PYTHON-1331 Recreate expired SSL certificates for integration tests

cassandra/connection.py

@@ -779,15 +779,13 @@ def __init__(self, host='127.0.0.1', port=9042, authenticator=None,
             self.ssl_options.update(self.endpoint.ssl_options or {})
         elif self.endpoint.ssl_options:
             self.ssl_options = self.endpoint.ssl_options
+        self._check_hostname = self.ssl_options.get('check_hostname', False)
 
         # PYTHON-1331
         #
         # We always use SSLContext.wrap_socket() now but legacy configs may have other params that were passed to ssl.wrap_socket()...
         # and either could have 'check_hostname'.  Remove these params into a separate map and use them to build an SSLContext if
         # we need to do so.
-        #
-        # Note the use of pop() here; we are very deliberately removing these params from ssl_options if they're present.  After this
-        # operation ssl_options should contain only args needed for the ssl_context.wrap_socket() call.
         if not self.ssl_context and self.ssl_options:
             self.ssl_context = self._build_ssl_context_from_options()
 

tests/integration/long/ssl/ca-cert

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgIUNaZrKLGgSDvEMiIZE401OeWIYXQwDQYJKoZIhvcNAQEL
+BQAwPzEQMA4GA1UEAwwHcm9vdC1jYTEQMA4GA1UECwwHZHJpdmVyczEMMAoGA1UE
+CgwDb3NzMQswCQYDVQQGEwJVUzAeFw0yNDA5MjQwODUwMThaFw0zNDA5MjIwODUw
+MThaMD8xEDAOBgNVBAMMB3Jvb3QtY2ExEDAOBgNVBAsMB2RyaXZlcnMxDDAKBgNV
+BAoMA29zczELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCK9qGc3CboY44t8K28q3GEVGsJieT5b3qNpsI1HBmJ7L6u0z2+qNCq6YS8
+zT4Dyf/E0lIluh1hfnHF0ZuPOc9tODZPuqGJrdSHDCgoh0pGgSG5Nne4YT/RLwtG
+/F1DXVFBZRMvxqo+A5Td7R2jk/iAy0pIQNghxYOYyaq8bGV/CbkEgS3OUto3yA0F
+UPyJLuBKlvw5/1gNOyWy2HRUHIrwMBSuFZ5cgjewWH8Q9WoFcaHvT5gh0+Rzffn9
+TEfuwsFDS8e9QMc6MmicCZ5y7xk3/J1ZRbk9ovh/AA7dhS9Q4LFmFr9e5MH7Yafu
+LWk+12gRItC/W/r95PQF03dSPaQdAgMBAAGjUzBRMB0GA1UdDgQWBBRnQujD5pLP
+J5ZalKZ0Ij3Zi0uJTjAfBgNVHSMEGDAWgBRnQujD5pLPJ5ZalKZ0Ij3Zi0uJTjAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQByyImDmYFnn/D3gLCy
+F6ZrOV2xywDk36rfSfrpRK29E++3PBMvl/e5UrDQaI5dsoNjYiAO4J3xZqA0DQan
+/6Pf1x/SL04nZnMuY73UFBovtk2RzkFJFPv11+m8muWiS2aiL1IEd83tpGXGaVXY
+cmj+iqCupQGdZf9Qz3RhXi1Ye7m7joszYWazFCyAg2FtkwXeWBZcmRQFv3V3R6lt
+cyZKLFjKCa8hyeEjYoTC53Fd9ibTdIEWtSWSvgGTDuKD1AjFvr92iYHaw3xsv1WF
+8QXU6SjDaJfs7Crzm0B+5eQTjIp7Dwt5FfB5RSnnewiMqaMpI9HKvgA/Ru0iEb/8
+ANcF
+-----END CERTIFICATE-----

tests/integration/long/ssl/ca-key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCK9qGc3CboY44t
+8K28q3GEVGsJieT5b3qNpsI1HBmJ7L6u0z2+qNCq6YS8zT4Dyf/E0lIluh1hfnHF
+0ZuPOc9tODZPuqGJrdSHDCgoh0pGgSG5Nne4YT/RLwtG/F1DXVFBZRMvxqo+A5Td
+7R2jk/iAy0pIQNghxYOYyaq8bGV/CbkEgS3OUto3yA0FUPyJLuBKlvw5/1gNOyWy
+2HRUHIrwMBSuFZ5cgjewWH8Q9WoFcaHvT5gh0+Rzffn9TEfuwsFDS8e9QMc6Mmic
+CZ5y7xk3/J1ZRbk9ovh/AA7dhS9Q4LFmFr9e5MH7YafuLWk+12gRItC/W/r95PQF
+03dSPaQdAgMBAAECggEAAbNuG/o9Ma1SRrFXobkO0nn+thGthKNpgnAEQtvSsN5T
+ISxYaPaDrgEzYjo4OZn7MEtgvQck/UCryio8IgnTm6Mgqw4o6a3/2B1SeoMuv2PX
+kqmeLTASNLsY2L1rCNGMwTpS/KE3tpBFqLJny/eaMZK2GIyj+JnZzVYelGAr8oea
+fA6v7O7DKgZ4ozMe8UNzBdmCUCcCPVJK42XvcwS2c+/bIJi86Wj/1I/r3LGONFJ5
+8iaiC4GTMqyLNIEFoo+bFeLfV3SDgXX5/J2uvyJziKDrx8N+1qnn5bEfVL8ViE8W
+65Fa4Ht1A2IPSqkbw/fTzlfAAYCRfgdRGz/UYyRysQKBgQDAYkT3cQlkqxZ2DS14
+laK36EOu8moB2qwzN2kepZim1C/IXQKp5jwotNDIwrJsWorfEXyA22m9BBVnk2J+
+OIKPH3BH1RzPV7YFSHVXSrq7yA157OO7+CaB8dXGrvdu8fkIFyJNxFreSXjSn01S
+RWjjrstJLKmWD44HmCT12/Z/yQKBgQC46jLbRB8kjpC4UU7RwEEfZ/QKh1xnzdxg
+heqR2oEUyHLY6T0GZIltAGV7frCzIqBAxzGm8rWrvmx+Sv2whuN+T0X3DXjskELM
+++wjJy8ZRroVpD/4AhIQqasZXSyyydRjDGFkn83d5Ski8oR33FxYZT/a/+yIKiHM
+LLRrWB5ztQKBgQCZMqfw01bDj2pHf57iE2aMRK0BN5ErANN3xXw0J3I0B2w1hbuF
+SA5H7BUGieRDXKaRk/8tLYw6NHJHFJquIJn3FvX2fcJ/aj1MX7LxXFTvDBOPMBD5
+slYXzFiL6vCmrJG+2405mE80DBXmw2xzQ0qPZLYFA0fYc3KKoaFtF0hn4QKBgQCn
+wRf4IbnbEVcrT+Agm7i4xDb6Ykirh2/ZRURDo6Yc86h1LkuFhCnEcGqgeZPWP6CA
+g/WAjonP0AZfIKs7vXOfAE3pzhgZDNr9WcKlNYQd+zMQNR0vYrl+0l39ubC2VjHO
+1cl5XxyFpMMICFmy34ALVXdzt1+fPBHDR/85rwyZTQKBgFC9VXukiHiF0JVRHJwh
+WFi16M4wAh7juPQjskAXK6USkuUZMSkONpQqFwVVKbxp4f+F3VKtDRWUYtiuZDgW
+AosCimrs16KxTV1pjgJCE/C2b4ANAApStxZxzdN3qnwS5myNYEgU9cSNwfmKSoes
+XOMwluTpn+FdmDye+Lw7nmoM
+-----END PRIVATE KEY-----

