upstream/mercurial-mirror Files · tests/test-patchbomb-tls.t

hgweb: support constructing URLs from an alternate base URL...

hgweb: support constructing URLs from an alternate base URL The web.baseurl config option allows server operators to define a custom URL for hosted content. The way it works today is that hgwebdir parses this config option into URL components then updates the appropriate WSGI environment variables so the request "lies" about its details. For example, SERVER_NAME is updated to reflect the alternate base URL's hostname. The WSGI environment should not be modified because WSGI applications may want to know the original request details (for debugging, etc). This commit teaches our request parser about the existence of an alternate base URL. If defined, the advertised URL and other self-reflected paths will take the alternate base URL into account. The hgweb WSGI application didn't use web.baseurl. But hgwebdir did. We update hgwebdir to alter the environment parsing accordingly. The old code around environment manipulation has been removed. With this change, parserequestfromenv() has grown to a bit unwieldy. Now that practically everyone is using it, it is obvious that there is some unused features that can be trimmed. So look for this in follow-up commits. Differential Revision: https://phab.mercurial-scm.org/D2822

Matt Harbison - - Load All Authors

File last commit:

r33494:30f2715b default


                r36916:219b2335

default

Download file

             test-patchbomb-tls.t
        
                    126 lines
            
             | 4.4 KiB
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-patchbomb-tls.t
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
      #require serve ssl

      Set up SMTP server:

        $ CERTSDIR="$TESTDIR/sslcerts"

        $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem

        Augie Fackler
    
cleanup: use $PYTHON to run python in many more tests...

              r32940
            
        $ $PYTHON "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        > --tls smtps --certificate `pwd`/server.pem

        Matt Harbison
    
test-serve: make the 'listening at *' lines optional...

              r31769
            
        listening at localhost:$HGPORT (?)

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        $ cat a.pid >> $DAEMON_PIDS

      Set up repository:

        $ hg init t

        $ cd t

        $ cat <<EOF >> .hg/hgrc

        > [extensions]

        > patchbomb =

        > [email]

        > method = smtp

        > [smtp]

        > host = localhost

        > port = $HGPORT

        > tls = smtps

        > EOF

        $ echo a > a

        $ hg commit -Ama -d '1 0'

        adding a

      Utility functions:

        $ DISABLECACERTS=

        $ try () {

        >   hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"

        > }

      Our test cert is not signed by a trusted CA. It should fail to verify if

      we are able to load CA certs:

        Gregory Szorc
    
tests: better testing of loaded certificates...

              r29481
            
      #if sslcontext defaultcacerts no-defaultcacertsloaded

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        $ try

        this patch series consists of 1 patches.

        Gregory Szorc
    
sslutil: emit warning when no CA certificates loaded...

              r29449
            
        (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

      #endif

        Gregory Szorc
    
tests: better testing of loaded certificates...

              r29481
            
      #if no-sslcontext defaultcacerts

        $ try

        this patch series consists of 1 patches.

        Gregory Szorc
    
sslutil: print a warning when using TLS 1.0 on legacy Python...

              r29561
            
        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info

        Gregory Szorc
    
sslutil: try to find CA certficates in well-known locations...

              r29500
            
        (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)

        Gregory Szorc
    
tests: better testing of loaded certificates...

              r29481
            
        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

      #endif

      #if defaultcacertsloaded

        $ try

        this patch series consists of 1 patches.

        Gregory Szorc
    
sslutil: more robustly detect protocol support...

              r29601
            
        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        Gregory Szorc
    
sslutil: try to find CA certficates in well-known locations...

              r29500
            
        (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)

        Matt Harbison
    
sslutil: inform the user about how to fix an incomplete certificate chain...

              r33494
            
        (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)

        Gregory Szorc
    
tests: better testing of loaded certificates...

              r29481
            
        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

      #endif

      #if no-defaultcacerts

        $ try

        this patch series consists of 1 patches.

        Gregory Szorc
    
sslutil: issue warning when unable to load certificates on OS X...

              r29499
            
        (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)

        Gregory Szorc
    
tests: better testing of loaded certificates...

              r29481
            
        abort: localhost certificate error: no certificate received

        (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)

        [255]

      #endif

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"

      Without certificates:

        $ try --debug

        this patch series consists of 1 patches.

        (using smtps)

        sending mail: smtp host localhost, port * (glob)

        Gregory Szorc
    
sslutil: print a warning when using TLS 1.0 on legacy Python...

              r29561
            
        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        (verifying remote certificate)

        Gregory Szorc
    
sslutil: abort when unable to verify peer connection (BC)...

              r29411
            
        abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect

        Gregory Szorc
    
tests: regenerate x509 test certificates...

              r29526
            
        (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)

        Gregory Szorc
    
sslutil: abort when unable to verify peer connection (BC)...

              r29411
            
        [255]

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
      With global certificates:

        $ try --debug --config web.cacerts="$CERTSDIR/pub.pem"

        this patch series consists of 1 patches.

