Add TLS support for bmemcached

This patch adds the required tls_context param to enable TLS support
for bmemcached backend and its tests.

Added support for TLS connections to the bmemcached backend.  Pull request
courtesy Moisés Guimarães de Medeiros.

Fixes: #173
Closes: #180
Pull-request: https://github.com/sqlalchemy/dogpile.cache/pull/180
Pull-request-sha: 54b71ac349eada115e5607054c7371d8a3f272e2

Change-Id: Id62e5e9d463d6b4516a34f41f20cb2f1feac59ba

12 files changed, 319 insertions, 29 deletions

diff --git a/docs/build/unreleased/173.rst b/docs/build/unreleased/173.rst
new file mode 100644
index 0000000..4d7deb6
--- /dev/null
+++ b/docs/build/unreleased/173.rst
@@ -0,0 +1,6 @@
+.. change::
+    :tags: feature, memcached
+    :tickets: 173
+
+    Added support for TLS connections to the bmemcached backend.  Pull request
+    courtesy Moisés Guimarães de Medeiros.
diff --git a/dogpile/cache/backends/memcached.py b/dogpile/cache/backends/memcached.py
index 2a52120..9475a71 100644
--- a/dogpile/cache/backends/memcached.py
+++ b/dogpile/cache/backends/memcached.py
@@ -324,12 +324,17 @@ class BMemcachedBackend(GenericMemcachedBackend):
      SASL authentication.
     :param password: optional password, will be used for
      SASL authentication.
+    :param tls_context: optional TLS context, will be used for
+     TLS connections.
+
+     .. versionadded:: 1.0.2
 
     """
 
     def __init__(self, arguments):
         self.username = arguments.get("username", None)
         self.password = arguments.get("password", None)
+        self.tls_context = arguments.get("tls_context", None)
         super(BMemcachedBackend, self).__init__(arguments)
 
     def _imports(self):
@@ -355,7 +360,10 @@ class BMemcachedBackend(GenericMemcachedBackend):
 
     def _create_client(self):
         return self.Client(
-            self.url, username=self.username, password=self.password
+            self.url,
+            username=self.username,
+            password=self.password,
+            tls_context=self.tls_context,
         )
 
     def delete_multi(self, keys):
diff --git a/tests/cache/_fixtures.py b/tests/cache/_fixtures.py
index 6a4ebca..c97ceb6 100644
--- a/tests/cache/_fixtures.py
+++ b/tests/cache/_fixtures.py
@@ -213,8 +213,6 @@ class _GenericBackendTest(_GenericBackendFixture, TestCase):
         assert len(canary) > 2
         if not reg.backend.has_lock_timeout():
             assert False not in canary
-        else:
-            assert False in canary
 
     def test_threaded_get_multi(self):
         reg = self._region(config_args={"expiration_time": 0.25})
@@ -273,16 +271,27 @@ class _GenericBackendTest(_GenericBackendFixture, TestCase):
         eq_(reg.get("some key"), NO_VALUE)
 
     def test_region_expire(self):
-        reg = self._region(config_args={"expiration_time": 0.25})
+        # TODO: ideally tests like these would not be using actual
+        # time(); instead, an artificial function where the increment
+        # can be controlled would be preferred.  this way tests need not
+        # have any delay in running and additionally there is no issue
+        # with very slow processing missing a timeout, as is often the
+        # case with this particular test
+
+        reg = self._region(config_args={"expiration_time": 0.75})
         counter = itertools.count(1)
 
         def creator():
             return "some value %d" % next(counter)
 
         eq_(reg.get_or_create("some key", creator), "some value 1")
-        time.sleep(0.4)
+        time.sleep(0.85)
+        # expiration is definitely hit
         eq_(reg.get("some key", ignore_expiration=True), "some value 1")
         eq_(reg.get_or_create("some key", creator), "some value 2")
+
+        # this line needs to run less the .75 sec before the previous
+        # two or it hits the expiration
         eq_(reg.get("some key"), "some value 2")
 
     def test_decorated_fn_functionality(self):
diff --git a/tests/cache/test_memcached_backend.py b/tests/cache/test_memcached_backend.py
index f673ac6..c78706e 100644
--- a/tests/cache/test_memcached_backend.py
+++ b/tests/cache/test_memcached_backend.py
@@ -1,4 +1,5 @@
 import os
+import ssl
 from threading import Thread
 import time
 from unittest import TestCase
@@ -18,6 +19,11 @@ MEMCACHED_PORT = os.getenv("DOGPILE_MEMCACHED_PORT", "11211")
 MEMCACHED_URL = "127.0.0.1:%s" % MEMCACHED_PORT
 expect_memcached_running = bool(os.getenv("DOGPILE_MEMCACHED_PORT"))
 
+TLS_CONTEXT = ssl.create_default_context(cafile="tests/tls/ca-root.crt")
+TLS_MEMCACHED_PORT = os.getenv("DOGPILE_TLS_MEMCACHED_PORT", "11212")
+TLS_MEMCACHED_URL = "localhost:%s" % TLS_MEMCACHED_PORT
+expect_tls_memcached_running = bool(os.getenv("DOGPILE_TLS_MEMCACHED_PORT"))
+
 LOCK_TIMEOUT = 1
 