tests/integration/long/ssl/client.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYTCCAkmgAwIBAgIUGtLp1v/4I4YFhA1t7Y4kb2LPkXYwDQYJKoZIhvcNAQEL
+BQAwPzEQMA4GA1UEAwwHcm9vdC1jYTEQMA4GA1UECwwHZHJpdmVyczEMMAoGA1UE
+CgwDb3NzMQswCQYDVQQGEwJVUzAeFw0yNDA5MjQwODUwMzlaFw0zNDA5MjIwODUw
+MzlaMEExCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNvc3MxEDAOBgNVBAsTB2RyaXZl
+cnMxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALj5zQWQP+Q1Zsrvnf0lFOmIMUwG3CnkKYIH+3w6UCBTimnqYUdWmDxX
+rx2EMgOCkpWAQ+IdnPNygJdSdBiiv4Io6mCCtHYXQOLdvofQF+O7e7FTlWLAzaJF
+3Sk7wHJGk2Xwm5uKr/EXtr7vT1a0WzNmPmdDMR5CBx/urnSob4v4wgWaXeJEQVGR
+Q2Oe2cps2dl0kieq0iFdaaHxlaHFbODhBm7EmRPHmjPbEmTBkVlAXwvP9TWzf0K+
+XvguJ0ePadsG84PslheY7Vw0Ul6j2neshZR0aO/pjVDNRzTCtG2fwhJG+D7zwgcU
+kxbDgmeVWJIgo4Z3C+jxfn2yKkO/i2UCAwEAAaNTMFEwDwYDVR0RBAgwBocEfwAA
+ATAdBgNVHQ4EFgQU+jUkfI5lW5C5KYPWlNpa0RESilwwHwYDVR0jBBgwFoAUZ0Lo
+w+aSzyeWWpSmdCI92YtLiU4wDQYJKoZIhvcNAQELBQADggEBAIKE5Xk52FbSz3h5
+ecl8GvdJlYrABzIXns41IV4ThJM5ki4Y2WVOk+t2dm74p61XHkCLaO+OltHuGNAO
+dzuFnkEAEp6bILJQZ+bsSCn5mBwj5b6lup0n8Jdf01Gr6wmUemf4joiBMKz3J0JL
+JVg56l5Wsz9MGIKra49z735rOE+VR+WgcZM95xHwXqN++jI4+c7GVuG4ShhHqpfV
+mBS6bJ+pwxa3bClNYg+e9PWvEzzN6m6jg4Mgnxgz8Moj4BiNelxr+7QQCg8f6Ide
+DNhwU/irKXukd0/HMzNvS9z6SsgK3V51txl0lah77T5Wjo5u310XbcU7/uAgqc35
+OcCwg7Q=
+-----END CERTIFICATE-----

