# HG changeset patch # User Gregory Szorc # Date 2018-09-26 22:02:19 # Node ID 86b22a4cfab12106a2129237e5a928319ae71f56 # Parent 10cf8b116dd8f36a010e66751698a6f7d5123b3a wireprotov2: client support for advertising redirect targets With the server now able to emit a redirect target descriptor, we can start to teach the client to recognize it. This commit implements support for filtering the advertised redirect targets against supported features and for advertising compatible redirect targets as part of command requests. It also adds the minimal boilerplate required to fail when a content redirect is seen. The server doesn't yet do anything with the advertised redirect targets. And the client can't yet follow redirects if it did. But at least we're putting bytes on the wire. Differential Revision: https://phab.mercurial-scm.org/D4776 diff --git a/mercurial/httppeer.py b/mercurial/httppeer.py --- a/mercurial/httppeer.py +++ b/mercurial/httppeer.py @@ -508,7 +508,8 @@ class httppeer(wireprotov1peer.wirepeer) def _abort(self, exception): raise exception -def sendv2request(ui, opener, requestbuilder, apiurl, permission, requests): +def sendv2request(ui, opener, requestbuilder, apiurl, permission, requests, + redirect): reactor = wireprotoframing.clientreactor(hasmultiplesend=False, buffersends=True) @@ -525,7 +526,8 @@ def sendv2request(ui, opener, requestbui for command, args, f in requests: ui.debug('sending command %s: %s\n' % ( command, stringutil.pprint(args, indent=2))) - assert not list(handler.callcommand(command, args, f)) + assert not list(handler.callcommand(command, args, f, + redirect=redirect)) # TODO stream this. body = b''.join(map(bytes, handler.flushcommands())) @@ -567,12 +569,14 @@ class queuedcommandfuture(pycompat.futur @interfaceutil.implementer(repository.ipeercommandexecutor) class httpv2executor(object): - def __init__(self, ui, opener, requestbuilder, apiurl, descriptor): + def __init__(self, ui, opener, requestbuilder, apiurl, descriptor, + redirect): self._ui = ui self._opener = opener self._requestbuilder = requestbuilder self._apiurl = apiurl self._descriptor = descriptor + self._redirect = redirect self._sent = False self._closed = False self._neededpermissions = set() @@ -672,7 +676,7 @@ class httpv2executor(object): handler, resp = sendv2request( self._ui, self._opener, self._requestbuilder, self._apiurl, - permission, calls) + permission, calls, self._redirect) # TODO we probably want to validate the HTTP code, media type, etc. @@ -734,6 +738,8 @@ class httpv2peer(object): self._requestbuilder = requestbuilder self._descriptor = apidescriptor + self._redirect = wireprotov2peer.supportedredirects(ui, apidescriptor) + # Start of ipeerconnection. def url(self): @@ -791,7 +797,7 @@ class httpv2peer(object): def commandexecutor(self): return httpv2executor(self.ui, self._opener, self._requestbuilder, - self._apiurl, self._descriptor) + self._apiurl, self._descriptor, self._redirect) # Registry of API service names to metadata about peers that handle it. # diff --git a/mercurial/wireprotoframing.py b/mercurial/wireprotoframing.py --- a/mercurial/wireprotoframing.py +++ b/mercurial/wireprotoframing.py @@ -280,7 +280,8 @@ def readframe(fh): payload) def createcommandframes(stream, requestid, cmd, args, datafh=None, - maxframesize=DEFAULT_MAX_FRAME_SIZE): + maxframesize=DEFAULT_MAX_FRAME_SIZE, + redirect=None): """Create frames necessary to transmit a request to run a command. This is a generator of bytearrays. Each item represents a frame @@ -290,6 +291,9 @@ def createcommandframes(stream, requesti if args: data[b'args'] = args + if redirect: + data[b'redirect'] = redirect + data = b''.join(cborutil.streamencode(data)) offset = 0 @@ -1135,11 +1139,12 @@ class serverreactor(object): class commandrequest(object): """Represents a request to run a command.""" - def __init__(self, requestid, name, args, datafh=None): + def __init__(self, requestid, name, args, datafh=None, redirect=None): self.requestid = requestid self.name = name self.args = args self.datafh = datafh + self.redirect = redirect self.state = 'pending' class clientreactor(object): @@ -1178,7 +1183,7 @@ class clientreactor(object): self._activerequests = {} self._incomingstreams = {} - def callcommand(self, name, args, datafh=None): + def callcommand(self, name, args, datafh=None, redirect=None): """Request