##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

test-https: enable dummycert test only if Apple python is used (issue4500)...
Yuya Nishihara -
r24289:07fafcd4 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,369 +1,374 b''
1 1 import os, stat
2 2 import re
3 3 import socket
4 4 import sys
5 5 import tempfile
6 6
7 7 tempprefix = 'hg-hghave-'
8 8
9 9 checks = {
10 10 "true": (lambda: True, "yak shaving"),
11 11 "false": (lambda: False, "nail clipper"),
12 12 }
13 13
14 14 def check(name, desc):
15 15 def decorator(func):
16 16 checks[name] = (func, desc)
17 17 return func
18 18 return decorator
19 19
20 20 def matchoutput(cmd, regexp, ignorestatus=False):
21 21 """Return True if cmd executes successfully and its output
22 22 is matched by the supplied regular expression.
23 23 """
24 24 r = re.compile(regexp)
25 25 fh = os.popen(cmd)
26 26 s = fh.read()
27 27 try:
28 28 ret = fh.close()
29 29 except IOError:
30 30 # Happen in Windows test environment
31 31 ret = 1
32 32 return (ignorestatus or ret is None) and r.search(s)
33 33
34 34 @check("baz", "GNU Arch baz client")
35 35 def has_baz():
36 36 return matchoutput('baz --version 2>&1', r'baz Bazaar version')
37 37
38 38 @check("bzr", "Canonical's Bazaar client")
39 39 def has_bzr():
40 40 try:
41 41 import bzrlib
42 42 return bzrlib.__doc__ is not None
43 43 except ImportError:
44 44 return False
45 45
46 46 @check("bzr114", "Canonical's Bazaar client >= 1.14")
47 47 def has_bzr114():
48 48 try:
49 49 import bzrlib
50 50 return (bzrlib.__doc__ is not None
51 51 and bzrlib.version_info[:2] >= (1, 14))
52 52 except ImportError:
53 53 return False
54 54
55 55 @check("cvs", "cvs client/server")
56 56 def has_cvs():
57 57 re = r'Concurrent Versions System.*?server'
58 58 return matchoutput('cvs --version 2>&1', re) and not has_msys()
59 59
60 60 @check("cvs112", "cvs client/server >= 1.12")
61 61 def has_cvs112():
62 62 re = r'Concurrent Versions System \(CVS\) 1.12.*?server'
63 63 return matchoutput('cvs --version 2>&1', re) and not has_msys()
64 64
65 65 @check("darcs", "darcs client")
66 66 def has_darcs():
67 67 return matchoutput('darcs --version', r'2\.[2-9]', True)
68 68
69 69 @check("mtn", "monotone client (>= 1.0)")
70 70 def has_mtn():
71 71 return matchoutput('mtn --version', r'monotone', True) and not matchoutput(
72 72 'mtn --version', r'monotone 0\.', True)
73 73
74 74 @check("eol-in-paths", "end-of-lines in paths")
75 75 def has_eol_in_paths():
76 76 try:
77 77 fd, path = tempfile.mkstemp(dir='.', prefix=tempprefix, suffix='\n\r')
78 78 os.close(fd)
79 79 os.remove(path)
80 80 return True
81 81 except (IOError, OSError):
82 82 return False
83 83
84 84 @check("execbit", "executable bit")
85 85 def has_executablebit():
86 86 try:
87 87 EXECFLAGS = stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH
88 88 fh, fn = tempfile.mkstemp(dir='.', prefix=tempprefix)
89 89 try:
90 90 os.close(fh)
91 91 m = os.stat(fn).st_mode & 0777
92 92 new_file_has_exec = m & EXECFLAGS
93 93 os.chmod(fn, m ^ EXECFLAGS)
94 94 exec_flags_cannot_flip = ((os.stat(fn).st_mode & 0777) == m)
95 95 finally:
96 96 os.unlink(fn)
97 97 except (IOError, OSError):
98 98 # we don't care, the user probably won't be able to commit anyway
99 99 return False
100 100 return not (new_file_has_exec or exec_flags_cannot_flip)
101 101
102 102 @check("icasefs", "case insensitive file system")
103 103 def has_icasefs():
104 104 # Stolen from mercurial.util
105 105 fd, path = tempfile.mkstemp(dir='.', prefix=tempprefix)
106 106 os.close(fd)
107 107 try:
108 108 s1 = os.stat(path)
109 109 d, b = os.path.split(path)
110 110 p2 = os.path.join(d, b.upper())
111 111 if path == p2:
112 112 p2 = os.path.join(d, b.lower())
113 113 try:
114 114 s2 = os.stat(p2)
115 115 return s2 == s1
116 116 except OSError:
117 117 return False
118 118 finally:
119 119 os.remove(path)
120 120
121 121 @check("fifo", "named pipes")
122 122 def has_fifo():
123 123 if getattr(os, "mkfifo", None) is None:
124 124 return False
125 125 name = tempfile.mktemp(dir='.', prefix=tempprefix)
126 126 try:
127 127 os.mkfifo(name)
128 128 os.unlink(name)
129 129 return True
130 130 except OSError:
131 131 return False
132 132
133 133 @check("killdaemons", 'killdaemons.py support')
134 134 def has_killdaemons():
135 135 return True
136 136
137 137 @check("cacheable", "cacheable filesystem")
138 138 def has_cacheable_fs():
139 139 from mercurial import util
140 140
141 141 fd, path = tempfile.mkstemp(dir='.', prefix=tempprefix)
142 142 os.close(fd)
143 143 try:
144 144 return util.cachestat(path).cacheable()
145 145 finally:
146 146 os.remove(path)
147 147
148 148 @check("lsprof", "python lsprof module")
149 149 def has_lsprof():
150 150 try:
151 151 import _lsprof
152 152 _lsprof.Profiler # silence unused import warning
153 153 return True
154 154 except ImportError:
155 155 return False
156 156
157 157 @check("gettext", "GNU Gettext (msgfmt)")
158 158 def has_gettext():
159 159 return matchoutput('msgfmt --version', 'GNU gettext-tools')
160 160
161 161 @check("git", "git command line client")
162 162 def has_git():
163 163 return matchoutput('git --version 2>&1', r'^git version')
164 164
165 165 @check("docutils", "Docutils text processing library")
166 166 def has_docutils():
167 167 try:
168 168 from docutils.core import publish_cmdline
169 169 publish_cmdline # silence unused import
170 170 return True
171 171 except ImportError:
172 172 return False
173 173
174 174 def getsvnversion():
175 175 m = matchoutput('svn --version --quiet 2>&1', r'^(\d+)\.(\d+)')
176 176 if not m:
177 177 return (0, 0)
178 178 return (int(m.group(1)), int(m.group(2)))
179 179
180 180 @check("svn15", "subversion client and admin tools >= 1.5")
181 181 def has_svn15():
182 182 return getsvnversion() >= (1, 5)
183 183
184 184 @check("svn13", "subversion client and admin tools >= 1.3")
185 185 def has_svn13():
186 186 return getsvnversion() >= (1, 3)
187 187
188 188 @check("svn", "subversion client and admin tools")
189 189 def has_svn():
190 190 return matchoutput('svn --version 2>&1', r'^svn, version') and \
191 191 matchoutput('svnadmin --version 2>&1', r'^svnadmin, version')
192 192
193 193 @check("svn-bindings", "subversion python bindings")
194 194 def has_svn_bindings():
195 195 try:
196 196 import svn.core
197 197 version = svn.core.SVN_VER_MAJOR, svn.core.SVN_VER_MINOR
198 198 if version < (1, 4):
199 199 return False
200 200 return True
201 201 except ImportError:
202 202 return False
203 203
204 204 @check("p4", "Perforce server and client")
205 205 def has_p4():
206 206 return (matchoutput('p4 -V', r'Rev\. P4/') and
207 207 matchoutput('p4d -V', r'Rev\. P4D/'))
208 208
209 209 @check("symlink", "symbolic links")
210 210 def has_symlink():
211 211 if getattr(os, "symlink", None) is None:
212 212 return False
213 213 name = tempfile.mktemp(dir='.', prefix=tempprefix)
214 214 try:
215 215 os.symlink(".", name)
216 216 os.unlink(name)
217 217 return True
218 218 except (OSError, AttributeError):
219 219 return False
220 220
221 221 @check("hardlink", "hardlinks")
222 222 def has_hardlink():
223 223 from mercurial import util
224 224 fh, fn = tempfile.mkstemp(dir='.', prefix=tempprefix)
225 225 os.close(fh)
226 226 name = tempfile.mktemp(dir='.', prefix=tempprefix)
227 227 try:
228 228 try:
229 229 util.oslink(fn, name)
230 230 os.unlink(name)
231 231 return True
232 232 except OSError:
233 233 return False
