##// END OF EJS Templates
sslutil: synchronize hostname matching logic with CPython...
sslutil: synchronize hostname matching logic with CPython sslutil contains its own hostname matching logic. CPython has code for the same intent. However, it is only available to Python 2.7.9+ (or distributions that have backported 2.7.9's ssl module improvements). This patch effectively imports CPython's hostname matching code from its ssl.py into sslutil.py. The hostname matching code itself is pretty similar. However, the DNS name matching code is much more robust and spec conformant. As the test changes show, this changes some behavior around wildcard handling and IDNA matching. The new behavior allows wildcards in the middle of words (e.g. 'f*.com' matches 'foo.com') This is spec compliant according to RFC 6125 Section 6.5.3 item 3. There is one test where the matcher is more strict. Before, '*.a.com' matched '.a.com'. Now it doesn't match. Strictly speaking this is a security vulnerability.

File last commit:

r27739:d6d3cf5f default
r29452:26a5d605 3.8.4 stable
Show More
test-push-http.t
171 lines | 5.6 KiB | text/troff | Tads3Lexer
Matt Mackall
tests: replace exit 80 with #require
r22046 #require killdaemons
Matt Mackall
tests: unify test-push-http
r12483
$ hg init test
$ cd test
$ echo a > a
$ hg ci -Ama
adding a
$ cd ..
$ hg clone test test2
updating to branch default
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ cd test2
$ echo a >> a
$ hg ci -mb
$ req() {
Adrian Buehlmann
check-code: add 'no tab indent' check for unified tests...
r12743 > hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
> cat hg.pid >> $DAEMON_PIDS
> hg --cwd ../test2 push http://localhost:$HGPORT/
Yuya Nishihara
test-push-http: include exit status of hg push
r17455 > exitstatus=$?
Matt Mackall
tests: drop DAEMON_PIDS from killdaemons calls
r25474 > killdaemons.py
Adrian Buehlmann
check-code: add 'no tab indent' check for unified tests...
r12743 > echo % serve errors
> cat errors.log
Yuya Nishihara
test-push-http: include exit status of hg push
r17455 > return $exitstatus
Matt Mackall
tests: unify test-push-http
r12483 > }
$ cd ../test
expect ssl error
$ req
Mads Kiilerich
tests: reintroduce ":$HGPORT" in test output...
r12643 pushing to http://localhost:$HGPORT/
Matt Mackall
tests: unify test-push-http
r12483 searching for changes
Yuya Nishihara
hgweb: respond 403 forbidden for ssl required error...
r17456 abort: HTTP Error 403: ssl required
Matt Mackall
tests: unify test-push-http
r12483 % serve errors
Yuya Nishihara
hgweb: respond 403 forbidden for ssl required error...
r17456 [255]
Matt Mackall
tests: unify test-push-http
r12483
expect authorization error
$ echo '[web]' > .hg/hgrc
$ echo 'push_ssl = false' >> .hg/hgrc
$ req
Mads Kiilerich
tests: reintroduce ":$HGPORT" in test output...
r12643 pushing to http://localhost:$HGPORT/
Matt Mackall
tests: unify test-push-http
r12483 searching for changes
abort: authorization failed
% serve errors
Yuya Nishihara
test-push-http: include exit status of hg push
r17455 [255]
Matt Mackall
tests: unify test-push-http
r12483
expect authorization error: must have authorized user
$ echo 'allow_push = unperson' >> .hg/hgrc
$ req
Mads Kiilerich
tests: reintroduce ":$HGPORT" in test output...
r12643 pushing to http://localhost:$HGPORT/
Matt Mackall
tests: unify test-push-http
r12483 searching for changes
abort: authorization failed
% serve errors
Yuya Nishihara
test-push-http: include exit status of hg push
r17455 [255]
Matt Mackall
tests: unify test-push-http
r12483
expect success
$ echo 'allow_push = *' >> .hg/hgrc
$ echo '[hooks]' >> .hg/hgrc
Matt Mackall
tests: simplify printenv calls...
r25478 $ echo "changegroup = printenv.py changegroup 0" >> .hg/hgrc
$ echo "pushkey = printenv.py pushkey 0" >> .hg/hgrc
Matt Mackall
tests: unify test-push-http
r12483 $ req
Mads Kiilerich
tests: reintroduce ":$HGPORT" in test output...
r12643 pushing to http://localhost:$HGPORT/
Matt Mackall
tests: unify test-push-http
r12483 searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 1 changesets with 1 changes to 1 files
Pierre-Yves David
test: use bundle2 in test-push-http...
r25390 remote: pushkey hook: HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_OLD=1 HG_RET=1
Mateusz Kwapich
hooks: add HG_NODE_LAST to txnclose and changegroup hook environments...
r27739 remote: changegroup hook: HG_BUNDLE2=1 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)
Matt Mackall
tests: unify test-push-http
r12483 % serve errors
$ hg rollback
Gilles Moris
rollback: clarifies the message about the reverted state (issue2628)...
r13446 repository tip rolled back to revision 0 (undo serve)
Matt Mackall
tests: unify test-push-http
r12483
Steven Brown
httprepo: long arguments support (issue2126)...