that a command be executed. Receives the command name, a dict of arguments to pass to the command, @@ -1192,7 +1197,8 @@ class clientreactor(object): requestid = self._nextrequestid self._nextrequestid += 2 - request = commandrequest(requestid, name, args, datafh=datafh) + request = commandrequest(requestid, name, args, datafh=datafh, + redirect=redirect) if self._buffersends: self._pendingrequests.append(request) @@ -1256,7 +1262,8 @@ class clientreactor(object): request.requestid, request.name, request.args, - request.datafh) + datafh=request.datafh, + redirect=request.redirect) for frame in res: yield frame diff --git a/mercurial/wireprotov2peer.py b/mercurial/wireprotov2peer.py --- a/mercurial/wireprotov2peer.py +++ b/mercurial/wireprotov2peer.py @@ -13,6 +13,7 @@ from .i18n import _ from . import ( encoding, error, + sslutil, wireprotoframing, ) from .utils import ( @@ -34,6 +35,74 @@ def formatrichmessage(atoms): return b''.join(chunks) +SUPPORTED_REDIRECT_PROTOCOLS = { + b'http', + b'https', +} + +SUPPORTED_CONTENT_HASHES = { + b'sha1', + b'sha256', +} + +def redirecttargetsupported(ui, target): + """Determine whether a redirect target entry is supported. + + ``target`` should come from the capabilities data structure emitted by + the server. + """ + if target.get(b'protocol') not in SUPPORTED_REDIRECT_PROTOCOLS: + ui.note(_('(remote redirect target %s uses unsupported protocol: %s)\n') + % (target[b'name'], target.get(b'protocol', b''))) + return False + + if target.get(b'snirequired') and not sslutil.hassni: + ui.note(_('(redirect target %s requires SNI, which is unsupported)\n') % + target[b'name']) + return False + + if b'tlsversions' in target: + tlsversions = set(target[b'tlsversions']) + supported = set() + + for v in sslutil.supportedprotocols: + assert v.startswith(b'tls') + supported.add(v[3:]) + + if not tlsversions & supported: + ui.note(_('(remote redirect target %s requires unsupported TLS ' + 'versions: %s)\n') % ( + target[b'name'], b', '.join(sorted(tlsversions)))) + return False + + ui.note(_('(remote redirect target %s is compatible)\n') % target[b'name']) + + return True + +def supportedredirects(ui, apidescriptor): + """Resolve the "redirect" command request key given an API descriptor. + + Given an API descriptor returned by the server, returns a data structure + that can be used in hte "redirect" field of command requests to advertise + support for compatible redirect targets. + + Returns None if no redirect targets are remotely advertised or if none are + supported. + """ + if not apidescriptor or b'redirect' not in apidescriptor: + return None + + targets = [t[b'name'] for t in apidescriptor[b'redirect'][b'targets'] + if redirecttargetsupported(ui, t)] + + hashes = [h for h in apidescriptor[b'redirect'][b'hashes'] + if h in SUPPORTED_CONTENT_HASHES] + + return { + b'targets': targets, + b'hashes': hashes, + } + class commandresponse(object): """Represents the response to a command request. @@ -87,9 +156,12 @@ class commandresponse(object): def _handleinitial(self, o): self._seeninitial = True - if o[b'status'] == 'ok': + if o[b'status'] == b'ok': return + elif o[b'status'] == b'redirect': + raise error.Abort(_('redirect responses not yet supported')) + atoms = [{'msg': o[b'error'][b'message']}] if b'args' in o[b'error']: atoms[0]['args'] = o[b'error'][b'args'] @@ -150,12 +222,13 @@ class clienthandler(object): self._responses = {} self._frameseof = False - def callcommand(self, command, args, f): + def callcommand(self, command, args, f, redirect=None): """Register a request to call a command. Returns an iterable of frames that should be sent over the wire. """ - request, action, meta = self._reactor.callcommand(command, args) + request, action, meta = self._reactor.callcommand(command, args, + redirect=redirect) if action != 'noop': raise error.ProgrammingError('%s not yet supported' % action) diff --git a/tests/test-wireproto-clientreactor.py b/tests/test-wireproto-clientreactor.py --- a/tests/test-wireproto-clientreactor.py +++ b/tests/test-wireproto-clientreactor.py @@ -139,6 +139,29 @@ class StreamTests(unittest.TestCase): ffs(b'%d 0 0 command-response eos bar' % request.requestid)) self.assertEqual(action, b'responsedata') +class RedirectTests(unittest.TestCase): + def testredirect(self): + reactor = framing.clientreactor(buffersends=False) + + redirect = { + b'targets': [b'a', b'b'], + b'hashes': [b'sha256'], + } + + request, action, meta = reactor.callcommand( + b'foo', {}, redirect=redirect) + + self.assertEqual(action, b'sendframes') + + frames = list(meta[b'framegen']) + self.assertEqual(len(frames), 1) + + self.assertEqual(frames[0], + ffs(b'1 1 stream-begin command-request new ' + b"cbor:{b'name': b'foo', " + b"b'redirect': {b'targets': [b'a', b'b'], " + b"b'hashes': [b'sha256']}}")) + if __name__ == '__main__': import silenttestrunner silenttestrunner.main(__name__) diff --git a/tests/test-wireproto-content-redirects.t b/tests/test-wireproto-content-redirects.t --- a/tests/test-wireproto-content-redirects.t +++ b/tests/test-wireproto-content-redirects.t @@ -57,16 +57,17 @@ Redirect targets advertised when configu s> Content-Length: 1970\r\n s> \r\n s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa5DnameHtarget-aHprotocolDhttpKsnirequired\xf4Ktlsversions\x82C1.2C1.3Duris\x81Shttp://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash + (remote redirect target target-a is compatible) sending capabilities command s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n s> Accept-Encoding: identity\r\n s> accept: application/mercurial-exp-framing-0005\r\n s> content-type: application/mercurial-exp-framing-0005\r\n - s> content-length: 27\r\n + s> content-length: 75\r\n s> host: $LOCALIP:$HGPORT\r\n (glob) s> user-agent: Mercurial debugwireproto\r\n s> \r\n - s> \x13\x00\x00\x01\x00\x01\x01\x11\xa1DnameLcapabilities + s> C\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81Htarget-a s> makefile('rb', None) s> HTTP/1.1 200 OK\r\n s> Server: testing stub value\r\n @@ -308,6 +309,8 @@ Redirect targets advertised when configu } ] +Unknown protocol is filtered from compatible targets + $ cat > redirects.py << EOF > [ > { @@ -344,16 +347,18 @@ Redirect targets advertised when configu s> Content-Length: 1997\r\n s> \r\n s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x82\xa3DnameHtarget-aHprotocolDhttpDuris\x81Shttp://example.com/\xa3DnameHtarget-bHprotocolGunknownDuris\x81Vunknown://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash + (remote redirect target target-a is compatible) + (remote redirect target target-b uses unsupported protocol: unknown) sending capabilities command s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n s> Accept-Encoding: identity\r\n s> accept: application/mercurial-exp-framing-0005\r\n s> content-type: application/mercurial-exp-framing-0005\r\n - s> content-length: 27\r\n + s> content-length: 75\r\n s> host: $LOCALIP:$HGPORT\r\n (glob) s> user-agent: Mercurial debugwireproto\r\n s> \r\n - s> \x13\x00\x00\x01\x00\x01\x01\x11\xa1DnameLcapabilities + s> C\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81Htarget-a s> makefile('rb', None) s> HTTP/1.1 200 OK\r\n s> Server: testing stub value\r\n @@ -597,5 +602,586 @@ Redirect targets advertised when configu } ] +Missing SNI support filters targets that require SNI + + $ cat > nosni.py << EOF + > from mercurial import sslutil + > sslutil.hassni = False + > EOF + $ cat >> $HGRCPATH << EOF + > [extensions] + > nosni=`pwd`/nosni.py + > EOF + + $ cat > redirects.py << EOF + > [ + > { + > b'name': b'target-bad-tls', + > b'protocol': b'https', + > b'uris': [b'https://example.com/'], + > b'snirequired': True, + > }, + > ] + > EOF + + $ sendhttpv2peerhandshake << EOF + > command capabilities + > EOF + creating http peer for wire protocol version 2 + s> GET /?cmd=capabilities HTTP/1.1\r\n + s> Accept-Encoding: identity\r\n + s> vary: X-HgProto-1,X-HgUpgrade-1\r\n + s> x-hgproto-1: cbor\r\n + s> x-hgupgrade-1: exp-http-v2-0002\r\n + s> accept: application/mercurial-0.1\r\n + s> host: $LOCALIP:$HGPORT\r\n (glob) + s> user-agent: Mercurial debugwireproto\r\n + s> \r\n + s> makefile('rb', None) + s> HTTP/1.1 200 OK\r\n + s> Server: testing stub value\r\n + s> Date: $HTTP_DATE$\r\n + s> Content-Type: application/mercurial-cbor\r\n + s> Content-Length: 1957\r\n + s> \r\n + s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKsnirequired\xf5Duris\x81Thttps://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash + (redirect target target-bad-tls requires SNI, which is unsupported) + sending capabilities command + s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n + s> Accept-Encoding: identity\r\n + s> accept: application/mercurial-exp-framing-0005\r\n + s> content-type: application/mercurial-exp-framing-0005\r\n + s> content-length: 66\r\n + s> host: $LOCALIP:$HGPORT\r\n (glob) + s> user-agent: Mercurial debugwireproto\r\n + s> \r\n + s> :\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x80 + s> makefile('rb', None) + s> HTTP/1.1 200 OK\r\n + s> Server: testing stub value\r\n + s> Date: $HTTP_DATE$\r\n + s> Content-Type: application/mercurial-exp-framing-0005\r\n + s> Transfer-Encoding: chunked\r\n + s> \r\n + s> 13\r\n + s> \x0b\x00\x00\x01\x00\x02\x011 + s> \xa1FstatusBok + s> \r\n + received frame(size=11; request=1; stream=2; streamflags=stream-begin; type=command-response; flags=continuation) + s> 59e\r\n + s> \x96\x05\x00\x01\x00\x02\x001 + s> \xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKsnirequired\xf5Duris\x81Thttps://example.com/ + s> \r\n + received frame(size=1430; request=1; stream=2; streamflags=; type=command-response; flags=continuation) + s> 8\r\n + s> \x00\x00\x00\x01\x00\x02\x002 + s> \r\n + s> 0\r\n + s> \r\n + received frame(size=0; request=1; stream=2; streamflags=; type=command-response; flags=eos) + response: gen[ + { + b'commands': { + b'branchmap': { + b'args': {}, + b'permissions': [ + b'pull' + ] + }, + b'capabilities': { + b'args': {}, + b'permissions': [ + b'pull' + ] + }, + b'changesetdata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'bookmarks', + b'parents', + b'phase', + b'revision' + ]) + }, + b'noderange': { + b'default': None, + b'required': False, + b'type': b'list' + }, + b'nodes': { + b'default': None, + b'required': False, + b'type': b'list' + }, + b'nodesdepth': { + b'default': None, + b'required': False, + b'type': b'int' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'filedata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'parents', + b'revision' + ]) + }, + b'haveparents': { + b'default': False, + b'required': False, + b'type': b'bool' + }, + b'nodes': { + b'required': True, + b'type': b'list' + }, + b'path': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'heads': { + b'args': { + b'publiconly': { + b'default': False, + b'required': False, + b'type': b'bool' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'known': { + b'args': { + b'nodes': { + b'default': [], + b'required': False, + b'type': b'list' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'listkeys': { + b'args': { + b'namespace': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'lookup': { + b'args': { + b'key': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'manifestdata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'parents', + b'revision' + ]) + }, + b'haveparents': { + b'default': False, + b'required': False, + b'type': b'bool' + }, + b'nodes': { + b'required': True, + b'type': b'list' + }, + b'tree': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'pushkey': { + b'args': { + b'key': { + b'required': True, + b'type': b'bytes' + }, + b'namespace': { + b'required': True, + b'type': b'bytes' + }, + b'new': { + b'required': True, + b'type': b'bytes' + }, + b'old': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'push' + ] + } + }, + b'compression': [ + { + b'name': b'zstd' + }, + { + b'name': b'zlib' + } + ], + b'framingmediatypes': [ + b'application/mercurial-exp-framing-0005' + ], + b'pathfilterprefixes': set([ + b'path:', + b'rootfilesin:' + ]), + b'rawrepoformats': [ + b'generaldelta', + b'revlogv1' + ], + b'redirect': { + b'hashes': [ + b'sha256', + b'sha1' + ], + b'targets': [ + { + b'name': b'target-bad-tls', + b'protocol': b'https', + b'snirequired': True, + b'uris': [ + b'https://example.com/' + ] + } + ] + } + } + ] + + $ cat >> $HGRCPATH << EOF + > [extensions] + > nosni=! + > EOF + +Unknown tls value is filtered from compatible targets + + $ cat > redirects.py << EOF + > [ + > { + > b'name': b'target-bad-tls', + > b'protocol': b'https', + > b'uris': [b'https://example.com/'], + > b'tlsversions': [b'42', b'39'], + > }, + > ] + > EOF + + $ sendhttpv2peerhandshake << EOF + > command capabilities + > EOF + creating http peer for wire protocol version 2 + s> GET /?cmd=capabilities HTTP/1.1\r\n + s> Accept-Encoding: identity\r\n + s> vary: X-HgProto-1,X-HgUpgrade-1\r\n + s> x-hgproto-1: cbor\r\n + s> x-hgupgrade-1: exp-http-v2-0002\r\n + s> accept: application/mercurial-0.1\r\n + s> host: $LOCALIP:$HGPORT\r\n (glob) + s> user-agent: Mercurial debugwireproto\r\n + s> \r\n + s> makefile('rb', None) + s> HTTP/1.1 200 OK\r\n + s> Server: testing stub value\r\n + s> Date: $HTTP_DATE$\r\n + s> Content-Type: application/mercurial-cbor\r\n + s> Content-Length: 1963\r\n + s> \r\n + s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKtlsversions\x82B42B39Duris\x81Thttps://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash + (remote redirect target target-bad-tls requires unsupported TLS versions: 39, 42) + sending capabilities command + s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n + s> Accept-Encoding: identity\r\n + s> accept: application/mercurial-exp-framing-0005\r\n + s> content-type: application/mercurial-exp-framing-0005\r\n + s> content-length: 66\r\n + s> host: $LOCALIP:$HGPORT\r\n (glob) + s> user-agent: Mercurial debugwireproto\r\n + s> \r\n + s> :\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x80 + s> makefile('rb', None) + s> HTTP/1.1 200 OK\r\n + s> Server: testing stub value\r\n + s> Date: $HTTP_DATE$\r\n + s> Content-Type: application/mercurial-exp-framing-0005\r\n + s> Transfer-Encoding: chunked\r\n + s> \r\n + s> 13\r\n + s> \x0b\x00\x00\x01\x00\x02\x011 + s> \xa1FstatusBok + s> \r\n + received frame(size=11; request=1; stream=2; streamflags=stream-begin; type=command-response; flags=continuation) + s> 5a4\r\n + s> \x9c\x05\x00\x01\x00\x02\x001 + s> \xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKtlsversions\x82B42B39Duris\x81Thttps://example.com/ + s> \r\n + received frame(size=1436; request=1; stream=2; streamflags=; type=command-response; flags=continuation) + s> 8\r\n + s> \x00\x00\x00\x01\x00\x02\x002 + s> \r\n + s> 0\r\n + s> \r\n + received frame(size=0; request=1; stream=2; streamflags=; type=command-response; flags=eos) + response: gen[ + { + b'commands': { + b'branchmap': { + b'args': {}, + b'permissions': [ + b'pull' + ] + }, + b'capabilities': { + b'args': {}, + b'permissions': [ + b'pull' + ] + }, + b'changesetdata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'bookmarks', + b'parents', + b'phase', + b'revision' + ]) + }, + b'noderange': { + b'default': None, + b'required': False, + b'type': b'list' + }, + b'nodes': { + b'default': None, + b'required': False, + b'type': b'list' + }, + b'nodesdepth': { + b'default': None, + b'required': False, + b'type': b'int' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'filedata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'parents', + b'revision' + ]) + }, + b'haveparents': { + b'default': False, + b'required': False, + b'type': b'bool' + }, + b'nodes': { + b'required': True, + b'type': b'list' + }, + b'path': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'heads': { + b'args': { + b'publiconly': { + b'default': False, + b'required': False, + b'type': b'bool' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'known': { + b'args': { + b'nodes': { + b'default': [], + b'required': False, + b'type': b'list' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'listkeys': { + b'args': { + b'namespace': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'lookup': { + b'args': { + b'key': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'manifestdata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'parents', + b'revision' + ]) + }, + b'haveparents': { + b'default': False, + b'required': False, + b'type': b'bool' + }, + b'nodes': { + b'required': True, + b'type': b'list' + }, + b'tree': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'pushkey': { + b'args': { + b'key': { + b'required': True, + b'type': b'bytes' + }, + b'namespace': { + b'required': True, + b'type': b'bytes' + }, + b'new': { + b'required': True, + b'type': b'bytes' + }, + b'old': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'push' + ] + } + }, + b'compression': [ + { + b'name': b'zstd' + }, + { + b'name': b'zlib' + } + ], + b'framingmediatypes': [ + b'application/mercurial-exp-framing-0005' + ], + b'pathfilterprefixes': set([ + b'path:', + b'rootfilesin:' + ]), + b'rawrepoformats': [ + b'generaldelta', + b'revlogv1' + ], + b'redirect': { + b'hashes': [ + b'sha256', + b'sha1' + ], + b'targets': [ + { + b'name': b'target-bad-tls', + b'protocol': b'https', + b'tlsversions': [ + b'42', + b'39' + ], + b'uris': [ + b'https://example.com/' + ] + } + ] + } + } + ] + $ cat error.log $ killdaemons.py