234 234 finally:
235 235 os.unlink(fn)
236 236
237 237 @check("tla", "GNU Arch tla client")
238 238 def has_tla():
239 239 return matchoutput('tla --version 2>&1', r'The GNU Arch Revision')
240 240
241 241 @check("gpg", "gpg client")
242 242 def has_gpg():
243 243 return matchoutput('gpg --version 2>&1', r'GnuPG')
244 244
245 245 @check("unix-permissions", "unix-style permissions")
246 246 def has_unix_permissions():
247 247 d = tempfile.mkdtemp(dir='.', prefix=tempprefix)
248 248 try:
249 249 fname = os.path.join(d, 'foo')
250 250 for umask in (077, 007, 022):
251 251 os.umask(umask)
252 252 f = open(fname, 'w')
253 253 f.close()
254 254 mode = os.stat(fname).st_mode
255 255 os.unlink(fname)
256 256 if mode & 0777 != ~umask & 0666:
257 257 return False
258 258 return True
259 259 finally:
260 260 os.rmdir(d)
261 261
262 262 @check("unix-socket", "AF_UNIX socket family")
263 263 def has_unix_socket():
264 264 return getattr(socket, 'AF_UNIX', None) is not None
265 265
266 266 @check("root", "root permissions")
267 267 def has_root():
268 268 return getattr(os, 'geteuid', None) and os.geteuid() == 0
269 269
270 270 @check("pyflakes", "Pyflakes python linter")
271 271 def has_pyflakes():
272 272 return matchoutput("sh -c \"echo 'import re' 2>&1 | pyflakes\"",
273 273 r"<stdin>:1: 're' imported but unused",
274 274 True)
275 275
276 276 @check("pygments", "Pygments source highlighting library")
277 277 def has_pygments():
278 278 try:
279 279 import pygments
280 280 pygments.highlight # silence unused import warning
281 281 return True
282 282 except ImportError:
283 283 return False
284 284
285 285 @check("python243", "python >= 2.4.3")
286 286 def has_python243():
287 287 return sys.version_info >= (2, 4, 3)
288 288
289 289 @check("json", "some json module available")
290 290 def has_json():
291 291 try:
292 292 import json
293 293 json.dumps
294 294 return True
295 295 except ImportError:
296 296 try:
297 297 import simplejson as json
298 298 json.dumps
299 299 return True
300 300 except ImportError:
301 301 pass
302 302 return False
303 303
304 304 @check("outer-repo", "outer repo")
305 305 def has_outer_repo():
306 306 # failing for other reasons than 'no repo' imply that there is a repo
307 307 return not matchoutput('hg root 2>&1',
308 308 r'abort: no repository found', True)
309 309
310 310 @check("ssl", ("(python >= 2.6 ssl module and python OpenSSL) "
311 311 "OR python >= 2.7.9 ssl"))
312 312 def has_ssl():
313 313 try:
314 314 import ssl
315 315 if getattr(ssl, 'create_default_context', False):
316 316 return True
317 317 import OpenSSL
318 318 OpenSSL.SSL.Context
319 319 return True
320 320 except ImportError:
321 321 return False
322 322
323 @check("defaultcacerts", "can verify SSL certs by system's CA certs store")
324 def has_defaultcacerts():
325 from mercurial import sslutil
326 return sslutil._defaultcacerts()
327
323 328 @check("windows", "Windows")
324 329 def has_windows():
325 330 return os.name == 'nt'
326 331
327 332 @check("system-sh", "system() uses sh")
328 333 def has_system_sh():
329 334 return os.name != 'nt'
330 335
331 336 @check("serve", "platform and python can manage 'hg serve -d'")
332 337 def has_serve():
333 338 return os.name != 'nt' # gross approximation
334 339
335 340 @check("test-repo", "running tests from repository")
336 341 def has_test_repo():
337 342 t = os.environ["TESTDIR"]
338 343 return os.path.isdir(os.path.join(t, "..", ".hg"))
339 344
340 345 @check("tic", "terminfo compiler and curses module")
341 346 def has_tic():
342 347 try:
343 348 import curses
344 349 curses.COLOR_BLUE
345 350 return matchoutput('test -x "`which tic`"', '')
346 351 except ImportError:
347 352 return False
348 353
349 354 @check("msys", "Windows with MSYS")
350 355 def has_msys():
351 356 return os.getenv('MSYSTEM')
352 357
353 358 @check("aix", "AIX")
354 359 def has_aix():
355 360 return sys.platform.startswith("aix")
356 361
357 362 @check("osx", "OS X")
358 363 def has_osx():
359 364 return sys.platform == 'darwin'
360 365
361 366 @check("absimport", "absolute_import in __future__")
362 367 def has_absimport():
363 368 import __future__
364 369 from mercurial import util
365 370 return util.safehasattr(__future__, "absolute_import")
366 371
367 372 @check("py3k", "running with Python 3.x")
368 373 def has_py3k():
369 374 return 3 == sys.version_info[0]
Show file before | Show file after | Hide comments
@@ -1,299 +1,299 b''
1 1 #require serve ssl
2 2
3 3 Proper https client requires the built-in ssl from Python 2.6.
4 4
5 5 Certificates created with:
6 6 printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \
7 7 openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem
8 8 Can be dumped with:
9 9 openssl x509 -in pub.pem -text
10 10
11 11 $ cat << EOT > priv.pem
12 12 > -----BEGIN PRIVATE KEY-----
13 13 > MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH
14 14 > aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8
15 15 > j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc
16 16 > EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG
17 17 > MF1ACazQO7PYE8M0qfECIQDONHHP0SKZzz/ZwBZcAveC5K61f/v9hONFwbeYulzR
18 18 > +wIgc9SvbtgB/5Yzpp//4ZAEnR7oh5SClCvyB+KSx52K3nECICbhQphhoXmI10wy
19 19 > aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh
20 20 > HY8gUVkVRVs=
21 21 > -----END PRIVATE KEY-----
22 22 > EOT
23 23
24 24 $ cat << EOT > pub.pem
25 25 > -----BEGIN CERTIFICATE-----
26 26 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
27 27 > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
28 28 > MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0
29 29 > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
30 30 > ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX
31 31 > 6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm
32 32 > r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw
33 33 > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl
34 34 > t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c=
35 35 > -----END CERTIFICATE-----
36 36 > EOT
37 37 $ cat priv.pem pub.pem >> server.pem
38 38 $ PRIV=`pwd`/server.pem
39 39
40 40 $ cat << EOT > pub-other.pem
41 41 > -----BEGIN CERTIFICATE-----
42 42 > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
43 43 > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
44 44 > MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0
45 45 > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
46 46 > ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo
47 47 > K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN
48 48 > y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw
49 49 > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6
50 50 > bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig=
51 51 > -----END CERTIFICATE-----
52 52 > EOT
53 53
54 54 pub.pem patched with other notBefore / notAfter:
55 55
56 56 $ cat << EOT > pub-not-yet.pem
57 57 > -----BEGIN CERTIFICATE-----
58 58 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
59 59 > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw
60 60 > NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
61 61 > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
62 62 > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
63 63 > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
64 64 > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb
65 65 > /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0=