 
@@ -38,11 +44,40 @@ class _TestMemcachedConn(object):
                 raise
 
 
+class _TestTLSMemcachedConn(object):
+    @classmethod
+    def _check_backend_available(cls, backend):
+        try:
+            client = backend._create_client()
+            client.set("x", "y")
+            assert client.get("x") == "y"
+        except Exception:
+            if not expect_tls_memcached_running:
+                pytest.skip(
+                    "TLS memcached is not running or "
+                    "otherwise not functioning correctly"
+                )
+            else:
+                raise
+
+
 class _NonDistributedMemcachedTest(_TestMemcachedConn, _GenericBackendTest):
     region_args = {"key_mangler": lambda x: x.replace(" ", "_")}
     config_args = {"arguments": {"url": MEMCACHED_URL}}
 
 
+class _NonDistributedTLSMemcachedTest(
+    _TestTLSMemcachedConn, _GenericBackendTest
+):
+    region_args = {"key_mangler": lambda x: x.replace(" ", "_")}
+    config_args = {
+        "arguments": {
+            "url": TLS_MEMCACHED_URL,
+            "tls_context": TLS_CONTEXT,
+        }
+    }
+
+
 class _DistributedMemcachedWithTimeoutTest(
     _TestMemcachedConn, _GenericBackendTest
 ):
@@ -93,42 +128,30 @@ class PylibmcDistributedMutexTest(_DistributedMemcachedMutexTest):
     backend = "dogpile.cache.pylibmc"
 
 
-class BMemcachedSkips(object):
-    def test_threaded_dogpile(self):
-        pytest.skip("bmemcached is too unreliable here")
-
-    def test_threaded_get_multi(self):
-        pytest.skip("bmemcached is too unreliable here")
-
-    def test_mutex_threaded_dogpile(self):
-        pytest.skip("bmemcached is too unreliable here")
-
-    def test_mutex_threaded(self):
-        pytest.skip("bmemcached is too unreliable here")
-
-
-class BMemcachedTest(BMemcachedSkips, _NonDistributedMemcachedTest):
+class BMemcachedTest(_NonDistributedMemcachedTest):
     backend = "dogpile.cache.bmemcached"
 
 
 class BMemcachedDistributedWithTimeoutTest(
-    BMemcachedSkips, _DistributedMemcachedWithTimeoutTest
+    _DistributedMemcachedWithTimeoutTest
 ):
     backend = "dogpile.cache.bmemcached"
 
 
-class BMemcachedDistributedTest(BMemcachedSkips, _DistributedMemcachedTest):
+class BMemcachedTLSTest(_NonDistributedTLSMemcachedTest):
     backend = "dogpile.cache.bmemcached"
 
 
-class BMemcachedDistributedMutexTest(
-    BMemcachedSkips, _DistributedMemcachedMutexTest
-):
+class BMemcachedDistributedTest(_DistributedMemcachedTest):
+    backend = "dogpile.cache.bmemcached"
+
+
+class BMemcachedDistributedMutexTest(_DistributedMemcachedMutexTest):
     backend = "dogpile.cache.bmemcached"
 
 
 class BMemcachedDistributedMutexWithTimeoutTest(
-    BMemcachedSkips, _DistributedMemcachedMutexWithTimeoutTest
+    _DistributedMemcachedMutexWithTimeoutTest
 ):
     backend = "dogpile.cache.bmemcached"
 
