upstream/mercurial-mirror Files · tests/sslcerts/README

help: adding a topic on flags...

help: adding a topic on flags This is a short topic to explain how command-line flags can be specified. Some users have been confused by hg offerring different flag syntax than some other libraries, so it'd be nice to point them to this rather than explaining it every time. Differential Revision: https://phab.mercurial-scm.org/D1270

Gregory Szorc - - Load All Authors

File last commit:

r29579:43f3c0df default


                r35036:b0262b25

default

Download file

             README
        
                    45 lines
            
             | 1.8 KiB
            
                | text/plain
            
             |
                TextLexer

/ tests / sslcerts / README

History | Source | Raw |Copy content |Copy permalink

Gregory Szorc tests: regenerate x509 test certificates...	r29526	Generate a private key (priv.pem):

		$ openssl genrsa -out priv.pem 2048

		Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):

Gregory Szorc tests: update test certificate generation instructions...	r29579	$ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
		-out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
		$ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
		-out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Yuya Nishihara tests: extract SSL certificates from test-https.t...	r29331
Gregory Szorc tests: regenerate x509 test certificates...	r29526	Now generate an expired certificate by turning back the system time:

Gregory Szorc tests: update test certificate generation instructions...	r29579	$ faketime 2016-01-01T00:00:00Z \
		openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
		-out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Yuya Nishihara tests: extract SSL certificates from test-https.t...	r29331
Gregory Szorc tests: regenerate x509 test certificates...	r29526	Generate a certificate not yet active by advancing the system time:

Gregory Szorc tests: update test certificate generation instructions...	r29579	$ faketime 2030-01-1T00:00:00Z \
		openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
		-out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Gregory Szorc tests: regenerate x509 test certificates...	r29526
		Generate a passphrase protected client certificate private key:

		$ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048

		Create a copy of the private key without a passphrase:

		$ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem
Yuya Nishihara tests: extract SSL certificates from test-https.t...	r29331
Gregory Szorc tests: regenerate x509 test certificates...	r29526	Create a CSR and sign the key using the server keypair:

		$ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' \| \
		openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
		$ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
		-set_serial 01 -out client-cert.pem
Yuya Nishihara tests: extract SSL certificates from test-https.t...	r29331
Gregory Szorc tests: regenerate x509 test certificates...	r29526	When replacing the certificates, references to certificate fingerprints will
		need to be updated in test files.

		Fingerprints for certs can be obtained by running:

		$ openssl x509 -in pub.pem -noout -sha1 -fingerprint
		$ openssl x509 -in pub.pem -noout -sha256 -fingerprint

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages