gnu: python-pyopenssl: Enable tests.

* gnu/packages/patches/python-pyopenssl-skip-network-test.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-pyopenssl, python2-pyopenssl)[source]: Use it.
[arguments]: Replace 'check' with custom phase.

gnu/local.mk

@@ -815,6 +815,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-configobj-setuptools.patch	\
   %D%/packages/patches/python-paste-remove-website-test.patch	\
   %D%/packages/patches/python-paste-remove-timing-test.patch	\
+  %D%/packages/patches/python-pyopenssl-skip-network-test.patch	\
   %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
   %D%/packages/patches/qemu-CVE-2016-8576.patch			\
   %D%/packages/patches/qemu-CVE-2016-8577.patch			\

gnu/packages/patches/python-pyopenssl-skip-network-test.patch

@@ -0,0 +1,50 @@
+This test tries connecting to an external server which is not supported
+in the build environment. See discussion at:
+
+https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00650.html
+
+diff --git a/tests/test_ssl.py b/tests/test_ssl.py
+index ee849fd..60048b8 100644
+--- a/tests/test_ssl.py
++++ b/tests/test_ssl.py
+@@ -1180,40 +1180,6 @@ class ContextTests(TestCase, _LoopbackMixin):
+             TypeError, context.load_verify_locations, None, None, None
+         )
+ 
+-    @pytest.mark.skipif(
+-        platform == "win32",
+-        reason="set_default_verify_paths appears not to work on Windows.  "
+-        "See LP#404343 and LP#404344."
+-    )
+-    def test_set_default_verify_paths(self):
+-        """
+-        :py:obj:`Context.set_default_verify_paths` causes the
+-        platform-specific CA certificate locations to be used for
+-        verification purposes.
+-        """
+-        # Testing this requires a server with a certificate signed by one
+-        # of the CAs in the platform CA location.  Getting one of those
+-        # costs money.  Fortunately (or unfortunately, depending on your
+-        # perspective), it's easy to think of a public server on the
+-        # internet which has such a certificate.  Connecting to the network
+-        # in a unit test is bad, but it's the only way I can think of to
+-        # really test this. -exarkun
+-
+-        # Arg, verisign.com doesn't speak anything newer than TLS 1.0
+-        context = Context(SSLv23_METHOD)
+-        context.set_default_verify_paths()
+-        context.set_verify(
+-            VERIFY_PEER,
+-            lambda conn, cert, errno, depth, preverify_ok: preverify_ok)
+-
+-        client = socket()
+-        client.connect(("encrypted.google.com", 443))
+-        clientSSL = Connection(context, client)
+-        clientSSL.set_connect_state()
+-        clientSSL.do_handshake()
+-        clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")
+-        self.assertTrue(clientSSL.recv(1024))
+-
+     def test_set_default_verify_paths_signature(self):
+         """
+         :py:obj:`Context.set_default_verify_paths` takes no arguments and

gnu/packages/python.scm

@@ -6672,11 +6672,18 @@ message digests and key derivation functions.")
        (uri (pypi-uri "pyOpenSSL" version))
        (sha256
         (base32
-         "0vji4yrfshs15xpczbhzhasnjrwcarsqg87n98ixnyafnyxs6ybp"))))
+         "0vji4yrfshs15xpczbhzhasnjrwcarsqg87n98ixnyafnyxs6ybp"))
+       (patches
+        (search-patches "python-pyopenssl-skip-network-test.patch"))))
     (build-system python-build-system)
     (arguments
-     ;; FIXME: Some tests fail with "NameError: name 'long' is not defined".
-     '(#:tests? #f))
+     '(#:phases
+       (modify-phases %standard-phases
+         (delete 'check)
+         (add-after 'install 'check
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (add-installed-pythonpath inputs outputs)
+             (zero? (system* "py.test" "-v")))))))
     (propagated-inputs
      `(("python-cryptography" ,python-cryptography)
        ("python-six" ,python-six)))