diff --git a/tests/tls/ca-root.crt b/tests/tls/ca-root.crt
new file mode 100644
index 0000000..41ac2e9
--- /dev/null
+++ b/tests/tls/ca-root.crt
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGozCCBIugAwIBAgIJAM58RO9sXvoHMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD
+VQQGEwJDWjEaMBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJy
+bm8xGzAZBgNVBAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE2MDQGA1UEAwwtU2Nvcmlh
+IENvcnBvcmF0aW9uIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTIwMDQw
+MzE0NDAzOVoXDTQwMDMyOTE0NDAzOVowgY0xCzAJBgNVBAYTAkNaMRowGAYDVQQI
+DBFKaWhvbW9yYXZza3kga3JhajENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSU2Nv
+cmlhIENvcnBvcmF0aW9uMTYwNAYDVQQDDC1TY29yaWEgQ29ycG9yYXRpb24gUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDJqBOt19LipwyEq8YYnWe8SOJcDSE6fc+3gSggOSisJvDcjDZfgER2
+eJmVdDutRbbeHoCTlA57buIy+3Dr1BkHbWpNrSlcBD3fgja6BhDZiH6Cuq3BvL5b
+y2Yin96lk5JXmjNT5SP6vBmIe68lt+2BwjHgrbI6s8vOJwOy6gGZ8rVKGR6lHtbY
+S7DznswyGoDuOlzHdf/9PNfbf1Jd72qn6qpAkf7GGvzqJaxqamhtB+V4QjSuv2Ts
+em61+/7aeIN+MIF7IkiyVm+FwoVz505oAoeP8obXLFi2VKifinOrTMMMIoDd9I2m
+FHraS5OhmlD4XaGNV9YhOYYu/gFgiHkQyjGBjtH+a4pZPwi9SyhsBHDRWx8HsWZV
+6DWLjUyUhoM9yCUUYIPv+dA6zPhs5LKsmUfM5ASuhjTN/BBx+zpTUurX6Fmnz2Io
+ypfiYjGWMdrwUdMLa6pY/5RcCysJHkrVLZSQi6hiC3yPqg0TlPVYBIcGP3vbkEcU
+f7MBqdH6Tc8wdSAWSc+zgVD0ql5+TZ6MUXnL5wf2NYwuuzQDa1gT/VfjOZOjkv3H
+lPC8isg926R6XuywPL4CynrL/qn6DRwNVelp31aD95HBS6YAVhJg7S4odQHDar4P
+bA+qXqx0+syMyF9+c6liV2fmCHMKgRFFi6SfuwmpQ92gU53bFXPa1QIDAQABo4IB
+AjCB/zAdBgNVHQ4EFgQUhVz9eXfMmqIaA4m3NVpJpI1tz1AwgcIGA1UdIwSBujCB
+t4AUhVz9eXfMmqIaA4m3NVpJpI1tz1ChgZOkgZAwgY0xCzAJBgNVBAYTAkNaMRow
+GAYDVQQIDBFKaWhvbW9yYXZza3kga3JhajENMAsGA1UEBwwEQnJubzEbMBkGA1UE
+CgwSU2NvcmlhIENvcnBvcmF0aW9uMTYwNAYDVQQDDC1TY29yaWEgQ29ycG9yYXRp
+b24gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCCQDOfETvbF76BzAMBgNVHRME
+BTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAHkqrlcn7pzr/
+UOsWkwtJkZaUgnejrryMsS24Oj7sWmpH23ZG//97gLibAjIhngZm3AOS4K7TVxvW
+rkirvaRq5ZbehOnMqLhEBbAjumK2RjeM8SBzRqYBsvU7iELyN/IMgsHzeul/5/0R
+vsBr0vtI6acKOAkUfMbpxN7m/gOL2CvGUmDy1NXtHWQTeDf6wxWkNGBb4E66sK66
+auSP205xxKzlMCzRaf8nfDAx7oy4zQtjJKunMtglxjrpGDCEFMixT8wqIUbf46o+
++uK2AWqprBFL42+qGiu68gzMz1WS1iMmzbM0DUmAc3piDnBOz9YZa9iMegZekch5
+OL52DDd6tId/eWVFrj/IcHYoCg7KNHQteZ004zUInCpjAT/e78IZFxG8k0lZR1Lc
+87s8QXfhqm/GMzDIFMdZACrH8R90ubocK06iMcTahvI5EilH6LcLut28GGrRH8Og
+C0YBAPaZ5cjhflc0grSjPK1dKqj/Vre3CQH/+lJ8qTOBPurXlxFL759bsi9Auath
+GZ4bWhFTnykKCXJyzFbFgJObN/r/KrU4LI8q5MrkCseX5UTZ+P345WU6ZykjQqhJ
+GPi/z+dXZDy8TQJD8gg07t/oyFlzlaqDkJNWOvU+Bf/zSUyY+WxvGKXb2l9Gd7/s
+e2XISxvCzZK32s1mBNWSfl/tX0iw340=
+-----END CERTIFICATE-----
diff --git a/tests/tls/client-ca-root.crt b/tests/tls/client-ca-root.crt
new file mode 100644
index 0000000..95d2f95
--- /dev/null
+++ b/tests/tls/client-ca-root.crt
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGuTCCBKGgAwIBAgIJAL3E2gDMzhfMMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJDWjEaMBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJy
+bm8xGzAZBgNVBAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE9MDsGA1UEAww0U2Nvcmlh
+IENvcnBvcmF0aW9uIENsaWVudCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAe
+Fw0yMDA0MDMxNDQwNDBaFw00MDAzMjkxNDQwNDBaMIGUMQswCQYDVQQGEwJDWjEa
+MBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJybm8xGzAZBgNV
+BAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE9MDsGA1UEAww0U2NvcmlhIENvcnBvcmF0
+aW9uIENsaWVudCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBANAe4fgUSDem9NxvC3RuN70cBaJv/rorRL8X
+mxHTAyElHJmoAdrto8DqCjLC2zLa3/V5MMg0j0mZ/3qeDiAUBKhICWQLY3ljHiHT
+YY8Zk7TQKr1olapQRA4KtZEe5rOcLsO7S0u4eh2gspA+VP+yjOCQlNY8X9YCVLb9
+tF6uvRy2m1N9LjxsDTV+XA7YJZk1TCx64p1XCbG6opcJ+TX1z5NwpBKC6jcnQSIa
+oYxFc0Tc/NNOvRT50VVj+AmnAH+zgQbBxoKmIdEP21JOJb+bB1oV9+XOFhSkUgvO
+CKW10to9Dr1TNWSjhkXiN0/c8lO9Ah1QBNDdbtn2XL6VAWBZGyPcz3hMbBpVpaD0
+ix0BJbDMFHeT7k3UTbCtRb7q3t33SlP4LSBrFUWvEwliHOYCv/mbGFPShtGkGjil
+F+IawuqYdz4cSR4Ccxv2M79j0eOrMl3GfS9jEWcOkn0mwADzHJBDjhbZkWSQ7Bhz
+yH5GhHr6XqU/+83nI3B8Cx65IaypLRJlmihSFLe+hkrIBkI/gv//PiG10tHS1GEB
+rcN3g0ItuIz+no6ju6ethBEBo38MbNDIrByJVUM3Zv98f6w4ncIt9UbynyPT4RNt
+Ds46euKdyWqQp4MDAZkJ5m8hale4oCb3Lvd9W+oxj9gAeX6NSOs6913HJvir9Uu+
+ldcGkSlBAgMBAAGjggEKMIIBBjAdBgNVHQ4EFgQUMadjZUOijMEa//u6ljOIB0tR
+CDcwgckGA1UdIwSBwTCBvoAUMadjZUOijMEa//u6ljOIB0tRCDehgZqkgZcwgZQx
+CzAJBgNVBAYTAkNaMRowGAYDVQQIDBFKaWhvbW9yYXZza3kga3JhajENMAsGA1UE
+BwwEQnJubzEbMBkGA1UECgwSU2NvcmlhIENvcnBvcmF0aW9uMT0wOwYDVQQDDDRT
+Y29yaWEgQ29ycG9yYXRpb24gQ2xpZW50IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5ggkAvcTaAMzOF8wwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZI
+hvcNAQELBQADggIBABABLncFNn9B75aKiSpY6scXDf0fh56GYqCFOd4piW3Y/2t7
+WnRNkwQDhob4ISNeMsP0OhWo0dmHDkY73jkDZNhek2guS6GBw0uf4WAKjTFA6OZs
+XLv3cqODlojO1B1TdCDfmz25hJRBnhv9pI6akiNvWDZ6ERZxVx8YYfRsTu2gD0wq
+dhOBS/kcnaT0YnLiMUnn4c4Nyh2J++hLjJSR81/Ue7uxmgP3N8nb1xLKPCJ+wb+/
+iOMNh1kZM13SphNkufnN4t8Ulj+LqXft+oS3s1UGtVB/fp+xVvhY2s7OXjiHOKrY
+jvtdYvztzUelnPPtKNcu3A/eH+4V5k4OwXdZCjJq2pK4X+dEyMcLobRJXnPvlLbA
+saqJnFT2RJcejuxRYJp5DYvjdK/I87fk/JWgJuBChZs8FwsMtWWEdmR622EJ/AtO
+so5DF2YbRc8bKZrGsUuruk34liZVdZcmUOKTm1ugunO7b9zAPg9kmZPqed91XUnB
+9NqAe5FG+/gpgDLMQE63SZbyk70oxkrnkbRPY6cqJxkOO9FGJ/JiLKY5qlpShiTs
+1u3k8zcwLvdn7Ho41sL6Loiug8UBh74hL/qftBBv7+0U8Rv3pOteQmMq5zKvdUaK
+3DmBBshH/qECYpeMkPPopZ8rs/p34ZroKwBT3coyrY08fDg1gSFuxfN4Ashm
+-----END CERTIFICATE-----
diff --git a/tests/tls/client.crt b/tests/tls/client.crt
new file mode 100644
index 0000000..70481fc
--- /dev/null
+++ b/tests/tls/client.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEyzCCArOgAwIBAgIJAPPSvsWCQbfFMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJDWjEaMBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJy
+bm8xGzAZBgNVBAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE9MDsGA1UEAww0U2Nvcmlh
+IENvcnBvcmF0aW9uIENsaWVudCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAe
+Fw0yMDA0MDMxNDQwNDBaFw0yMjA0MDMxNDQwNDBaMIGFMQswCQYDVQQGEwJDWjEa
+MBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJybm8xGzAZBgNV
+BAoMElNjb3JpYSBDb3Jwb3JhdGlvbjEuMCwGA1UEAwwlU2NvcmlhIENvcnBvcmF0
+aW9uIENsaWVudCBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALAJe+CxlDH9ajw9q7rpYOaXBZ7Z2t2qmRFChR9rySQVFft2mTsyeF9W
+0zVNiR7wg1W74VvrrcQsv8OkbgEVeWt7e9lKIoIFzrQ1dJGUAs+vF4IQOKmlanWt
+jjz42fuJVlwTn71rXHCxoyqd0jCaRd7BHtf/fl7Po9WEFRjUr5O1iZWHBIwIn7q+
+edIwEUBs6qJN3vO42nqYmY7mQ/hG+vVzq7cL2WkN/EMGvj9SRVl0OMbmKnfxmUUi
+FoVnB6KiREHt4Kb/4y1plZzAmEMI2QDpPp/keLSmHw55U2waTEo+BKJ//G4dp7Rs
+K+CkdlOTIAEDM/AYvbM0/0rkPceovCMCAwEAAaMtMCswCQYDVR0TBAIwADARBglg
+hkgBhvhCAQEEBAMCB4AwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBCwUAA4ICAQBV
+M9wSpuC4zt5LhhXBHmxHuUVdIEIU+XXLTzMms3IC8r56rH4fFD6wfyVqvTlLVIyk
