##// END OF EJS Templates
sslutil: introduce a function for determining host-specific settings...
sslutil: introduce a function for determining host-specific settings This patch marks the beginning of a series that introduces a new, more configurable, per-host security settings mechanism. Currently, we have global settings (like web.cacerts and the --insecure argument). We also have per-host settings via [hostfingerprints]. Global security settings are good for defaults, but they don't provide the amount of control often wanted. For example, an organization may want to require a particular CA is used for a particular hostname. [hostfingerprints] is nice. But it currently assumes SHA-1. Furthermore, there is no obvious place to put additional per-host settings. Subsequent patches will be introducing new mechanisms for defining security settings, some on a per-host basis. This commits starts the transition to that world by introducing the _hostsettings function. It takes a ui and hostname and returns a dict of security settings. Currently, it limits itself to returning host fingerprint info. We foreshadow the future support of non-SHA1 hashing algorithms for verifying the host fingerprint by making the "certfingerprints" key a list of tuples instead of a list of hashes. We add this dict to the hgstate property on the socket and use it during socket validation for checking fingerprints. There should be no change in behavior.

File last commit:

r19197:01d68fb0 stable
r29258:6315c1e1 default
Show More
urls.txt
66 lines | 2.3 KiB | text/plain | TextLexer
Dan Villiom Podlaski Christiansen
setup: install translation files as package data...
r9999 Valid URLs are of the form::
local/filesystem/path[#revision]
Mads Kiilerich
help: Backed out changeset e99facd2cd2a, description of file urls...
r15533 file://local/filesystem/path[#revision]
Dan Villiom Podlaski Christiansen
setup: install translation files as package data...
r9999 http://[user[:pass]@]host[:port]/[path][#revision]
https://[user[:pass]@]host[:port]/[path][#revision]
Matt Mackall
help: ssh urls don't allow passwords
r13304 ssh://[user@]host[:port]/[path][#revision]
Dan Villiom Podlaski Christiansen
setup: install translation files as package data...
r9999
Paths in the local filesystem can either point to Mercurial
Mike Williams
help: stop documentation markup appearing in generated help...
r19197 repositories or to bundle files (as created by :hg:`bundle` or
:hg:`incoming --bundle`). See also :hg:`help paths`.
Dan Villiom Podlaski Christiansen
setup: install translation files as package data...
r9999
An optional identifier after # indicates a particular branch, tag, or
Martin Geisler
Use hg role in help strings
r10973 changeset to use from the remote repository. See also :hg:`help
revisions`.
Dan Villiom Podlaski Christiansen
setup: install translation files as package data...
r9999
Some features, such as pushing to http:// and https:// URLs are only
possible if the feature is explicitly enabled on the remote Mercurial
server.
Mads Kiilerich
doc: clarify that https cert verification requires web.cacerts
r12593 Note that the security of HTTPS URLs depends on proper configuration of
web.cacerts.
Dan Villiom Podlaski Christiansen
setup: install translation files as package data...
r9999 Some notes about using SSH with Mercurial:
- SSH requires an accessible shell account on the destination machine
and a copy of hg in the remote path or specified with as remotecmd.
- path is relative to the remote user's home directory by default. Use
an extra slash at the start of a path to specify an absolute path::
ssh://example.com//tmp/repository
- Mercurial doesn't use its own compression via SSH; the right thing
to do is to configure it in your ~/.ssh/config, e.g.::
Host *.mylocalnetwork.example.com
Compression no
Host *
Compression yes
Brodie Rao
help: refer to user configuration file more consistently...
r12083 Alternatively specify "ssh -C" as your ssh command in your
configuration file or with the --ssh command line option.
Dan Villiom Podlaski Christiansen
setup: install translation files as package data...
r9999
Brodie Rao
help: refer to user configuration file more consistently...
r12083 These URLs can all be stored in your configuration file with path
aliases under the [paths] section like so::
Dan Villiom Podlaski Christiansen
setup: install translation files as package data...
r9999
[paths]
alias1 = URL1
alias2 = URL2
...
You can then use the alias for any command that uses a URL (for
Martin Geisler
Use hg role in help strings
r10973 example :hg:`pull alias1` will be treated as :hg:`pull URL1`).
Dan Villiom Podlaski Christiansen
setup: install translation files as package data...
r9999
Two path aliases are special because they are used as defaults when
you do not provide the URL to a command:
default:
When you create a repository with hg clone, the clone command saves
the location of the source repository as the new repository's
'default' path. This is then used when you omit path from push- and
pull-like commands (including incoming and outgoing).
default-push:
The push command will look for a path named 'default-push', and
prefer it over 'default' if both are defined.