Stabilize TLS and sync worker tests

test/parrhesia/sync/worker_test.exs

@@ -51,7 +51,7 @@ defmodule Parrhesia.Sync.WorkerTest do
                match: %{"kinds" => [5000], "#r" => ["tribes.accounts.user"]}
              })
 
-    {manager_name, _supervisor_name} = start_sync_runtime()
+    {manager_name, _supervisor_name, _worker_supervisor} = start_sync_runtime()
 
     assert {:ok, _server} =
              Sync.put_server(
@@ -109,7 +109,7 @@ defmodule Parrhesia.Sync.WorkerTest do
     relay_url = "ws://127.0.0.1:#{port}/relay"
     wait_for_relay(relay_url, String.duplicate("d", 64))
 
-    {manager_name, _supervisor_name} = start_sync_runtime()
+    {manager_name, _supervisor_name, _worker_supervisor} = start_sync_runtime()
 
     assert {:ok, _server} =
              Sync.put_server(
@@ -156,6 +156,8 @@ defmodule Parrhesia.Sync.WorkerTest do
       )
 
     on_exit(fn ->
+      stop_sync_workers(manager_name, worker_supervisor)
+
       ref = Process.monitor(supervisor_pid)
 
       try do
@@ -167,11 +169,30 @@ defmodule Parrhesia.Sync.WorkerTest do
       receive do
         {:DOWN, ^ref, :process, ^supervisor_pid, _reason} -> :ok
       after
-        1_000 -> :ok
+        5_000 -> :ok
       end
     end)
 
-    {manager_name, supervisor_name}
+    {manager_name, supervisor_name, worker_supervisor}
+  end
+
+  defp stop_sync_workers(manager_name, worker_supervisor) do
+    with manager_pid when is_pid(manager_pid) <- Process.whereis(manager_name),
+         {:ok, servers} <- Sync.list_servers(manager: manager_name) do
+      Enum.each(servers, fn server ->
+        _ = Sync.stop_server(server.id, manager: manager_name)
+      end)
+    end
+
+    case Process.whereis(worker_supervisor) do
+      pid when is_pid(pid) ->
+        assert_eventually(fn ->
+          DynamicSupervisor.which_children(worker_supervisor) == []
+        end)
+
+      nil ->
+        :ok
+    end
   end
 
   defp assert_event_synced(event, remote_pubkey) do

test/parrhesia/web/tls_e2e_test.exs

@@ -84,7 +84,7 @@ defmodule Parrhesia.Web.TLSE2ETest do
       fn ->
         server_cert_fingerprint(port) == {:ok, expected_reloaded_fingerprint}
       end,
-      10_000
+      15_000
     )
   end
 
@@ -277,29 +277,29 @@ defmodule Parrhesia.Web.TLSE2ETest do
   end
 
   defp server_cert_fingerprint(port) do
-    case :ssl.connect(
+    command =
-           ~c"127.0.0.1",
+      "printf '' | /usr/bin/openssl s_client -connect 127.0.0.1:#{port} -servername localhost -showcerts"
-           port,
+
-           [
+    case System.cmd("/bin/sh", ["-c", command], stderr_to_stdout: true) do
-             verify: :verify_none,
+      {output, 0} ->
-             active: false,
+        with {:ok, pem_entry} <- first_certificate_pem(output),
-             reuse_sessions: false,
+             [entry | _rest] <- :public_key.pem_decode(pem_entry),
-             server_name_indication: ~c"localhost"
+             cert_der <- elem(entry, 1) do
-           ],
+          {:ok, Base.encode64(:crypto.hash(:sha256, cert_der))}
-           5_000
+        else
-         ) do
+          [] -> {:error, :missing_certificate}
-      {:ok, socket} ->
+          {:error, _reason} = error -> error
-        try do
-          case :ssl.peercert(socket) do
-            {:ok, cert_der} -> {:ok, Base.encode64(:crypto.hash(:sha256, cert_der))}
-            {:error, _reason} = error -> error
-          end
-        after
-          :ok = :ssl.close(socket)
         end
 
-      {:error, _reason} = error ->
+      {output, status} ->
-        error
+        {:error, {:openssl_failed, status, output}}
+    end
+  end
+
+  defp first_certificate_pem(output) do
+    case Regex.run(~r/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/ms, output) do
+      [pem] -> {:ok, pem}
+      _other -> {:error, :missing_certificate}
     end
   end