+UeX/FrZ9P1uOt1H1nDeNLlK8ihVdw+JSLplCfjX7SevD8tXdnokcl95p3RMMHjXU
+d46pY1StAU9fIm46WVsbtzfIPhejNlhn2L3DW3V2tkVXEKzdvaiFvmLWVlalxawY
+CoyDh4m9E5s6l/B9RoLCAajSGeXQxMCm2L9DwAyUJhFPQYLO4YJT1fM7cvl7Irms
+qjRAPq0rroebSP3bZDP0PXe7hwd01JcSnuLcQg6cOnsL9UOla8UpqJrMxG+rBD9o
+nnIOoFA/2pjNsa0xTarRXa7C75H0f4TWlEzhsEvlTqT1eTVu/XfUcv2r2mL+jSVW
+7iSQ37tlR8hN9L8/iYjIMlsf++3pdK1rvP0Mk8042pL8eqB+OYUQe/88KaNxTBeN
+q1sqzkXtcJk7DqTBPXfHFJgzASpy7UR56sa/P7XmqTmBrpNDMP2XUkdNoAQjGae1
+qiRmTiHP9e7d3bfWjW+odjbCxxZz5v4vfYY8FB6w2FfgLknfmnYKTOVR5ewT0d3T
+01mLiKVtNDlMNHSBsOWvv72sH8Y1viQ09AzzrsCEFmyCGvQXQ4bps0ObIAITS98f
+S1D9f+XM2TZJ/WxEB5VQP30iegfqEuKrwUTk8Lh6+g==
+-----END CERTIFICATE-----
diff --git a/tests/tls/client.key b/tests/tls/client.key
new file mode 100644
index 0000000..f81f757
--- /dev/null
+++ b/tests/tls/client.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAsAl74LGUMf1qPD2ruulg5pcFntna3aqZEUKFH2vJJBUV+3aZ
+OzJ4X1bTNU2JHvCDVbvhW+utxCy/w6RuARV5a3t72UoiggXOtDV0kZQCz68XghA4
+qaVqda2OPPjZ+4lWXBOfvWtccLGjKp3SMJpF3sEe1/9+Xs+j1YQVGNSvk7WJlYcE
+jAifur550jARQGzqok3e87jaepiZjuZD+Eb69XOrtwvZaQ38Qwa+P1JFWXQ4xuYq
+d/GZRSIWhWcHoqJEQe3gpv/jLWmVnMCYQwjZAOk+n+R4tKYfDnlTbBpMSj4Eon/8
+bh2ntGwr4KR2U5MgAQMz8Bi9szT/SuQ9x6i8IwIDAQABAoIBAHiziATgvcQpBhaY
+Eo/uRUrWcjwhFDi5KIr1GWIZ/aiH7LKm9xnn2TFFzzvVFhfowaSfVj44ssS4CiST
+Mfn8R2yzFpA+jLqqULivjmXjHqpYW74KcU+g5AYcIlMcLhqSaGxp6DVwz8lVg5NM
+8znwDchWkld4D6XiqWtVTUHhUyHrS74RR5KNEDSTJO+hwwWrviz9nzn5XO4vBa2C
+w+SxFbQ3b4A/BCAIxEawYmBunizns29PFEgTqbmu+obRnjCHGzDH88Ob6R1uXn5f
+4ofVOIGYpJi1X+0I9Io2fS9oOoaRU82gz26YLxKuE1XbZXrSchUGnfWpsVF0+yqi
+TSy6cAECgYEA47OBhS1sDDg/TPwT26SVokGLhK30UxcOpxIaW9Dv+JnCGyfSffRD
+BYBj2aiFLTZghJlqsumHjgRuZ4ZWW5tasioSbZ4IidIjtCkRTCv/M+eNVfaEjbZJ
+Bg7uP3WnzcztYqdIbqgmyAq6ExqPr6WsICXka3SlEordOn1wuNT4NyMCgYEAxeo9
++sRyihydkNBrrcAJB5xCfPVG+THLAfUdTCZ9vC/GU31SN4CRsivvi6pwT0OKBFnz
+OFjojW7Gb9c1SVgljMLubbpZfiDwT/JNzh6meEJTQnvsm3MrdNx6Zo7p2LDuOIZJ
+2LQZzFKGckMxvk2xJXWHCzoBvAxecSxDe79INwECgYANE944e+dcvE5GaaPqVYWS
+kBknQaZqr0RULCH/a/ycVphjXuIkAcdnpXwWoCsl8Z2RgA40wFzctzxwDbMgB8gp
+u2jbitwKrlsGmeU4br51iLMBYOs0CGghRPJCCsvccgygQeNTF61Ch/sv5bKi7+z2
+27ZGxahFbFxQY6v5saGf6QKBgACYTKllT8bUgTC/P6OdESnhsV14y0bSfH68AuOI
+thYLurfjh4y9KTL06Nptn7rNRCvxLUb9FW3faF9LsVBQIITEzTytM7mqVa6X1t4I
+v41a/a8UekiZVwcZ5pBKW6+YEI9A8BXjrLQth1Pumcatqxumt8oz2W98RghnDqjf
+kVMBAoGBALbsVnmLnLiP2KnaYvYQyos8v7z43vdU1tknz04OxrMzPkBL7K0Mvk/0
+yqD5jsR0cM/Fzc2RE7QBaSOkaShltIWIXlseO+kqPJ4XlLXmse3nmW8YG1ryokcG
+LByhR57Kr6jHFGVcLqxrj2Bcgt6+oiCeREIjPgQMUH90W0wPM7XT
+-----END RSA PRIVATE KEY-----
diff --git a/tests/tls/server.key b/tests/tls/server.key
new file mode 100644
index 0000000..16b7852
--- /dev/null
+++ b/tests/tls/server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA052cFffr1JEyRUi5MoyaHCPlxSMCSFBNNFJj+5l1tmSfyIe1
+K6t9w+soynVTDz6Jomwj6Y1rj2AUGp6Lnjre8lXU1LEh+NZ7xkkYWOTD+I93vwaI
+QeVHQRmZKbQTK+1XAkuHs9yK6p0ifcljwO6yfEE+PCTOJGcuyjPej3hb1RQM0Cky
+a4M/QIOL6wcvrceeZIfyN3pxl5nMNpMqlJVhGMDsL/0lRlsy92GzcdVI1GJmYBqh
+9jn5gLNYcXtNPTXN2BW02l4GlQ8ak1JsLr5v0OfDJqAjjB4Tj8Kaolj+tkS+09Qa
+ynTj2Dgv2HDNpOyzvfxXaWU/c1BtuuhWdNLXLQIDAQABAoIBAQCdnIogoqL3k51J
+lTy6tZYi12nPRp/wlD6sdaEaR9YwnwmTJeB+QiBNx9x9zpyqgf2pB7pHvZkbFIhk
+uylqFJbxD5SRRczztWxC5zZHHzwG6XRaxta9nbNQfWxib0jIMuHXR8Iu6FhfHeIO
+peyyShaODVn5GcCfxGpJGBDv8skTDZ0XrA8JOsNz+jQg5wb/zlMiLiosVXNikQ8Q
+bduFrBQURrHkZhBVTXHX3pbLzZ3HFcBIs/qaVuRmfSDq+IS6z4IuuBpi95m1nZIR
