upstream/mercurial-mirror Files · tests/test-patchbomb-tls.t

sslutil: eliminate `_canloaddefaultcerts` by constant-folding code using it

Manuel Jacob - - Load All Authors

File last commit:

r45415:ab5348bb default


                r45416:7dd63a8c

default

Download file

             test-patchbomb-tls.t
        
                    115 lines
            
             | 3.8 KiB
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-patchbomb-tls.t
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
      #require serve ssl

      Set up SMTP server:

        $ CERTSDIR="$TESTDIR/sslcerts"

        $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem

        Matt Harbison
    
tests: quote PYTHON usage...

              r39743
            
        $ "$PYTHON" "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        > --tls smtps --certificate `pwd`/server.pem

        Matt Harbison
    
test-serve: make the 'listening at *' lines optional...

              r31769
            
        listening at localhost:$HGPORT (?)

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        $ cat a.pid >> $DAEMON_PIDS

      Set up repository:

        $ hg init t

        $ cd t

        $ cat <<EOF >> .hg/hgrc

        > [extensions]

        > patchbomb =

        > [email]

        > method = smtp

        > [smtp]

        > host = localhost

        > port = $HGPORT

        > tls = smtps

        > EOF

        $ echo a > a

        $ hg commit -Ama -d '1 0'

        adding a

      Utility functions:

        $ DISABLECACERTS=

        $ try () {

        >   hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"

        > }

      Our test cert is not signed by a trusted CA. It should fail to verify if

      we are able to load CA certs:

        Manuel Jacob
    
tests: remove "defaultcacerts" check...

              r45415
            
      #if sslcontext no-defaultcacertsloaded

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        $ try

        this patch series consists of 1 patches.

        Gregory Szorc
    
sslutil: emit warning when no CA certificates loaded...

              r29449
            
        (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

      #endif

        Manuel Jacob
    
tests: remove "defaultcacerts" check...

              r45415
            
      #if no-sslcontext

        Gregory Szorc
    
tests: better testing of loaded certificates...

              r29481
            
        $ try

        this patch series consists of 1 patches.

        Gregory Szorc
    
sslutil: print a warning when using TLS 1.0 on legacy Python...

              r29561
            
        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info

        Gregory Szorc
    
sslutil: try to find CA certficates in well-known locations...

              r29500
            
        (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)

        Gregory Szorc
    
tests: better testing of loaded certificates...

              r29481
            
        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

      #endif

      #if defaultcacertsloaded

        $ try

        this patch series consists of 1 patches.

        Gregory Szorc
    
sslutil: more robustly detect protocol support...

              r29601
            
        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        Gregory Szorc
    
sslutil: try to find CA certficates in well-known locations...

              r29500
            
        (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)

        Matt Harbison
    
sslutil: inform the user about how to fix an incomplete certificate chain...

              r33494
            
        (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)

        Gregory Szorc
    
tests: better testing of loaded certificates...

              r29481
            
        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

      #endif

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"

      Without certificates:

        $ try --debug

        this patch series consists of 1 patches.

        (using smtps)

        sending mail: smtp host localhost, port * (glob)

        Gregory Szorc
    
sslutil: print a warning when using TLS 1.0 on legacy Python...

              r29561
            
        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        (verifying remote certificate)

        Gregory Szorc
    
sslutil: abort when unable to verify peer connection (BC)...

              r29411
            
        abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect

        Gregory Szorc
    
tests: regenerate x509 test certificates...

              r29526
            
        (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)

        Gregory Szorc
    
sslutil: abort when unable to verify peer connection (BC)...

              r29411
            
        [255]

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
      With global certificates:

        $ try --debug --config web.cacerts="$CERTSDIR/pub.pem"

        this patch series consists of 1 patches.

        (using smtps)

        sending mail: smtp host localhost, port * (glob)

        Gregory Szorc
    
sslutil: print a warning when using TLS 1.0 on legacy Python...

              r29561
            
        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        (verifying remote certificate)

        sending [PATCH] a ...

      With invalid certificates:

        $ try --config web.cacerts="$CERTSDIR/pub-other.pem"

        this patch series consists of 1 patches.