66 66 > -----END CERTIFICATE-----
67 67 > EOT
68 68 $ cat priv.pem pub-not-yet.pem > server-not-yet.pem
69 69
70 70 $ cat << EOT > pub-expired.pem
71 71 > -----BEGIN CERTIFICATE-----
72 72 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
73 73 > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx
74 74 > NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
75 75 > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
76 76 > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
77 77 > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
78 78 > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt
79 79 > 2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ=
80 80 > -----END CERTIFICATE-----
81 81 > EOT
82 82 $ cat priv.pem pub-expired.pem > server-expired.pem
83 83
84 84 $ hg init test
85 85 $ cd test
86 86 $ echo foo>foo
87 87 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
88 88 $ echo foo>foo.d/foo
89 89 $ echo bar>foo.d/bAr.hg.d/BaR
90 90 $ echo bar>foo.d/baR.d.hg/bAR
91 91 $ hg commit -A -m 1
92 92 adding foo
93 93 adding foo.d/bAr.hg.d/BaR
94 94 adding foo.d/baR.d.hg/bAR
95 95 adding foo.d/foo
96 96 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
97 97 $ cat ../hg0.pid >> $DAEMON_PIDS
98 98
99 99 cacert not found
100 100
101 101 $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
102 102 abort: could not find web.cacerts: no-such.pem
103 103 [255]
104 104
105 105 Test server address cannot be reused
106 106
107 107 #if windows
108 108 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
109 109 abort: cannot start server at ':$HGPORT':
110 110 [255]
111 111 #else
112 112 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
113 113 abort: cannot start server at ':$HGPORT': Address already in use
114 114 [255]
115 115 #endif
116 116 $ cd ..
117 117
118 118 OS X has a dummy CA cert that enables use of the system CA store when using
119 119 Apple's OpenSSL. This trick do not work with plain OpenSSL.
120 120
121 121 $ DISABLEOSXDUMMYCERT=
122 #if osx
122 #if defaultcacerts
123 123 $ hg clone https://localhost:$HGPORT/ copy-pull
124 124 abort: error: *certificate verify failed* (glob)
125 125 [255]
126 126
127 127 $ DISABLEOSXDUMMYCERT="--config=web.cacerts="
128 128 #endif
129 129
130 130 clone via pull
131 131
132 132 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLEOSXDUMMYCERT
133 133 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
134 134 requesting all changes
135 135 adding changesets
136 136 adding manifests
137 137 adding file changes
138 138 added 1 changesets with 4 changes to 4 files
139 139 updating to branch default
140 140 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
141 141 $ hg verify -R copy-pull
142 142 checking changesets
143 143 checking manifests
144 144 crosschecking files in changesets and manifests
145 145 checking files
146 146 4 files, 1 changesets, 4 total revisions
147 147 $ cd test
148 148 $ echo bar > bar
149 149 $ hg commit -A -d '1 0' -m 2
150 150 adding bar
151 151 $ cd ..
152 152
153 153 pull without cacert
154 154
155 155 $ cd copy-pull
156 156 $ echo '[hooks]' >> .hg/hgrc
157 157 $ echo "changegroup = python \"$TESTDIR/printenv.py\" changegroup" >> .hg/hgrc
158 158 $ hg pull $DISABLEOSXDUMMYCERT
159 159 pulling from https://localhost:$HGPORT/
160 160 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
161 161 searching for changes
162 162 adding changesets
163 163 adding manifests
164 164 adding file changes
165 165 added 1 changesets with 1 changes to 1 files
166 166 changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_URL=https://localhost:$HGPORT/
167 167 (run 'hg update' to get a working copy)
168 168 $ cd ..