tests/integration/long/ssl/client.key

@@ -1,28 +1,32 @@
+Bag Attributes
+    friendlyName: 127.0.0.1
+    localKeyID: 54 69 6D 65 20 31 37 32 37 31 36 37 38 32 34 36 37 31 
+Key Attributes: <No Attributes>
 -----BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCeukTeDyltCfa1
-VWJ1fZbDWuH/pggfoQZb2Fcw78XnTpF4yu6/4CWKVzsHaw+kZEMpe6nLbchyl8wh
-734ubvj/K7ulbnWsn+vaMyqD61WIVr8ZDFJAsp0DEMC/AloAzjWSujQMqZybhHB9
-gCW26nBzqkLsB8G1PTw8G4MrtZ9o2cVuEYBaQe8xtQs1YAps9aohMdtQS8uBL+4+
-P79bhIeTkZpiTRjaZTdpbKl4M4GoR8pOLZbSLHU7tKk4fJ8DSG9dL0iKUX8dZRG+
-v27Xeae8k17xb66paqVAx3IWxs8IiFtXBXAZhCnKjIGuDPrLlI/BLK6ABvYXxiTd
-Sm+offTJAgMBAAECggEAN+VysRx3wy1aEvuRo7xpZjxQD/5BKBpFqfxioBogAFfb
-xMT6FNnzfmc/o1ohdQvV1vr0jW4Iw8oPGfhD4Eg2KW4WM6jVicf7f6i7FR+/zDZ4
-L3L2WFBOGLFCn0FNvrDfjt9Byx/DxcR69Mc3ANZIaYMQ9Bu7LH73AlfR9oeMLpjL
-+6g1qz2yz8Sm2CMCGXTyXtvUCgn2ld6nz8KlZ8FTUG9C9mAabuvV91Ko6rmTxuiv
-YKvHSPnIjXRjuC+Ozjf1rYTOJ5LVMNNhlbIKBG/Nx5QzL7bA3XDtMD1BEI9pdHR+
-5HwA0tV2Ex67tBCJwlBAhYLxuPjfOj1R5KV8wriE3QKBgQDNvqOaGYiXwp9Rajoo
-ltlOBPfnjshd9tPdc6tTUQR34vSbkHrg0HVJhvIP5LRbyx/M/8ACQxFkDRE4U7fJ
-xVGDs8Pi0FqcqFTnm/AYQ5eZbJkPp9qe71aDOPanncrVNEGFeW26LaeLGbTLrOMM
-6mTmsfGig0MKgml35IMrP+oPuwKBgQDFf56DdaFe08xSK9pDWuKxUuBIagGExQkQ
-r9eYasBc336CXh3FWtpSlxl73dqtISh/HbKbv+OZfkVdbmkcTVGlWm/N/XvLqpPK
-86kbKW6PY8FxIY/RxiZANf/JJ5gzPp6VQMJeSy+oepeWj11mTLcT02plvIMM0Jmg
-Z5B9Hw37SwKBgDR/59lDmLI47FRnCc4fp/WbmPKSYZhwimFgyZ/p9XzuAcLMXD6P
-ks4fTBc4IbmmnEfAHuu013QzTWiVHDm1SvaTYXG3/tcosPmkteBLJxz0NB5lk4io
-w+eaGn5s6jv7KJj5gkFWswDwn0y1of5CtVqUn3b7jZjZ7DW2rq3TklNPAoGAIzaW
-56+AfyzaQEhrWRkKVD2HmcG01Zxf+mav1RArjiOXJd1sB3UkehdQxuIOjFHeK5P6
-9YQoK4T1DyyRdydeCFJwntS0TuLyCPyaySoA+XX61pX6U5e12DsIiTATFgfzNH9g
-aHmVXL/G6WRUbdn9xn4qeUs8Pnuu+IeenoB7+LMCgYBBnig9nTp81U+SGsNl2D3J
-WUz4z+XzEfKU1nq2s4KNjIPB2T1ne+1x3Uso2hagtEHeuEbZoRY4dtCahAvYwrPM
-8wtDFQXWmvFyN3X0Js65GZ++knuseQ1tdlbc/4C+k4u26tVe2GcwhKTjn08++L2E
-UB3pLXbssswH271OjD+QkQ==
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4+c0FkD/kNWbK
+7539JRTpiDFMBtwp5CmCB/t8OlAgU4pp6mFHVpg8V68dhDIDgpKVgEPiHZzzcoCX
+UnQYor+CKOpggrR2F0Di3b6H0Bfju3uxU5ViwM2iRd0pO8ByRpNl8Jubiq/xF7a+
+709WtFszZj5nQzEeQgcf7q50qG+L+MIFml3iREFRkUNjntnKbNnZdJInqtIhXWmh
+8ZWhxWzg4QZuxJkTx5oz2xJkwZFZQF8Lz/U1s39Cvl74LidHj2nbBvOD7JYXmO1c
+NFJeo9p3rIWUdGjv6Y1QzUc0wrRtn8ISRvg+88IHFJMWw4JnlViSIKOGdwvo8X59
+sipDv4tlAgMBAAECggEAHZfxgiNa5XLZuDvvxdFJ8DbW1DgAvz7+mQwX4v8dVJ6o
+9VsHJzemcXkBzjIZIlCgjQSRV7qvIo++HPeXFV3sT7GmFbyzjHUZ73HUirvzJn8X
+Qf6CVuNLwtt0j6U8m8vIxzVgX9knXuYRWajFw7RlJusDrtekIxgjNaulA4rzFax3
+hoJa8JYUizjZnTe2hhZSdG7JzbBV5n9Wei2rPTMXEI1llyCBb/MfhTBrCIYeF9PO
+IYCAi/0i2en5uVTgQlwejGp5/xj1KWnbD1S5FWZgj88AXwHfVvEFxheEXxYXhLav
+XGlrGxb1x/uFn651c3rWxMdfZc9T9QITSWuD7EFF4QKBgQD25n5/OtcQYGUoVH4g
+o+wdiWva5FgzAlcaA3ciNW5Dtx/8obrkO3zJEDP3p4tnTRJEkWjuZaHMTCsq+K9U
+egHgrTCQMpMV1xydkdUPVaBD7QXLr528VvNOiHdruxt7cRxVGbGzbwCj8dDwzLhe
+W8tcmz02XTzfk6Vz+l73AS6IKQKBgQC/ywxOTx0tZPeK24d4rE4ufK9GYH8LQ1M+
+9HFh5VZZPyGM8zKQk4YJzQChwpRSMEToqY7x/51QDa02/mHNkntS6fw48TnBCt41
+JfYRfhOhVDCyFKOJ+vuM6RHlkZHFTxUvtZdnneuG/9HXY4HY64dSrKLqXGjWZ9ou
+zqcVrHQA3QKBgAq+lRqsUNehmkVbB/IbsBbI+Cyaa0ws+eVj6TdP4/CGc5nm3982
+x4NodRp97A8ex4C8Yzicq6HcXrSMBfVDKfnBD6/2w3fb2J7yzbbRHxxVoD7w8YhU
+sFnmjmvdxKBml7kMWTNZzUlVKKaSAiP5EqyBBPTssc14+2ZEqwVMw92hAoGADgtR
+UF6stUlCczGWHvkHFJJex1mDlBCPBPojX1bK1ugvjcG1Py7+TrNrS20TLV2JfjwE
+UqY0H8uQlolUIhiK3UxzArxvTTp9gQjRlwBTcanXkwK94vm09+GNRPE+6mLbG05B
+0v2WZKFQ/WO0+2xr0VsA5wZzStf5+xl41LZ3HCUCgYAUyrj2/elSKdaXzNCVsLTU
+PmOpQUiBUTt2YJ06UiZL0V+ompEl15MhDssMJcsJSfxEYmgExNvWJEWwJQy9LNoy
+YZHj8PycoQOGYtbPwstleTmdKh0MfgKO3dmSSfueQur1p9/kjy+OYB4yiKcaPw0z
+aaEu6ksnOjRTK5ZBhDhK0Q==
 -----END PRIVATE KEY-----