        Gregory Szorc
    
sslutil: print a warning when using TLS 1.0 on legacy Python...

              r29561
            
        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        Matt Harbison
    
sslutil: inform the user about how to fix an incomplete certificate chain...

              r33494
            
        (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)

        Yuya Nishihara
    
tests: add basic tests for SMTP over SSL...

              r29333
            
        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

        $ cd ..

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	#require serve ssl

		Set up SMTP server:

		$ CERTSDIR="$TESTDIR/sslcerts"
		$ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem

Matt Harbison tests: quote PYTHON usage...	r39743	$ "$PYTHON" "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	> --tls smtps --certificate `pwd`/server.pem
Matt Harbison test-serve: make the 'listening at *' lines optional...	r31769	listening at localhost:$HGPORT (?)
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	$ cat a.pid >> $DAEMON_PIDS

		Set up repository:

		$ hg init t
		$ cd t
		$ cat <<EOF >> .hg/hgrc
		> [extensions]
		> patchbomb =
		> [email]
		> method = smtp
		> [smtp]
		> host = localhost
		> port = $HGPORT
		> tls = smtps
		> EOF

		$ echo a > a
		$ hg commit -Ama -d '1 0'
		adding a

		Utility functions:

		$ DISABLECACERTS=
		$ try () {
		> hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"
		> }

		Our test cert is not signed by a trusted CA. It should fail to verify if
		we are able to load CA certs:

Manuel Jacob tests: remove "defaultcacerts" check...	r45415	#if sslcontext no-defaultcacertsloaded
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	$ try
		this patch series consists of 1 patches.


Gregory Szorc sslutil: emit warning when no CA certificates loaded...	r29449	(an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	(?i)abort: .?certificate.verify.failed. (re)
		[255]
		#endif

Manuel Jacob tests: remove "defaultcacerts" check...	r45415	#if no-sslcontext
Gregory Szorc tests: better testing of loaded certificates...	r29481	$ try
		this patch series consists of 1 patches.


Gregory Szorc sslutil: print a warning when using TLS 1.0 on legacy Python...	r29561	warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
Gregory Szorc sslutil: try to find CA certficates in well-known locations...	r29500	(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
Gregory Szorc tests: better testing of loaded certificates...	r29481	(?i)abort: .?certificate.verify.failed. (re)
		[255]
		#endif

		#if defaultcacertsloaded
		$ try
		this patch series consists of 1 patches.


Gregory Szorc sslutil: more robustly detect protocol support...	r29601	warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
Gregory Szorc sslutil: try to find CA certficates in well-known locations...	r29500	(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
Matt Harbison sslutil: inform the user about how to fix an incomplete certificate chain...	r33494	(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
Gregory Szorc tests: better testing of loaded certificates...	r29481	(?i)abort: .?certificate.verify.failed. (re)
		[255]

		#endif

Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	$ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"

		Without certificates:

		$ try --debug
		this patch series consists of 1 patches.


		(using smtps)
		sending mail: smtp host localhost, port * (glob)
Gregory Szorc sslutil: print a warning when using TLS 1.0 on legacy Python...	r29561	warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	(verifying remote certificate)
Gregory Szorc sslutil: abort when unable to verify peer connection (BC)...	r29411	abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
Gregory Szorc tests: regenerate x509 test certificates...	r29526	(see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
Gregory Szorc sslutil: abort when unable to verify peer connection (BC)...	r29411	[255]
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333
		With global certificates:

		$ try --debug --config web.cacerts="$CERTSDIR/pub.pem"
		this patch series consists of 1 patches.


		(using smtps)
		sending mail: smtp host localhost, port * (glob)
Gregory Szorc sslutil: print a warning when using TLS 1.0 on legacy Python...	r29561	warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	(verifying remote certificate)
		sending [PATCH] a ...

		With invalid certificates:

		$ try --config web.cacerts="$CERTSDIR/pub-other.pem"
		this patch series consists of 1 patches.


Gregory Szorc sslutil: print a warning when using TLS 1.0 on legacy Python...	r29561	warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
Matt Harbison sslutil: inform the user about how to fix an incomplete certificate chain...	r33494	(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
Yuya Nishihara tests: add basic tests for SMTP over SSL...	r29333	(?i)abort: .?certificate.verify.failed. (re)
		[255]

		$ cd ..