##// END OF EJS Templates
sslutil: abort when unable to verify peer connection (BC)...
sslutil: abort when unable to verify peer connection (BC) Previously, when we connected to a server and were unable to verify its certificate against a trusted certificate authority we would issue a warning and continue to connect. This is obviously not great behavior because the x509 certificate model is based upon trust of specific CAs. Failure to enforce that trust erodes security. This behavior was defined several years ago when Python did not support loading the system trusted CA store (Python 2.7.9's backports of Python 3's improvements to the "ssl" module enabled this). This commit changes behavior when connecting to abort if the peer certificate can't be validated. With an empty/default Mercurial configuration, the peer certificate can be validated if Python is able to load the system trusted CA store. Environments able to load the system trusted CA store include: * Python 2.7.9+ on most platforms and installations * Python 2.7 distributions with a modern ssl module (e.g. RHEL7's patched 2.7.5 package) * Python shipped on OS X Environments unable to load the system trusted CA store include: * Python 2.6 * Python 2.7 on many existing Linux installs (because they don't ship 2.7.9+ or haven't backported modern ssl module) * Python 2.7.9+ on some installs where Python is unable to locate the system CA store (this is hopefully rare) Users of these Pythongs will need to configure Mercurial to load the system CA store using web.cacerts. This should ideally be performed by packagers (by setting web.cacerts in the global/system hgrc file). Where Mercurial packagers aren't setting this, the linked URL in the new abort message can contain instructions for users. In the future, we may want to add more code for finding the system CA store. For example, many Linux distributions have the CA store at well-known locations (such as /etc/ssl/certs/ca-certificates.crt in the case of Ubuntu). This will enable CA loading to "just work" on more Python configurations and will be best for our users since they won't have to change anything after upgrading to a Mercurial with this patch. We may also want to consider distributing a trusted CA store with Mercurial. Although we should think long and hard about that because most systems have a global CA store and Mercurial should almost certainly use the same store used by everything else on the system.

File last commit:

r28523:045fe704 default
r29411:e1778b9c default
Show More
requirements.txt
110 lines | 3.4 KiB | text/plain | TextLexer
Gregory Szorc
help: document requirements...
r28523 Requirements
============
Repositories contain a file (``.hg/requires``) containing a list of
features/capabilities that are *required* for clients to interface
with the repository. This file has been present in Mercurial since
version 0.9.2 (released December 2006).
One of the first things clients do when opening a repository is read
``.hg/requires`` and verify that all listed requirements are supported,
aborting if not. Requirements are therefore a strong mechanism to
prevent incompatible clients from reading from unknown repository
formats or even corrupting them by writing to them.
Extensions may add requirements. When they do this, clients not running
an extension will be unable to read from repositories.
The following sections describe the requirements defined by the
Mercurial core distribution.
revlogv1
--------
When present, revlogs are version 1 (RevlogNG). RevlogNG was introduced
in 2006. The ``revlogv1`` requirement has been enabled by default
since the ``requires`` file was introduced in Mercurial 0.9.2.
If this requirement is not present, version 0 revlogs are assumed.
store
-----
The *store* repository layout should be used.
This requirement has been enabled by default since the ``requires`` file
was introduced in Mercurial 0.9.2.
fncache
-------
The *fncache* repository layout should be used.
The *fncache* layout hash encodes filenames with long paths and
encodes reserved filenames.
This requirement is enabled by default when the *store* requirement is
enabled (which is the default behavior). It was introduced in Mercurial
1.1 (released December 2008).
shared
------
Denotes that the store for a repository is shared from another location
(defined by the ``.hg/sharedpath`` file).
This requirement is set when a repository is created via :hg:`share`.
The requirement was added in Mercurial 1.3 (released July 2009).
dotencode
---------
The *dotencode* repository layout should be used.
The *dotencode* layout encodes the first period or space in filenames
to prevent issues on OS X and Windows.
This requirement is enabled by default when the *store* requirement
is enabled (which is the default behavior). It was introduced in
Mercurial 1.7 (released November 2010).
parentdelta
-----------
Denotes a revlog delta encoding format that was experimental and
replaced by *generaldelta*. It should not be seen in the wild because
it was never enabled by default.
This requirement was added in Mercurial 1.7 and removed in Mercurial
1.9.
generaldelta
------------
Revlogs should be created with the *generaldelta* flag enabled. The
generaldelta flag will cause deltas to be encoded against a parent
revision instead of the previous revision in the revlog.
Support for this requirement was added in Mercurial 1.9 (released
July 2011). The requirement was disabled on new repositories by
default until Mercurial 3.7 (released February 2016).
manifestv2
----------
Denotes that version 2 of manifests are being used.
Support for this requirement was added in Mercurial 3.4 (released
May 2015). The requirement is currently experimental and is disabled
by default.
treemanifest
------------
Denotes that tree manifests are being used. Tree manifests are
one manifest per directory (as opposed to a single flat manifest).
Support for this requirement was added in Mercurial 3.4 (released
August 2015). The requirement is currently experimental and is
disabled by default.