169 169
170 170 cacert configured in local repo
171 171
172 172 $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
173 173 $ echo "[web]" >> copy-pull/.hg/hgrc
174 174 $ echo "cacerts=`pwd`/pub.pem" >> copy-pull/.hg/hgrc
175 175 $ hg -R copy-pull pull --traceback
176 176 pulling from https://localhost:$HGPORT/
177 177 searching for changes
178 178 no changes found
179 179 $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
180 180
181 181 cacert configured globally, also testing expansion of environment
182 182 variables in the filename
183 183
184 184 $ echo "[web]" >> $HGRCPATH
185 185 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
186 186 $ P=`pwd` hg -R copy-pull pull
187 187 pulling from https://localhost:$HGPORT/
188 188 searching for changes
189 189 no changes found
190 190 $ P=`pwd` hg -R copy-pull pull --insecure
191 191 pulling from https://localhost:$HGPORT/
192 192 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
193 193 searching for changes
194 194 no changes found
195 195
196 196 cacert mismatch
197 197
198 198 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/
199 199 pulling from https://127.0.0.1:$HGPORT/
200 200 abort: 127.0.0.1 certificate error: certificate is for localhost
201 201 (configure hostfingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca or use --insecure to connect insecurely)
202 202 [255]
203 203 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure
204 204 pulling from https://127.0.0.1:$HGPORT/
205 205 warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
206 206 searching for changes
207 207 no changes found
208 208 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem
209 209 pulling from https://localhost:$HGPORT/
210 210 abort: error: *certificate verify failed* (glob)
211 211 [255]
212 212 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure
213 213 pulling from https://localhost:$HGPORT/
214 214 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
215 215 searching for changes
216 216 no changes found
217 217
218 218 Test server cert which isn't valid yet
219 219
220 220 $ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
221 221 $ cat hg1.pid >> $DAEMON_PIDS
222 222 $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/
223 223 pulling from https://localhost:$HGPORT1/
224 224 abort: error: *certificate verify failed* (glob)
225 225 [255]
226 226
227 227 Test server cert which no longer is valid
228 228
229 229 $ hg -R test serve -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
230 230 $ cat hg2.pid >> $DAEMON_PIDS
231 231 $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
232 232 pulling from https://localhost:$HGPORT2/
233 233 abort: error: *certificate verify failed* (glob)
234 234 [255]
235 235
236 236 Fingerprints
237 237
238 238 $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
239 239 $ echo "localhost = 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca" >> copy-pull/.hg/hgrc
240 240 $ echo "127.0.0.1 = 914f1aff87249c09b6859b88b1906d30756491ca" >> copy-pull/.hg/hgrc
241 241
242 242 - works without cacerts
243 243 $ hg -R copy-pull id https://localhost:$HGPORT/ --config web.cacerts=
244 244 5fed3813f7f5
245 245
246 246 - fails when cert doesn't match hostname (port is ignored)
247 247 $ hg -R copy-pull id https://localhost:$HGPORT1/
248 248 abort: certificate for localhost has unexpected fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
249 249 (check hostfingerprint configuration)
250 250 [255]
251 251
252 252
253 253 - ignores that certificate doesn't match hostname
254 254 $ hg -R copy-pull id https://127.0.0.1:$HGPORT/
255 255 5fed3813f7f5
256 256
257 257 HGPORT1 is reused below for tinyproxy tests. Kill that server.
258 258 $ "$TESTDIR/killdaemons.py" hg1.pid
259 259
260 260 Prepare for connecting through proxy
261 261
262 262 $ "$TESTDIR/tinyproxy.py" $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
263 263 $ while [ ! -f proxy.pid ]; do sleep 0; done
264 264 $ cat proxy.pid >> $DAEMON_PIDS
265 265
266 266 $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
267 267 $ echo "always=True" >> copy-pull/.hg/hgrc
268 268 $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
269 269 $ echo "localhost =" >> copy-pull/.hg/hgrc
270 270
271 271 Test unvalidated https through proxy
272 272
273 273 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure --traceback
274 274 pulling from https://localhost:$HGPORT/
275 275 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
276 276 searching for changes
277 277 no changes found
278 278
279 279 Test https with cacert and fingerprint through proxy
280 280
281 281 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub.pem
282 282 pulling from https://localhost:$HGPORT/
283 283 searching for changes
284 284 no changes found
285 285 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://127.0.0.1:$HGPORT/
286 286 pulling from https://127.0.0.1:$HGPORT/
287 287 searching for changes
288 288 no changes found
289 289
290 290 Test https with cert problems through proxy
291 291
292 292 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-other.pem
293 293 pulling from https://localhost:$HGPORT/
294 294 abort: error: *certificate verify failed* (glob)
295 295 [255]
296 296 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
297 297 pulling from https://localhost:$HGPORT2/
298 298 abort: error: *certificate verify failed* (glob)
299 299 [255]
General Comments 0
You need to be logged in to leave comments. Login now