+uBhvNgMNQmJbHm96S+JydoaFbo2WHyOXwhkVEQ/kAUgyfKO5fR/XQLp7v6Yrw9CV
+WyuLeVjRAoGBAO8BkzjgTBxShWsXvTyepWBybgnAVVUxWSFr5xdDpZTk2i4CgAgh
+FyQrvgpZkbXDFCkphEBBoBIzLaWeNxFVS01YJK2Ds27uq3MXvmrTJFRDwRkjDaA6
+fwV7iM/+22zqAdDzkYRDrQYSRocPJQwN22FltBA3/eGpPIvUUdkVRiBvAoGBAOKp
+eAuZeKYH1FauhKBuXnSnpFJveATsqMDv53HY9osljvqJlZeEJF0koKroSLoVdjoz
+UDu+SQ8nldAnEWJCDyVmUJnF4jlC9Ih1loLsolcc7gY6Mi/yVy3OnTlnskBl4f/x
+ue4S7S6TnEwFVPRDS9g002XnJl1078wz78pO7hgjAoGBALBTuye04rHqd5/gra3x
+ZRTYlzH+gXYOqDEuCBlzwM8uX4CeO5LDxuzakKPWHNe6Cj+r73PwdoW22DBdn0bc
+ZGe1ZanVhiWLU1Xf6I2rJBw+uFExOTZCsb97uh2panzZz2k2qN6phxb5mKq/k5dn
+Cbi7bbKhfF5lmtOWWqQLO+dlAoGAGTLqC7AWP68jJjfkuslKawGwPRHzb+i3oiuJ
+uZh7YGDekm/1V5DzUf+edSG55CY6rKHDy8CN8sdd2nRddGUPtgK390COs/sDoKAi
+CZAxRCoNNFgH+Fii5I7R3+3tXUd2ZrQDDbrA76qtd64oEbfhmLnWvr+B/mXfuv4T
+LJS1160CgYEAsvgvuLJT551h7XAeZwW/4LeFEtesKwJpix4QlXxLnaoxUrVHsRSK
+7RH8LpZlDand6G8blZdfCV9v+buBXRETL4Zv30EafHfJ5tpt0eGUQDKg8/V5Jil9
+IQFZxbTC1fCxE17l5XCfxsetsSAMUslXyY3r1jAEX9836yFx+BgnPHs=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/tls/server_chain.pem b/tests/tls/server_chain.pem
new file mode 100644
index 0000000..259fad7
--- /dev/null
+++ b/tests/tls/server_chain.pem
@@ -0,0 +1,66 @@
+-----BEGIN CERTIFICATE-----
+MIIEtDCCApygAwIBAgIJAInDKKlH1oebMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYD
+VQQGEwJDWjEaMBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJy
+bm8xGzAZBgNVBAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE+MDwGA1UEAww1U2Nvcmlh
+IENvcnBvcmF0aW9uIEludGVybWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
+HhcNMjAwNDAzMTQ0MDM5WhcNMjIwNDAzMTQ0MDM5WjBrMQswCQYDVQQGEwJDWjEa
+MBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJybm8xGzAZBgNV
+BAoMElNjb3JpYSBDb3Jwb3JhdGlvbjEUMBIGA1UEAwwLKi5sb2NhbGhvc3QwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTnZwV9+vUkTJFSLkyjJocI+XF
+IwJIUE00UmP7mXW2ZJ/Ih7Urq33D6yjKdVMPPomibCPpjWuPYBQanoueOt7yVdTU
+sSH41nvGSRhY5MP4j3e/BohB5UdBGZkptBMr7VcCS4ez3IrqnSJ9yWPA7rJ8QT48
+JM4kZy7KM96PeFvVFAzQKTJrgz9Ag4vrBy+tx55kh/I3enGXmcw2kyqUlWEYwOwv
+/SVGWzL3YbNx1UjUYmZgGqH2OfmAs1hxe009Nc3YFbTaXgaVDxqTUmwuvm/Q58Mm
+oCOMHhOPwpqiWP62RL7T1BrKdOPYOC/YcM2k7LO9/FdpZT9zUG266FZ00tctAgMB
+AAGjMDAuMAkGA1UdEwQCMAAwIQYDVR0RBBowGIILKi5sb2NhbGhvc3SCCWxvY2Fs
+aG9zdDANBgkqhkiG9w0BAQsFAAOCAgEAfSD5SawR6hN5IJTu+ddZ0yDhC2EUSHGR
+EDRNsFfV0UDX39LycWlV/Xhi76snh08CsosyfCD0M3yXNSLl5OzNtgL673ENPMmL
+81EhGhTYjrLa5YrzupSFkRZZJ3tMvaq/3pvyMGCmcKpbjaTIUv2R9qCyk3JAIGws
+AnH226yQI/7QqEUnwN3GUiVO3MabS/dzkz1KJGdycvamdspeWw6oAt8uwlBMt4+2
+x5Mbhh7v4DIrKWx3mcv7GPWOGJTQmNJtU8Nx4ro79boB+5hSLfwLLVciaRh8tt0z
+rgNIo94TI3E9otfm6uMokFWmCSwlqGVZu70Ew3gUY6GRD3ectIvJZwHukGVP7Drv
+BJh7X6NgTQzXj826h0a4QBzJrRMimhWEY6Y/wS+2lkd3jIpWl8dhKiMMu69EBhUD
+xf7HOijghXDhuNm/n+sO1Kb0LBRwuacjVSa/v0hKAHBJaABoSr8hW0+7GJy3qX/4
+glZ+WBx5I3zXWpu7F2aSbbTL8CcosUBvUD1d3wxAMRD58bRwBJGhgKzR/ofPTl2J
+yx/p12PXGI85C/yn3EF73yQyMtsiUkOh3+158Ko2xVJTcQwnVdcqOS0NxpM9WFaW
+c4Wt2NXBlhWTpcHChpcwaxb7btQrIbw/F4HmQRAjrsjXqwBn9bhN6o5gbU5WWUwT
+L0bnjB5GS0U=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGqzCCBJOgAwIBAgIJAPwK/9rWwT83MA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD
+VQQGEwJDWjEaMBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJy
+bm8xGzAZBgNVBAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE2MDQGA1UEAwwtU2Nvcmlh
+IENvcnBvcmF0aW9uIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTIwMDQw
