MonetDB: default - Patch the hosts file to make test tlssecurity...

Mon, 04 May 2026 03:02:19 -0700 

Changeset: 6552ed2ea6ab for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/6552ed2ea6ab
Modified Files:
        .github/workflows/linux.yml
        clients/mapilib/Tests/tlssecurity.py
Branch: default
Log Message:

Patch the hosts file to make test tlssecurity work reliably

On the Ubuntu runners, localhost.localdomain is an alternative name for
127.0.0.1.  The test uses this to check that the hostname in the
certificate is actually being verified.

The MacOS and Windows runners don't have localhost.localdomain so now we
add '127.0.0.1 altlocalhost` to /etc/hosts or itsequivalent and use
that in the test.


diffs (43 lines):

diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -11,6 +11,9 @@ on:
   schedule:
     - cron:  '15 1 * * *'
 
+env:
+  TSTALTLOCALHOST: altlocalhost
+
 jobs:
   test:
     strategy:
@@ -55,6 +58,16 @@ jobs:
         run: pip3 install --user --break-system-packages --upgrade pymonetdb 
cryptography
         if: runner.os == 'macOS'
 
+
+      - name: Patch /etc/hosts on Unix
+        run: echo '127.0.0.1   altlocalhost' | sudo tee -a /etc/hosts
+        if: runner.os != 'Windows'
+
+      - name: Patch \etc\hosts on Windows
+        run: Add-Content "C:\Windows\System32\drivers\etc\hosts" "127.0.0.1 
altlocalhost"
+        shell: powershell
+        if: runner.os == 'Windows'
+
       - name: make MonetDB on linux
         run: |
           mkdir build
diff --git a/clients/mapilib/Tests/tlssecurity.py 
b/clients/mapilib/Tests/tlssecurity.py
--- a/clients/mapilib/Tests/tlssecurity.py
+++ b/clients/mapilib/Tests/tlssecurity.py
@@ -114,7 +114,8 @@ attempt('refuse_wrong_cert', 'server1', 
 # For example, `localhost.localdomain` instead of `localhost`.
 # The client should refuse to let the connection proceed.
 
-attempt('refuse_wrong_host', 'server1', 'verify failed', 
host='localhost.localdomain', cert=certpath('ca1.crt'))
+althost = os.environ.get('TSTALTLOCALHOST', 'localhost.localdomain')
+attempt('refuse_wrong_host', 'server1', 'verify failed', host=althost, 
cert=certpath('ca1.crt'))
 
 # refuse_tlsv12
 #
_______________________________________________
checkin-list mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to