        (using smtps)

        sending mail: smtp host localhost, port * (glob)

        Gregory Szorc
    
sslutil: print a warning when using TLS 1.0 on legacy Python...

              r29561
            
        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        (verifying remote certificate)

        sending [PATCH] a ...

      With invalid certificates:

        $ try --config web.cacerts="$CERTSDIR/pub-other.pem"

        this patch series consists of 1 patches.

        Gregory Szorc
    
sslutil: print a warning when using TLS 1.0 on legacy Python...

              r29561
            
        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        Matt Harbison
    
sslutil: inform the user about how to fix an incomplete certificate chain...

              r33494
            
        (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

        $ cd ..

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	#require serve ssl

		Set up SMTP server:

		$ CERTSDIR="$TESTDIR/sslcerts"
		$ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem

Augie Fackler cleanup: use $PYTHON to run python in many more tests...	r32940	$ $PYTHON "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	> --tls smtps --certificate `pwd`/server.pem
Matt Harbison test-serve: make the 'listening at *' lines optional...	r31769	listening at localhost:$HGPORT (?)
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	$ cat a.pid >> $DAEMON_PIDS

		Set up repository:

		$ hg init t
		$ cd t
		$ cat <<EOF >> .hg/hgrc
		> [extensions]
		> patchbomb =
		> [email]
		> method = smtp
		> [smtp]
		> host = localhost
		> port = $HGPORT
		> tls = smtps
		> EOF

		$ echo a > a
		$ hg commit -Ama -d '1 0'
		adding a

		Utility functions:

		$ DISABLECACERTS=
		$ try () {
		> hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"
		> }

		Our test cert is not signed by a trusted CA. It should fail to verify if
		we are able to load CA certs:

Gregory Szorc tests: better testing of loaded certificates...	r29481	#if sslcontext defaultcacerts no-defaultcacertsloaded
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	$ try
		this patch series consists of 1 patches.


Gregory Szorc sslutil: emit warning when no CA certificates loaded...	r29449	(an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	(?i)abort: .?certificate.verify.failed. (re)
		[255]
		#endif

Gregory Szorc tests: better testing of loaded certificates...	r29481	#if no-sslcontext defaultcacerts
		$ try
		this patch series consists of 1 patches.


Gregory Szorc sslutil: print a warning when using TLS 1.0 on legacy Python...	r29561	warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
Gregory Szorc sslutil: try to find CA certficates in well-known locations...	r29500	(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
Gregory Szorc tests: better testing of loaded certificates...	r29481	(?i)abort: .?certificate.verify.failed. (re)
		[255]
		#endif

		#if defaultcacertsloaded
		$ try
		this patch series consists of 1 patches.


Gregory Szorc sslutil: more robustly detect protocol support...	r29601	warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
Gregory Szorc sslutil: try to find CA certficates in well-known locations...	r29500	(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
Matt Harbison sslutil: inform the user about how to fix an incomplete certificate chain...	r33494	(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
Gregory Szorc tests: better testing of loaded certificates...	r29481	(?i)abort: .?certificate.verify.failed. (re)
		[255]

		#endif

		#if no-defaultcacerts
		$ try
		this patch series consists of 1 patches.


Gregory Szorc sslutil: issue warning when unable to load certificates on OS X...	r29499	(unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
Gregory Szorc tests: better testing of loaded certificates...	r29481	abort: localhost certificate error: no certificate received
		(set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
		[255]
		#endif

Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	$ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"

		Without certificates:

		$ try --debug
		this patch series consists of 1 patches.


		(using smtps)
		sending mail: smtp host localhost, port * (glob)
Gregory Szorc sslutil: print a warning when using TLS 1.0 on legacy Python...	r29561	warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	(verifying remote certificate)
Gregory Szorc sslutil: abort when unable to verify peer connection (BC)...	r29411	abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
Gregory Szorc tests: regenerate x509 test certificates...	r29526	(see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
Gregory Szorc sslutil: abort when unable to verify peer connection (BC)...	r29411	[255]
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333
		With global certificates:

		$ try --debug --config web.cacerts="$CERTSDIR/pub.pem"
		this patch series consists of 1 patches.


		(using smtps)
		sending mail: smtp host localhost, port * (glob)
Gregory Szorc sslutil: print a warning when using TLS 1.0 on legacy Python...	r29561	warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	(verifying remote certificate)
		sending [PATCH] a ...

		With invalid certificates:

		$ try --config web.cacerts="$CERTSDIR/pub-other.pem"
		this patch series consists of 1 patches.


Gregory Szorc sslutil: print a warning when using TLS 1.0 on legacy Python...	r29561	warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
Matt Harbison sslutil: inform the user about how to fix an incomplete certificate chain...	r33494	(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	(?i)abort: .?certificate.verify.failed. (re)
		[255]

		$ cd ..