Applying review comments

Author: petyaslavova

tests/test_asyncio/test_cluster.py

@@ -3063,6 +3063,7 @@ def create_client(self, request: FixtureRequest) -> Callable[..., RedisCluster]:
         )
 
         async def _create_client(mocked: bool = True, **kwargs: Any) -> RedisCluster:
+            kwargs.pop("use_localhost", None)
             if mocked:
                 with mock.patch.object(
                     ClusterNode, "execute_command", autospec=True
@@ -3182,13 +3183,20 @@ async def test_ssl_connection_tls13_custom_ciphers(
     async def test_validating_self_signed_certificate(
         self, create_client: Callable[..., Awaitable[RedisCluster]]
     ) -> None:
+        # ssl_check_hostname=False is used to avoid hostname verification
+        # in the test environment, where the server certificate is self-signed
+        # and does not match the hostname that is extracted for the cluster.
+        # Cert hostname is 'localhost' in the cluster initialization when using
+        # 'localhost' it gets transformed into 127.0.0.1
+        # In production code, ssl_check_hostname should be set to True
+        # to ensure proper hostname verification.
         async with await create_client(
             ssl=True,
             ssl_ca_certs=self.ca_cert,
             ssl_cert_reqs="required",
-            ssl_check_hostname=False,
             ssl_certfile=self.client_cert,
             ssl_keyfile=self.client_key,
+            ssl_check_hostname=False,
         ) as rc:
             assert await rc.ping()
 
@@ -3198,6 +3206,13 @@ async def test_validating_self_signed_string_certificate(
         with open(self.ca_cert) as f:
             cert_data = f.read()
 
+        # ssl_check_hostname=False is used to avoid hostname verification
+        # in the test environment, where the server certificate is self-signed
+        # and does not match the hostname that is extracted for the cluster.
+        # Cert hostname is 'localhost' in the cluster initialization when using
+        # 'localhost' it gets transformed into 127.0.0.1
+        # In production code, ssl_check_hostname should be set to True
+        # to ensure proper hostname verification.
         async with await create_client(
             ssl=True,
             ssl_ca_data=cert_data,

tests/test_asyncio/test_connect.py

@@ -58,8 +58,17 @@ async def test_uds_connect(uds_address):
 async def test_tcp_ssl_tls12_custom_ciphers(tcp_address, ssl_ciphers):
     host, port = tcp_address
 
+    # in order to have working hostname verification, we need to use "localhost"
+    # as redis host as the server certificate is self-signed and only valid for "localhost"
+    host = "localhost"
+
     server_certs = get_tls_certificates(cert_type=CertificateType.server)
 
+    # ssl_check_hostname=False is used to avoid hostname verification
+    # in the test environment, where the server certificate is self-signed
+    # and does not match the hostname.
+    # In production code, ssl_check_hostname should be set to True
+    # to ensure proper hostname verification.
     conn = SSLConnection(
         host=host,
         port=port,
@@ -68,7 +77,6 @@ async def test_tcp_ssl_tls12_custom_ciphers(tcp_address, ssl_ciphers):
         socket_timeout=10,
         ssl_min_version=ssl.TLSVersion.TLSv1_2,
         ssl_ciphers=ssl_ciphers,
-        ssl_check_hostname=False,
     )
     await _assert_connect(
         conn, tcp_address, certfile=server_certs.certfile, keyfile=server_certs.keyfile
@@ -90,13 +98,16 @@ async def test_tcp_ssl_tls12_custom_ciphers(tcp_address, ssl_ciphers):
 async def test_tcp_ssl_connect(tcp_address, ssl_min_version):
     host, port = tcp_address
 
+    # in order to have working hostname verification, we need to use "localhost"
+    # as redis host as the server certificate is self-signed and only valid for "localhost"
+    host = "localhost"
+
     server_certs = get_tls_certificates(cert_type=CertificateType.server)
 
     conn = SSLConnection(
         host=host,
         port=port,
         client_name=_CLIENT_NAME,
-        ssl_check_hostname=False,
         ssl_ca_certs=server_certs.ca_certfile,
         socket_timeout=10,
         ssl_min_version=ssl_min_version,

tests/test_connect.py

@@ -54,11 +54,16 @@ def test_uds_connect(uds_address):
 )
 def test_tcp_ssl_connect(tcp_address, ssl_min_version):
     host, port = tcp_address
+
+    # in order to have working hostname verification, we need to use "localhost"
+    # as redis host as the server certificate is self-signed and only valid for "localhost"
+    host = "localhost"
     server_certs = get_tls_certificates(cert_type=CertificateType.server)
+
     conn = SSLConnection(
         host=host,
         port=port,
-        ssl_check_hostname=False,
+        ssl_check_hostname=True,
         client_name=_CLIENT_NAME,
         ssl_ca_certs=server_certs.ca_certfile,
         socket_timeout=10,
@@ -81,6 +86,10 @@ def test_tcp_ssl_connect(tcp_address, ssl_min_version):
 def test_tcp_ssl_tls12_custom_ciphers(tcp_address, ssl_ciphers):
     host, port = tcp_address
 
+    # in order to have working hostname verification, we need to use "localhost"
+    # as redis host as the server certificate is self-signed and only valid for "localhost"
+    host = "localhost"
+
     server_certs = get_tls_certificates(cert_type=CertificateType.server)
 
     conn = SSLConnection(
@@ -91,7 +100,6 @@ def test_tcp_ssl_tls12_custom_ciphers(tcp_address, ssl_ciphers):
         socket_timeout=10,
         ssl_min_version=ssl.TLSVersion.TLSv1_2,
         ssl_ciphers=ssl_ciphers,
-        ssl_check_hostname=False,
     )
     _assert_connect(
         conn, tcp_address, certfile=server_certs.certfile, keyfile=server_certs.keyfile

tests/test_ssl.py

@@ -37,6 +37,7 @@ def test_ssl_with_invalid_cert(self, request):
     def test_ssl_connection(self, request):
         ssl_url = request.config.option.redis_ssl_url
         p = urlparse(ssl_url)[1].split(":")
+
         r = redis.Redis(
             host=p[0],
             port=p[1],