r14093 expect success, server lacks the httpheader capability
$ CAP=httpheader
$ . "$TESTDIR/notcapable"
$ req
pushing to http://localhost:$HGPORT/
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 1 changesets with 1 changes to 1 files
Pierre-Yves David
test: use bundle2 in test-push-http...
r25390 remote: pushkey hook: HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_OLD=1 HG_RET=1
Mateusz Kwapich
hooks: add HG_NODE_LAST to txnclose and changegroup hook environments...
r27739 remote: changegroup hook: HG_BUNDLE2=1 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)
Steven Brown
httprepo: long arguments support (issue2126)...
r14093 % serve errors
$ hg rollback
repository tip rolled back to revision 0 (undo serve)
Steven Brown
tests: new test cases for the unbundlehash capability
r13946 expect success, server lacks the unbundlehash capability
Steven Brown
tests: add script to disable a selected wire protocol capability...
r14011 $ CAP=unbundlehash
$ . "$TESTDIR/notcapable"
Steven Brown
tests: new test cases for the unbundlehash capability
r13946 $ req
pushing to http://localhost:$HGPORT/
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 1 changesets with 1 changes to 1 files
Pierre-Yves David
test: use bundle2 in test-push-http...
r25390 remote: pushkey hook: HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_OLD=1 HG_RET=1
Mateusz Kwapich
hooks: add HG_NODE_LAST to txnclose and changegroup hook environments...
r27739 remote: changegroup hook: HG_BUNDLE2=1 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)
Steven Brown
tests: new test cases for the unbundlehash capability
r13946 % serve errors
$ hg rollback
repository tip rolled back to revision 0 (undo serve)
Wagner Bruna
wireproto: fix pushkey hook failure and output on remote http repo...
r17793 expect push success, phase change failure
Adrian Buehlmann
test-push-http: fix failing test on Windows...
r17842 $ cat > .hg/hgrc <<EOF
> [web]
> push_ssl = false
> allow_push = *
> [hooks]
Matt Mackall
tests: simplify printenv calls...
r25478 > prepushkey = printenv.py prepushkey 1
Adrian Buehlmann
test-push-http: fix failing test on Windows...
r17842 > EOF
Wagner Bruna
wireproto: fix pushkey hook failure and output on remote http repo...
r17793 $ req
pushing to http://localhost:$HGPORT/
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 1 changesets with 1 changes to 1 files
Mateusz Kwapich
hooks: add HG_NODE_LAST to txnclose and changegroup hook environments...
r27739 remote: prepushkey hook: HG_BUNDLE2=1 HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_OLD=1 HG_PENDING=$TESTTMP/test HG_PHASES_MOVED=1 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)
Pierre-Yves David
test: use bundle2 in test-push-http...
r25390 remote: pushkey-abort: prepushkey hook exited with status 1
Pierre-Yves David
phases: abort the whole push if phases fail to update (BC)...
r25502 remote: transaction abort!
remote: rollback completed
abort: updating ba677d0156c1 to public failed
Wagner Bruna
wireproto: fix pushkey hook failure and output on remote http repo...
r17793 % serve errors
Pierre-Yves David
phases: abort the whole push if phases fail to update (BC)...
r25502 [255]
Wagner Bruna
wireproto: fix pushkey hook failure and output on remote http repo...
r17793
expect phase change success
Matt Mackall
tests: simplify printenv calls...
r25478 $ echo "prepushkey = printenv.py prepushkey 0" >> .hg/hgrc
Wagner Bruna
wireproto: fix pushkey hook failure and output on remote http repo...
r17793 $ req
pushing to http://localhost:$HGPORT/
searching for changes
Pierre-Yves David
phases: abort the whole push if phases fail to update (BC)...
r25502 remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 1 changesets with 1 changes to 1 files
Mateusz Kwapich
hooks: add HG_NODE_LAST to txnclose and changegroup hook environments...
r27739 remote: prepushkey hook: HG_BUNDLE2=1 HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_OLD=1 HG_PENDING=$TESTTMP/test HG_PHASES_MOVED=1 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)
Wagner Bruna
wireproto: fix pushkey hook failure and output on remote http repo...
r17793 % serve errors
$ hg rollback
repository tip rolled back to revision 0 (undo serve)
Matt Mackall
tests: unify test-push-http
r12483 expect authorization error: all users denied
$ echo '[web]' > .hg/hgrc
$ echo 'push_ssl = false' >> .hg/hgrc
$ echo 'deny_push = *' >> .hg/hgrc
$ req
Mads Kiilerich
tests: reintroduce ":$HGPORT" in test output...
r12643 pushing to http://localhost:$HGPORT/
Matt Mackall
tests: unify test-push-http
r12483 searching for changes
abort: authorization failed
% serve errors
Yuya Nishihara
test-push-http: include exit status of hg push
r17455 [255]
Matt Mackall
tests: unify test-push-http
r12483
expect authorization error: some users denied, users must be authenticated
$ echo 'deny_push = unperson' >> .hg/hgrc
$ req
Mads Kiilerich
tests: reintroduce ":$HGPORT" in test output...
r12643 pushing to http://localhost:$HGPORT/
Matt Mackall
tests: unify test-push-http
r12483 searching for changes
abort: authorization failed
% serve errors
Yuya Nishihara
test-push-http: include exit status of hg push
r17455 [255]
Mads Kiilerich
tests: add missing trailing 'cd ..'...
r16913
$ cd ..