tests/integration/long/ssl/client_encrypted.key

@@ -1,30 +1,30 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,7288A409E846EBE2DE421B77598DAF98
-
-ahiUSf+k9POIEUJb5BGbQ6knk4+FtTz+e+6fouqVc4Lq+RXR9f0pFBi9eDEkFNiN
-AcUjLkxh+3TmihTZJprqXSbQ3jacwbnwDOFgtZE3PxoA1heHxADaKCNr+Ph0lC/T
-3cIzsoIZ6slk+3n6ERieZRdmvoMH1SY8nXKT5+bLMR4RIjw1y7h26MRhjQS+lXaX
-Asd5EOGROCIgefeEBGHAbrlg0FoHy7slqVBxuZphTHKtyK/VK4fRLt6doUzBu5GJ
-T2jdrqJCWr5PRn3bAqMemJWxDhZLX4DyNDQPn8riZ8jMbwPOVUSnF8B8re1tNkQ0
-CsH77sYIIjmPdizCdvj91+jH6o7MRCZPvky+PHG/9G5WsPiw5W1i/nrPemT1XJyy
-oPRc/fMFfbHmW3HCGqgv2/6Wg+17un/a6UyzXsbNdhDZLCVqtAQ7PSv83z5oUazT
-djzFHgxSqRknUY0lOUvP8Rni67MG+Rcksj9HgszhLoC0be64IX0Ey5oc5+pBYrf9
-FVEPsuyyu4aDSRYYATC2E1V/EQRwcvpKEZNFTbqMpQhjrWtlBM/GgQnQBeQdLAGX
-yefDSzkH31y5gcdgHLElriWwbHHbcaAmf3e15W94YHgTytJBsQ9A19SmtmgUmo4h
-jaFoUooM5mFA8hc/snSe2PdkEefkzS72g8qxa//61LTJAAkVk43dYjoqQ34wq6WR
-OB4nn/W2xlfv/ClZJTWf8YvQTrQptJY5VQq/TTEcrXy67Uc0wRHXZK2rTjKeyRj9
-65SkyyXhMopWEl2vX25ReITVfdJ0FgjqI/ugYSf25iOfJtsk+jgrtrswZ+8F2eMq
-iAQ+0JSiYmlot2Pn1QCalLjtTz8zeMfXPyo5fbKNMdp52U1cPYld90kUGHZfjqju
-GmY/aHa6N8lZGxj8SC/JM36GawaGKe4S/F5BetYJOpaEzkpowqlTC8Syv529rm46
-vvgf+EJL8gRvdtnIEe/qtzbtel299VhaBpuOcApfTDSxRHZmvkCpdHo9I3KgOZB9
-Cqu9Bz+FiJmTk8rGQwmI8EYj38jneEoqA+fN7tUkzxCGacg+x6ke4nOcJzgBhd94
-8DvGclrcAwBY1mlNYRceFJKFXhwLZTKBojZlS8Q9863EAH3DOBLeP85V3YvBD/MK
-O+kzPoxN/jPVNho7y4gL7skcqe/IXePzPxBcZrHJjoU7mGVDcVcouRj16XSezMbB
-5Pft0/gGiItRJ2+v9DlPjzDfjTuRdS78muaZ4nNqX6B+JmyPJtkb2CdiHz6B21RO
-3hjGrffM1nhmYBegyjTVc88IxzYg0T8CZLq1FYxuTZmwyahA520IpwsbfwXxLVMU
-5rmou5dj1pVlvoP3l+ivPqugeY3k7UjZ33m5H9p009JR40dybr1S2RbI8Gqhe953
-0bedA4DWvPakODXgYu43al92uR/tyjazeB5t7Iu8uB5Xcm3/Mqoofe9xtdQSCWa0
-jKKvXzSpL1MM2C0bRyYHIkVR65K7Zmi/BzvTaPECo1+Uv+EwqRZRyBzUZKPP8LMq
-jTCOBmYaK8+0dTRk8MEzrPW2ihVVJYVMmFyTZKW0iK7kOMKZRkhDCaNSUlPEty7j
------END RSA PRIVATE KEY-----
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQGwgW+7olu2AXiupx
+NxswrAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEIbwGGQKe8+6Kb+s
+ngNKUFcEggTQPKEHVA1qFFXANwtAMXezfPAK9JlLHdAJNiSMy8RWvR+TLOt5xJ2b
+FSP8c8ME425YXVyvV8XlQ4P9czr7UODuU7/aU0PL4gCrOWSPA+azWA3mJJEjx/QK
+CY1MgrG++09TP1n7yv9kij7a3/3gOxEe9IkM+uLq8tjZi9Xhsvi68jmJUTXRD4UB
+9moMtUH16LG866HeUwFk3P9ASoBoRDzKiq81FoU7iITNw+Hes5+2Tcs9ENfhPd43
+5Y9WrFFnArwuR7BZVqt72Bwme5iQfn4X7yczG4iyx7dk8DXCfvslWL1nWBoSRoVS
+H1Xj9pNABgLbjO25/NI1ycTmX/f2dTq5QE5MuIAQJ5gfYjLQhYczswE/G7QqjyLA
+5AMu+nz/B9oBLeRcjL2e5363bGD2/70lQdL2MvLxyTaPyYo9cOmzDSZfzYjzx1ro
+y1wDlreKKT5zrPfQbZ1LTjmaWdLbI2t8UUy6X1H+E0qY5IsTIm9VfNSQJcmgtJSP
+nAbdDvZlD2NGbpjDsjbmX1xwKG2z4JNyP0BS2PXd3STvBCCO6rUKovuyk7MlS3Kn
+HU8F4spe0YAMuYZNG72XZuG1AhXGhGG0rCVnkaakyXH5kgUA76cmj5ONU5fX4B0Y
+g/6+V/BelK5hVYUq9vUZEzUcY/IrWPoDe27nGmrFVaCTHymjrp+KUixiUJOkGP25
+z7URMsVPElkcPhNnfb9Wf1EAei//ETd5U7aVaxYSau6nijI+LhPWxBZNKjGQytEd
+tFqc29GmIlIk22zZGj0OwMz6hm/OqQxAq9jHn34ZukqXzFlQ6/rmFKIQIVcA3HQL
+NT7TgMCJqNB3pub2RhHS5iY8GatUT8OeXklGF7GLQV3xvEEMxm9+KmIe4F47I8P5
+V0soBKNDlZaiiKNE9WHld4zinbwZ/DNlpuuzeQeAPTii57CgSoDXyt+rST30lftp
+OwCQ62j+h3sGTR2OexmILVIXBcrko/B3/MXQ4wmXKBasrEPlfuSBpm5QQ7eviM8r
+55hkWlXFYA0ND+IlLnUB1MMcsGhvfrzbI1RlzL1CN0Vt3UyPZvrgJJKHfEQRUXcz
+SWiZz1PaJNBNVYOfvAzWru1tv9ZVH7RMOQnoVOXoJBNHBAUA6f93W8x+dFuaaqRn
+9v/snIAT5gNoNVllMWHeK1QPfEYJ90cDiUaxi8EiETuVpf/vGYSgbOV7VpTIhCq0
+buoWwN1/hEar+JhseK6b3qWKki9SHhwk3zN8y3+wt7lAA8eMhIY2dnz8rG2qiCRs
+Co8qBYGgsYzqAGqutFuepMF8lGmVUw6g5MOEf2goIjdQ6PgcWHAFT//O5RrQEE86
+I4lRU0wn/kZfgPWOxMoghVTLZOLH14/pooMZwph+zLr6y3qp5QBlcPhZZETTo4B+
+iLEEoTPspJ/RsbI9OCoxTpQ/VrRKbHNUGOeI4HULEq04y0cZ+Vaaknktw2/xhUkk
+78Mpj14fYmgp57jfAj8Xq8LkBPdW/FWMG+zfElu4U8Kz/Fgk2WSmj54idOu/zZUe
+Y97ARqyP0upUL4PlE8glAFxbpWcwjKivoc9p2xb/gfomObeLzvxPXYzWXKqYc8dV
+ZbgiJwDLOpIdBy+46sAkHXbhXLQ4+FpVEL4QohcPuPnuQoRNTjoz5wU=
+-----END ENCRYPTED PRIVATE KEY-----