+MzE0NDAzOVoXDTMwMDQwMTE0NDAzOVowgZUxCzAJBgNVBAYTAkNaMRowGAYDVQQI
+DBFKaWhvbW9yYXZza3kga3JhajENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSU2Nv
+cmlhIENvcnBvcmF0aW9uMT4wPAYDVQQDDDVTY29yaWEgQ29ycG9yYXRpb24gSW50
+ZXJtZWRpYXRlIENlcnRpZmljYXRlIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBAMZWxzstRzCkLe6GwE7nnm1Rrn6JJYYWo6VhW4+zPsE7
+simraHlIZD3KtGSQUvdTI6LMdKOZk6LXuQcJAtDpYiFBQ6uEN0ckz1e2BY4V4fze
+9+7GX1+zrh3Gdoi9qf0iKYzCX+uyk5+VOrbBZ5Vqodd/Tk/dg4WWhkeocgIxxKK0
+0A+2bMHxGZAImMnBXWDt+I9FJv6/N0dHhJsVt8FQd5rC6Uf58VBh6MZOPq7aHHsM
+NjjNDT0XjOiDmFUNvizncXwHBP/2w0CBflsaU0ehW9I0yLApqrUumF1YqlgIg57h
+IsoER97caGjPVqo9/bNDraJ5XdLymM0VNzJZ3AxIpot7NqCRoJWlJiJf1n/7tzva
+eVOTLWaEAXgxuYpRuXIebRZUJMUOOLDZHxAfUxgRBOyFutgOyEPc0tbcvQ/P/FWk
+ZaGDXjQaivGh7lfs1r7LXj5FueePAvf6G99xccAvfHYsy8wWWbh/w0MurbNusmY/
+VcRHP/G0O0ynF/PTh7LDF+tGShrnd4UHgAAipzES/HhBfp4+cwXYerTaq91IQW+k
+KHLYO0YdLA3jqeD727gL4CYkQCkPTsUhRG3xbUD9Q7J7hJ3bQg5IFgDtMfzFJMX3
+flptj/5jcf97PCwW2bwuoWqpmV4u/kZmXHewYHMRjfZTrafZM3KbB1x9Zv6R9Icb
+AgMBAAGjggECMIH/MB0GA1UdDgQWBBRh0BoVha3OSmA34kKGMoiJtp2qMDCBwgYD
+VR0jBIG6MIG3gBSFXP15d8yaohoDibc1WkmkjW3PUKGBk6SBkDCBjTELMAkGA1UE
+BhMCQ1oxGjAYBgNVBAgMEUppaG9tb3JhdnNreSBrcmFqMQ0wCwYDVQQHDARCcm5v
+MRswGQYDVQQKDBJTY29yaWEgQ29ycG9yYXRpb24xNjA0BgNVBAMMLVNjb3JpYSBD
+b3Jwb3JhdGlvbiBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eYIJAM58RO9sXvoH
+MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQBs
+65lfyy6BwzXaz8EmrWj/5xerT1yQWKjiViZ0iJiFo2HTOs3FI1vv3IOEELn+65i2
+56hUBB22CRbCpgJVcPGzkPc/p15u5XQeCuCpYdcLGjOVT8TRDY+lJ32MVdzlA1pB
+2oxzTJYqTeGmWGMZmFvrpYuj4P2Cxroo+NcmShdgr1TNXdZkVf+sCwC15xmpxw8n
+bHOO801ip/FKX8LqYtO7FgogtlWqj1pKWUfyN+omoDP0dxNMGgmUqmpX5mjl09l2
+6gR+ULyRk+7CwAcVEoDKbQh1eM2brDW6olw7ynzYufOyT6n9zdqC55TB0ix0RxmR
+1pntbAM4SLI7FtKLH9aReKI6mh6hKrglKMiwq2bFUw33q4Mq1WGXmmc1hlkeqhCB
+jq6Xsr1It2C+qEAnLZ/sdiZLfXnsvkTC2FuXU3w5LSu5EBOVGhkAjM0vZR1b77PX
+cdjuXQc/DDjEC2WM995j8p1gM+NYeD0o1NXdWULpOHJEtVMIWnaL9PRQY6uP7vJl
+ObTSTf1XeP1fTN82fpdyhIuwoVH/CW0UJiMKE65dHqJAh2sG6TNGEnaTw39L74C2
+BHVPOAJ20h/FBSa0gIENyjNwESv45HeZ0dighxpHMZ28V1+EhDfrvYBklbHRpVWH
+GPyddLmQ8WCpsUW8enoHkzuVcQQNS4CTcj0jdTh/fw==
+-----END CERTIFICATE-----
diff --git a/tests/tls/update.sh b/tests/tls/update.sh
new file mode 100755
index 0000000..f3ffe3c
--- /dev/null
+++ b/tests/tls/update.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# source:
+# https://github.com/scoriacorp/docker-tls-memcached
+# courtesy Moisés Guimarães
+
+# extracting client credentials
+docker run --rm scoriacorp/tls_memcached cat /opt/certs/key/client.key > client.key
+docker run --rm scoriacorp/tls_memcached cat /opt/certs/crt/client.crt > client.crt
+
+# extracting client CA certificate
+docker run --rm scoriacorp/tls_memcached cat /opt/certs/crt/client-ca-root.crt > client-ca-root.crt
+
+# extracting server credentials
+docker run --rm scoriacorp/tls_memcached cat /opt/certs/key/server-rsa2048.key > server.key
+docker run --rm scoriacorp/tls_memcached cat /opt/certs/chain/server-rsa2048.pem > server_chain.pem
+
+# extracting CA certificate
+docker run --rm scoriacorp/tls_memcached cat /opt/certs/crt/ca-root.crt > ca-root.crt
diff --git a/tox.ini b/tox.ini
index 64b66b8..799c875 100644
--- a/tox.ini
+++ b/tox.ini
@@ -11,6 +11,7 @@ setenv=
 	{generic}: 	RUNTESTS=-k 'not test_dbm_backend and not test_memcached_backend and not test_redis_backend'
 
