Fix SSL certificate validation for integration tests on Ubuntu

[Copilot]

Integration tests fail on Ubuntu with AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: NotSignatureValid when making HTTPS requests through the test proxy. The tests use self-signed certificates, but HttpClient lacks SSL validation configuration to accept them.

Changes

• Configure HttpClientHandler in both TestHelper.GetHttpClient() methods to bypass SSL validation using DangerousAcceptAnyServerCertificateValidator
• Add comments explaining this is safe for integration tests where we control both client and server

var handler = new HttpClientHandler 
{ 
    Proxy = proxy, 
    UseProxy = true,
    // Accept self-signed certificates generated for testing. This is safe in integration tests
    // where we control both the client and server, but should not be used in production code.
    ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
};

This allows tests to pass on both Ubuntu and Windows runners when using self-signed certificates.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• 8e04c839-e4d0-457f-92d9-58117341cc87.com
  • Triggering command: /home/REDACTED/work/FidgetProxy/FidgetProxy/Keboo.Web.Proxy.IntegrationTests/bin/Release/net10.0/Keboo.Web.Proxy.IntegrationTests /home/REDACTED/work/FidgetProxy/FidgetProxy/Keboo.Web.Proxy.IntegrationTests/bin/Release/net10.0/Keboo.Web.Proxy.IntegrationTests (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Problem

The integration tests are failing on Ubuntu with an SSL certificate validation error:

TUnit.Engine.Exceptions.TestFailedException: HttpRequestException: The SSL connection could not be established, see inner exception.
...
System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: NotSignatureValid

This occurs in StressTests.cs at line 40 when making HTTPS requests through the test proxy.

Root Cause

The test suite creates self-signed certificates for testing, but the HttpClient created in TestHelper.GetHttpClient() doesn't have SSL certificate validation configured to accept these self-signed certificates. While this might work on some platforms, Ubuntu's stricter SSL validation causes the test to fail.

Solution

Update the HttpClientHandler in Keboo.Web.Proxy.IntegrationTests/Helpers/TestHelper.cs to disable SSL certificate validation for the test environment. This is safe for integration tests since we control both the client and server.

Specifically, modify the GetHttpClient(int localProxyPort, bool enableBasicProxyAuthorization = false) method to set:

ServerCertificateCustomValidationCallback = HttpClientHandler.DangerBypassAllCertificateValidation

This will allow the HttpClient to accept the self-signed certificates used in the test environment.

Files to Modify

• Keboo.Web.Proxy.IntegrationTests/Helpers/TestHelper.cs - Update the HttpClientHandler configuration to bypass certificate validation for tests

Expected Result

The integration tests should pass on both Ubuntu and Windows action runners, as the HttpClient will accept the self-signed certificates generated for testing purposes.

This pull request was created from Copilot chat.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.