Regardless, building a fixed test certificate and checking it in sounds like the better option. Then the openssl command in the test code can be turned into a comment describing how the test data was pregenerated.
Here's a patch that does that. Bill Index: Lib/test/keycert.pem =================================================================== --- Lib/test/keycert.pem (revision 0) +++ Lib/test/keycert.pem (revision 0) @@ -0,0 +1,32 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXwIBAAKBgQC8ddrhm+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9L +opdJhTvbGfEj0DQs1IE8M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVH +fhi/VwovESJlaBOp+WMnfhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQAB +AoGBAK0FZpaKj6WnJZN0RqhhK+ggtBWwBnc0U/ozgKz2j1s3fsShYeiGtW6CK5nU +D1dZ5wzhbGThI7LiOXDvRucc9n7vUgi0alqPQ/PFodPxAN/eEYkmXQ7W2k7zwsDA +IUK0KUhktQbLu8qF/m8qM86ba9y9/9YkXuQbZ3COl5ahTZrhAkEA301P08RKv3KM +oXnGU2UHTuJ1MAD2hOrPxjD4/wxA/39EWG9bZczbJyggB4RHu0I3NOSFjAm3HQm0 +ANOu5QK9owJBANgOeLfNNcF4pp+UikRFqxk5hULqRAWzVxVrWe85FlPm0VVmHbb/ +loif7mqjU8o1jTd/LM7RD9f2usZyE2psaw8CQQCNLhkpX3KO5kKJmS9N7JMZSc4j +oog58yeYO8BBqKKzpug0LXuQultYv2K4veaIO04iL9VLe5z9S/Q1jaCHBBuXAkEA +z8gjGoi1AOp6PBBLZNsncCvcV/0aC+1se4HxTNo2+duKSDnbq+ljqOM+E7odU+Nq +ewvIWOG//e8fssd0mq3HywJBAJ8l/c8GVmrpFTx8r/nZ2Pyyjt3dH1widooDXYSV +q6Gbf41Llo5sYAtmxdndTLASuHKecacTgZVhy0FryZpLKrU= +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIJAP+qStv1cIGNMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD +VQQGEwJVUzERMA8GA1UECBMIRGVsYXdhcmUxEzARBgNVBAcTCldpbG1pbmd0b24x +IzAhBgNVBAoTGlB5dGhvbiBTb2Z0d2FyZSBGb3VuZGF0aW9uMQwwCgYDVQQLEwNT +U0wxHzAdBgNVBAMTFnNvbWVtYWNoaW5lLnB5dGhvbi5vcmcwHhcNMDcwODI3MTY1 +NDUwWhcNMTMwMjE2MTY1NDUwWjCBiTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCERl +bGF3YXJlMRMwEQYDVQQHEwpXaWxtaW5ndG9uMSMwIQYDVQQKExpQeXRob24gU29m +dHdhcmUgRm91bmRhdGlvbjEMMAoGA1UECxMDU1NMMR8wHQYDVQQDExZzb21lbWFj +aGluZS5weXRob24ub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ddrh +m+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9LopdJhTvbGfEj0DQs1IE8 +M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVHfhi/VwovESJlaBOp+WMn +fhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQABoxUwEzARBglghkgBhvhC +AQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAF4Q5BVqmCOLv1n8je/Jw9K669VXb +08hyGzQhkemEBYQd6fzQ9A/1ZzHkJKb1P6yreOLSEh4KcxYPyrLRC1ll8nr5OlCx +CMhKkTnR6qBsdNV0XtdU2+N25hqW+Ma4ZeqsN/iiJVCGNOZGnvQuvCAGWF8+J/f/ +iHkC6gGdBJhogs4= +-----END CERTIFICATE----- Index: Lib/test/test_ssl.py =================================================================== --- Lib/test/test_ssl.py (revision 57559) +++ Lib/test/test_ssl.py (working copy) @@ -22,7 +22,6 @@ skip_expected = True CERTFILE = None -GMAIL_POP_CERTFILE = None def handle_error(prefix): @@ -298,12 +297,15 @@ nsCertType = server """ -def create_cert_files(): +def create_cert_files(hostname=None): + """This is the routine that was run to create the certificate + and private key contained in keycert.pem.""" + import tempfile, socket, os d = tempfile.mkdtemp() # now create a configuration file for the CA signing cert - fqdn = socket.getfqdn() + fqdn = hostname or socket.getfqdn() crtfile = os.path.join(d, "cert.pem") conffile = os.path.join(d, "ca.conf") fp = open(conffile, "w") @@ -316,7 +318,7 @@ }) fp.close() error = os.system( - "openssl req -batch -new -x509 -days 10 -nodes -config %s " + "openssl req -batch -new -x509 -days 2000 -nodes -config %s " "-keyout \"%s\" -out \"%s\" > /dev/null < /dev/null 2>&1" % (conffile, crtfile, crtfile)) # now we have a self-signed server cert in crtfile @@ -324,7 +326,8 @@ if (os.WEXITSTATUS(error) or not os.path.exists(crtfile) or os.path.getsize(crtfile) == 0): if test_support.verbose: - sys.stdout.write("Unable to create certificate for test %d\n" % error) + sys.stdout.write("Unable to create certificate for test, " + + "error status %d\n" % (error >> 8)) crtfile = None elif test_support.verbose: sys.stdout.write(open(crtfile, 'r').read() + '\n') @@ -336,7 +339,8 @@ raise test_support.TestSkipped("socket module has no ssl support") global CERTFILE - tdir, CERTFILE = create_cert_files() + CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, + "keycert.pem") if not CERTFILE: sys.__stdout__.write("Skipping test_ssl ConnectedTests; " "couldn't create a certificate.\n") @@ -362,8 +366,6 @@ # wait for it to stop server.join() - if tdir and os.path.isdir(tdir): - shutil.rmtree(tdir) test_support.threading_cleanup(*thread_info) if __name__ == "__main__":