Stabilize TLS listener reload e2e

test/parrhesia/web/tls_e2e_test.exs

@@ -70,19 +70,27 @@ defmodule Parrhesia.Web.TLSE2ETest do
       5_000
     )
 
-    first_fingerprint = server_cert_fingerprint(port)
+    expected_first_fingerprint = TLSCerts.cert_sha256!(server_a.certfile)
-    assert first_fingerprint == TLSCerts.cert_sha256!(server_a.certfile)
+
+    assert_eventually(
+      fn ->
+        server_cert_fingerprint(port) == {:ok, expected_first_fingerprint}
+      end,
+      5_000
+    )
 
     File.cp!(server_b.certfile, active_certfile)
     File.cp!(server_b.keyfile, active_keyfile)
 
     assert :ok = Endpoint.reload_listener(endpoint_name, listener_id)
 
+    expected_reloaded_fingerprint = TLSCerts.cert_sha256!(server_b.certfile)
+
     assert_eventually(
       fn ->
-        server_cert_fingerprint(port) == TLSCerts.cert_sha256!(server_b.certfile)
+        server_cert_fingerprint(port) == {:ok, expected_reloaded_fingerprint}
       end,
-      30_000
+      10_000
     )
   end
 
@@ -275,18 +283,30 @@ defmodule Parrhesia.Web.TLSE2ETest do
   end
 
   defp server_cert_fingerprint(port) do
-    {:ok, socket} =
+    case :ssl.connect(
-      :ssl.connect(
+           ~c"127.0.0.1",
-        ~c"127.0.0.1",
+           port,
-        port,
+           [
-        [verify: :verify_none, active: false, server_name_indication: ~c"localhost"],
+             verify: :verify_none,
-        5_000
+             active: false,
-      )
+             reuse_sessions: false,
+             server_name_indication: ~c"localhost"
+           ],
+           5_000
+         ) do
+      {:ok, socket} ->
+        try do
+          case :ssl.peercert(socket) do
+            {:ok, cert_der} -> {:ok, Base.encode64(:crypto.hash(:sha256, cert_der))}
+            {:error, _reason} = error -> error
+          end
+        after
+          :ok = :ssl.close(socket)
+        end
 
-    {:ok, cert_der} = :ssl.peercert(socket)
+      {:error, _reason} = error ->
-    :ok = :ssl.close(socket)
+        error
-
+    end
-    Base.encode64(:crypto.hash(:sha256, cert_der))
   end
 
   defp ca_certs(certfile) do