yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: Add tests for SSL context configuration

Browse Source 
Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-02-22 05:29:32 +00:00
parent 520e128777
commit 42a6a42902
1 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
backend/tests/test_gateway_ssl_context.py Normal file
View File

@@ -0,0 +1,54 @@
"""Tests for SSL/TLS configuration in gateway RPC connections."""
from __future__ import annotations
import ssl
from app.services.openclaw.gateway_rpc import GatewayConfig, _create_ssl_context
def test_create_ssl_context_returns_none_for_ws_protocol() -> None:
"""SSL context should be None for non-secure websocket connections."""
config = GatewayConfig(url="ws://gateway.example:18789/ws")
ssl_context = _create_ssl_context(config)
assert ssl_context is None
def test_create_ssl_context_returns_none_for_wss_with_secure_mode() -> None:
"""SSL context should be None for wss:// with default verification (secure mode)."""
config = GatewayConfig(url="wss://gateway.example:18789/ws", allow_insecure_tls=False)
ssl_context = _create_ssl_context(config)
assert ssl_context is None
def test_create_ssl_context_disables_verification_when_allow_insecure_tls_true() -> None:
"""SSL context should disable certificate verification when allow_insecure_tls is True."""
config = GatewayConfig(url="wss://gateway.example:18789/ws", allow_insecure_tls=True)
ssl_context = _create_ssl_context(config)
assert ssl_context is not None
assert isinstance(ssl_context, ssl.SSLContext)
assert ssl_context.check_hostname is False
assert ssl_context.verify_mode == ssl.CERT_NONE
def test_create_ssl_context_respects_localhost_with_insecure_flag() -> None:
"""SSL context for localhost should respect allow_insecure_tls flag."""
config = GatewayConfig(url="wss://localhost:18789/ws", allow_insecure_tls=True)
ssl_context = _create_ssl_context(config)
assert ssl_context is not None
assert ssl_context.check_hostname is False
assert ssl_context.verify_mode == ssl.CERT_NONE
def test_create_ssl_context_respects_ip_address_with_insecure_flag() -> None:
"""SSL context for IP addresses should respect allow_insecure_tls flag."""
config = GatewayConfig(url="wss://192.168.1.100:18789/ws", allow_insecure_tls=True)
ssl_context = _create_ssl_context(config)
assert ssl_context is not None
assert ssl_context.check_hostname is False
assert ssl_context.verify_mode == ssl.CERT_NONE