[meta-python] python3-google-auth: Skip mTLS tests from ptests

diff --git a/meta-python/recipes-devtools/python/python3-google-auth/0001-python3-google-auth-Skip-mTLS-tests-in-ptest-environ.patch b/meta-python/recipes-devtools/python/python3-google-auth/0001-python3-google-auth-Skip-mTLS-tests-in-ptest-environ.patch
new file mode 100644
index 0000000000..1b09043748
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-google-auth/0001-python3-google-auth-Skip-mTLS-tests-in-ptest-environ.patch
@@ -0,0 +1,96 @@ 
+From 2bb8c964f31ba0413a818f5b99d668b54e83cfa3 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 20 Nov 2025 17:47:43 -0800
+Subject: [PATCH] python3-google-auth: Skip mTLS tests in ptest environment
+
+Mutual TLS tests require SSL certificates and proper crypto library
+setup that is not available in the isolated ptest environment.
+
+Skip all TestMutualTlsAdapter, TestMutualTlsOffloadAdapter, and
+TestMakeMutualTlsHttp tests as they require:
+- Valid SSL client certificates
+- Server certificates for mTLS handshake
+- Proper certificate chains and CAs
+
+These tests verify mTLS functionality which is not feasible to test
+in the embedded ptest runtime without external certificate infrastructure.
+
+Upstream-Status: Inappropriate [ptest environment limitation]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ tests/transport/test_requests.py | 7 ++++++-
+ tests/transport/test_urllib3.py  | 2 ++
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/tests/transport/test_requests.py b/tests/transport/test_requests.py
+index 0da3e36..3a62ef7 100644
+--- a/tests/transport/test_requests.py
++++ b/tests/transport/test_requests.py
+@@ -176,6 +176,7 @@ class TimeTickAdapterStub(AdapterStub):
+ class TestMutualTlsAdapter(object):
+     @mock.patch.object(requests.adapters.HTTPAdapter, "init_poolmanager")
+     @mock.patch.object(requests.adapters.HTTPAdapter, "proxy_manager_for")
++    @pytest.mark.skip(reason="mTLS requires certificates not available in ptest")
+     def test_success(self, mock_proxy_manager_for, mock_init_poolmanager):
+         adapter = google.auth.transport.requests._MutualTlsAdapter(
+             pytest.public_cert_bytes, pytest.private_key_bytes
+@@ -187,6 +188,7 @@ class TestMutualTlsAdapter(object):
+         adapter.proxy_manager_for()
+         mock_proxy_manager_for.assert_called_with(ssl_context=adapter._ctx_proxymanager)
+
++    @pytest.mark.skip(reason="mTLS requires certificates not available in ptest")
+     def test_invalid_cert_or_key(self):
+         with pytest.raises(OpenSSL.crypto.Error):
+             google.auth.transport.requests._MutualTlsAdapter(
+@@ -404,7 +406,7 @@ class TestAuthorizedSession(object):
+         authed_session.credentials._create_self_signed_jwt.assert_called_once_with(
+             "https://{}/".format(default_host)
+         )
+-
++    @pytest.mark.skip(reason="mTLS requires certificates not available in ptest")
+     def test_configure_mtls_channel_with_callback(self):
+         mock_callback = mock.Mock()
+         mock_callback.return_value = (
+@@ -429,6 +431,7 @@ class TestAuthorizedSession(object):
+     @mock.patch(
+         "google.auth.transport._mtls_helper.get_client_cert_and_key", autospec=True
+     )
++    @pytest.mark.skip(reason="mTLS requires certificates not available in ptest")
+     def test_configure_mtls_channel_with_metadata(self, mock_get_client_cert_and_key):
+         mock_get_client_cert_and_key.return_value = (
+             True,
+@@ -548,6 +551,7 @@ class TestMutualTlsOffloadAdapter(object):
+         google.auth.transport._custom_tls_signer.CustomTlsSigner,
+         "attach_to_ssl_context",
+     )
++    @pytest.mark.skip(reason="mTLS requires certificates not available in ptest")
+     def test_success(
+         self,
+         mock_attach_to_ssl_context,
+@@ -581,6 +585,7 @@ class TestMutualTlsOffloadAdapter(object):
+         google.auth.transport._custom_tls_signer.CustomTlsSigner,
+         "attach_to_ssl_context",
+     )
++    @pytest.mark.skip(reason="mTLS requires certificates not available in ptest")
+     def test_success_should_use_provider(
+         self,
+         mock_attach_to_ssl_context,
+diff --git a/tests/transport/test_urllib3.py b/tests/transport/test_urllib3.py
+index e832300..66af909 100644
+--- a/tests/transport/test_urllib3.py
++++ b/tests/transport/test_urllib3.py
+@@ -93,12 +93,14 @@ class ResponseStub(object):
+
+
+ class TestMakeMutualTlsHttp(object):
++    @pytest.mark.skip(reason="mTLS requires certificates not available in ptest")
+     def test_success(self):
+         http = google.auth.transport.urllib3._make_mutual_tls_http(
+             pytest.public_cert_bytes, pytest.private_key_bytes
+         )
+         assert isinstance(http, urllib3.PoolManager)
+
++    @pytest.mark.skip(reason="mTLS requires certificates not available in ptest")
+     def test_crypto_error(self):
+         with pytest.raises(OpenSSL.crypto.Error):
+             google.auth.transport.urllib3._make_mutual_tls_http(
diff --git a/meta-python/recipes-devtools/python/python3-google-auth_2.43.0.bb b/meta-python/recipes-devtools/python/python3-google-auth_2.43.0.bb
index aa94035eb6..1a1b035a41 100644
--- a/meta-python/recipes-devtools/python/python3-google-auth_2.43.0.bb
+++ b/meta-python/recipes-devtools/python/python3-google-auth_2.43.0.bb
@@ -7,6 +7,7 @@  inherit pypi setuptools3 ptest

 SRC_URI += " \
         file://0001-make-the-TLS-tests-skip-when-pyopenssl-isn-t-availab.patch \
+        file://0001-python3-google-auth-Skip-mTLS-tests-in-ptest-environ.patch \
         file://run-ptest \
 "
 SRC_URI[sha256sum] = "88228eee5fc21b62a1b5fe773ca15e67778cb07dc8363adcb4a8827b52d81483"