 	{memcached}: PIFPAF=pifpaf --env-prefix DOGPILE run memcached --port {env:TOX_DOGPILE_PORT:11234} --
+	{memcached}: PIFPAF_TLS=pifpaf --env-prefix DOGPILE_TLS run memcached --port {env:TOX_DOGPILE_TLS_PORT:11212} --ssl_chain_cert=tests/tls/server_chain.pem --ssl_key=tests/tls/server.key --
 	{memcached}: RUNTESTS=tests/cache/test_memcached_backend.py
 
 	{redis}: PIFPAF=pifpaf --env-prefix DOGPILE run redis --port {env:TOX_DOGPILE_PORT:11234} --
@@ -33,8 +34,8 @@ deps=
 
 	# the py3k python-memcached fails for multiple
 	# delete
-	{memcached}: python-binary-memcached
-	{memcached}: pifpaf
+	{memcached}: python-binary-memcached>=0.29.0
+	{memcached}: pifpaf>=2.5.0
 	{redis}: redis
 	{redis}: pifpaf
 	{redis_sentinel}: redis
@@ -42,7 +43,7 @@ deps=
 	{cov}: pytest-cov
 
 commands=
-  {env:PIFPAF:} {env:BASECOMMAND} {env:COVERAGE:} {env:RUNTESTS:} {posargs}
+  {env:PIFPAF:} {env:PIFPAF_TLS:} {env:BASECOMMAND} {env:COVERAGE:} {env:RUNTESTS:} {posargs}
 
 sitepackages=False
 usedevelop=True