test-patchbomb-tls.t
124 lines
| 4.2 KiB
| text/troff
|
Tads3Lexer
/ tests / test-patchbomb-tls.t
Yuya Nishihara
|
r29333 | #require serve ssl | ||
Set up SMTP server: | ||||
$ CERTSDIR="$TESTDIR/sslcerts" | ||||
$ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem | ||||
Augie Fackler
|
r32940 | $ $PYTHON "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \ | ||
Yuya Nishihara
|
r29333 | > --tls smtps --certificate `pwd`/server.pem | ||
Matt Harbison
|
r31769 | listening at localhost:$HGPORT (?) | ||
Yuya Nishihara
|
r29333 | $ cat a.pid >> $DAEMON_PIDS | ||
Set up repository: | ||||
$ hg init t | ||||
$ cd t | ||||
$ cat <<EOF >> .hg/hgrc | ||||
> [extensions] | ||||
> patchbomb = | ||||
> [email] | ||||
> method = smtp | ||||
> [smtp] | ||||
> host = localhost | ||||
> port = $HGPORT | ||||
> tls = smtps | ||||
> EOF | ||||
$ echo a > a | ||||
$ hg commit -Ama -d '1 0' | ||||
adding a | ||||
Utility functions: | ||||
$ DISABLECACERTS= | ||||
$ try () { | ||||
> hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@" | ||||
> } | ||||
Our test cert is not signed by a trusted CA. It should fail to verify if | ||||
we are able to load CA certs: | ||||
Gregory Szorc
|
r29481 | #if sslcontext defaultcacerts no-defaultcacertsloaded | ||
Yuya Nishihara
|
r29333 | $ try | ||
this patch series consists of 1 patches. | ||||
Gregory Szorc
|
r29449 | (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | ||
Yuya Nishihara
|
r29333 | (?i)abort: .*?certificate.verify.failed.* (re) | ||
[255] | ||||
#endif | ||||
Gregory Szorc
|
r29481 | #if no-sslcontext defaultcacerts | ||
$ try | ||||
this patch series consists of 1 patches. | ||||
Gregory Szorc
|
r29561 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info | ||
Gregory Szorc
|
r29500 | (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) | ||
Gregory Szorc
|
r29481 | (?i)abort: .*?certificate.verify.failed.* (re) | ||
[255] | ||||
#endif | ||||
#if defaultcacertsloaded | ||||
$ try | ||||
this patch series consists of 1 patches. | ||||
Gregory Szorc
|
r29601 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | ||
Gregory Szorc
|
r29500 | (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) | ||
Gregory Szorc
|
r29481 | (?i)abort: .*?certificate.verify.failed.* (re) | ||
[255] | ||||
#endif | ||||
#if no-defaultcacerts | ||||
$ try | ||||
this patch series consists of 1 patches. | ||||
Gregory Szorc
|
r29499 | (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) | ||
Gregory Szorc
|
r29481 | abort: localhost certificate error: no certificate received | ||
(set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely) | ||||
[255] | ||||
#endif | ||||
Yuya Nishihara
|
r29333 | $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true" | ||
Without certificates: | ||||
$ try --debug | ||||
this patch series consists of 1 patches. | ||||
(using smtps) | ||||
sending mail: smtp host localhost, port * (glob) | ||||
Gregory Szorc
|
r29561 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | ||
Yuya Nishihara
|
r29333 | (verifying remote certificate) | ||
Gregory Szorc
|
r29411 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | ||
Gregory Szorc
|
r29526 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) | ||
Gregory Szorc
|
r29411 | [255] | ||
Yuya Nishihara
|
r29333 | |||
With global certificates: | ||||
$ try --debug --config web.cacerts="$CERTSDIR/pub.pem" | ||||
this patch series consists of 1 patches. | ||||
(using smtps) | ||||
sending mail: smtp host localhost, port * (glob) | ||||
Gregory Szorc
|
r29561 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | ||
Yuya Nishihara
|
r29333 | (verifying remote certificate) | ||
sending [PATCH] a ... | ||||
With invalid certificates: | ||||
$ try --config web.cacerts="$CERTSDIR/pub-other.pem" | ||||
this patch series consists of 1 patches. | ||||
Gregory Szorc
|
r29561 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | ||
Yuya Nishihara
|
r29333 | (?i)abort: .*?certificate.verify.failed.* (re) | ||
[255] | ||||
$ cd .. | ||||