
@@ -376,9 +377,23 @@ class Multiples(TestCase):
 class TrickyRequests(TestCase):
     """Tests for tricky requests."""
 
+    def HTTPSConnection(self, host, port, key_file=None, cert_file=None):
+        # httplib.HTTPSConnection() wrapper that works with versions before
+        # and after Python 2.7.9, which introduced default server validation
+        # with no backwards-compatible way of turning it off.
+        if sys.hexversion < 0x2070900:
+            return httplib.HTTPSConnection(
+                host, port, key_file=key_file, cert_file=cert_file)
+
+        # Get an SSL context that can validate our server certificate.
+        context = ssl.create_default_context(cafile=self.server.cert_path())
+        return httplib.HTTPSConnection(
+            host, port, key_file=key_file, cert_file=cert_file,
+            context=context)
+
     def test_tricky(self):
         # No local certificate.
-        conn = httplib.HTTPSConnection("localhost", 19840)
+        conn = self.HTTPSConnection("localhost", 19840)
         try:
             conn.request("GET", "/v1/")
         except ssl.SSLError as err:
@@ -387,9 +402,9 @@ class TrickyRequests(TestCase):
             self.fail("Client call did not fail as expected")
 
         # Requests with '..'.
-        conn = httplib.HTTPSConnection("localhost", 19840,
-                                       key_file=self.client.key_path(),
-                                       cert_file=self.client.cert_path())
+        conn = self.HTTPSConnection("localhost", 19840,
+                                    key_file=self.client.key_path(),
+                                    cert_file=self.client.cert_path())
         conn.request("GET", "/v1/a/../b")
         response = conn.getresponse()
 