tests/integration/long/ssl/generate_certificates.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# create new CA key and certificate
+openssl req -new -newkey rsa:2048 -days 3650 -x509 -subj "/CN=root-ca/OU=drivers/O=oss/C=US" -keyout ca-key -out ca-cert -nodes
+
+# create keystore and key-pair for DSE server
+keytool -genkey -keyalg RSA -keystore 127.0.0.1.keystore -validity 3650 -storepass cassandra -keypass cassandra -dname "CN=127.0.0.1,OU=drivers,O=oss,C=US" -ext "SAN=IP:127.0.0.1" -alias 127.0.0.1 -storetype pkcs12
+
+# export DSE server key from keystore
+openssl pkcs12 -in 127.0.0.1.keystore -nodes -nocerts -out client.key -legacy -passin pass:cassandra
+
+# create encrypted client key
+openssl rsa -aes256 -in client.key -passout pass:cassandra -out client_encrypted.key
+
+# create CSR
+keytool -keystore 127.0.0.1.keystore -alias 127.0.0.1 -certreq -file client.csr -storepass cassandra -ext san=ip:127.0.0.1
+
+# sign CSR with CA key
+openssl x509 -req -CA ca-cert -CAkey ca-key -in client.csr -out client.crt -days 3650 -copy_extensions copyall -passin pass:cassandra
+
+# import CA certificate to DSE node keystore
+keytool -keystore 127.0.0.1.keystore -alias CARoot -import -file ca-cert -storepass cassandra -noprompt
+
+# import signed certificate to DSE node keystore
+keytool -keystore 127.0.0.1.keystore -alias 127.0.0.1 -import -file client.crt -storepass cassandra -noprompt
+
+# import CA certificate to DSE node truststore
+keytool -keystore cassandra.truststore -alias CARoot -import -file ca-cert -storepass cassandra -noprompt
+
+# cleanup
+rm client.csr

tests/integration/long/test_ssl.py

@@ -42,10 +42,10 @@
 SERVER_TRUSTSTORE_PATH = os.path.abspath("tests/integration/long/ssl/cassandra.truststore")
 
 # Client specific keys/certs
-CLIENT_CA_CERTS = os.path.abspath("tests/integration/long/ssl/rootCa.crt")
+CLIENT_CA_CERTS = os.path.abspath("tests/integration/long/ssl/ca-cert")
 DRIVER_KEYFILE = os.path.abspath("tests/integration/long/ssl/client.key")
 DRIVER_KEYFILE_ENCRYPTED = os.path.abspath("tests/integration/long/ssl/client_encrypted.key")
-DRIVER_CERTFILE = os.path.abspath("tests/integration/long/ssl/client.crt_signed")
+DRIVER_CERTFILE = os.path.abspath("tests/integration/long/ssl/client.crt")
 DRIVER_CERTFILE_BAD = os.path.abspath("tests/integration/long/ssl/client_bad.key")
 
 USES_PYOPENSSL = "twisted" in EVENT_LOOP_MANAGER or "eventlet" in EVENT_LOOP_MANAGER
@@ -486,7 +486,7 @@ def test_cannot_connect_ssl_context_with_invalid_hostname(self):
                 password="cassandra",
             )
             ssl_context.verify_mode = ssl.CERT_REQUIRED
-            ssl_options["check_hostname"] = True
+            ssl_context.check_hostname = True
         with self.assertRaises(Exception):
             validate_ssl_options(ssl_context=ssl_context, ssl_options=ssl_options, hostname="localhost")