upstream/mercurial-mirror Commit - r35233:1b22d325

tests: add a substitution for EADDRINUSE/WSAEADDRINUSE messages...

Matt Harbison -

r35233:1b22d325 default

parent child

tests/common-pattern.py

0 +8 0

             # common patterns in test at can safely be replaced
             from __future__ import absolute_import
             substitutions = [
                 # list of possible compressions
                 (br'zstd,zlib,none,bzip2',
                  br'$USUAL_COMPRESSIONS$'
                 ),
                 # capabilities sent through http
                 (br'bundlecaps=HG20%2Cbundle2%3DHG20%250A'
                  br'changegroup%253D01%252C02%250A'
                  br'digests%253Dmd5%252Csha1%252Csha512%250A'
                  br'error%253Dabort%252Cunsupportedcontent%252Cpushraced%252Cpushkey%250A'
                  br'hgtagsfnodes%250A'
                  br'listkeys%250A'
                  br'phases%253Dheads%250A'
                  br'pushkey%250A'
                  br'remote-changegroup%253Dhttp%252Chttps',
                  # (the replacement patterns)
                  br'$USUAL_BUNDLE_CAPS$'
                 ),
                 # bundle2 capabilities sent through ssh
                 (br'bundle2=HG20%0A'
                  br'changegroup%3D01%2C02%0A'
                  br'digests%3Dmd5%2Csha1%2Csha512%0A'
                  br'error%3Dabort%2Cunsupportedcontent%2Cpushraced%2Cpushkey%0A'
                  br'hgtagsfnodes%0A'
                  br'listkeys%0A'
                  br'phases%3Dheads%0A'
                  br'pushkey%0A'
                  br'remote-changegroup%3Dhttp%2Chttps',
                  # (replacement patterns)
                  br'$USUAL_BUNDLE2_CAPS$'
                 ),
                 # HTTP log dates
                 (br' - - \[\d\d/.../2\d\d\d \d\d:\d\d:\d\d] "GET',
                  br' - - [$LOGDATE$] "GET'
                 ),
             ]
             # Various platform error strings, keyed on a common replacement string
             _errors = {
                 br'$ENOENT$': (
                     # strerror()
                     br'No such file or directory',
                     # FormatMessage(ERROR_FILE_NOT_FOUND)
                     br'The system cannot find the file specified',
                 ),
                 br'$ENOTDIR$': (
                     # strerror()
                     br'Not a directory',
                     # FormatMessage(ERROR_PATH_NOT_FOUND)
                     br'The system cannot find the path specified',
                 ),
                 br'$ECONNRESET$': (
                     # strerror()
                     br'Connection reset by peer',
                     # FormatMessage(WSAECONNRESET)
                     br'An existing connection was forcibly closed by the remote host',
                 ),
+                br'$EADDRINUSE$': (
+                    # strerror()
+                    br'Address already in use',
+                    # FormatMessage(WSAEADDRINUSE)
+                    br'Only one usage of each socket address'
+                    br' \(protocol/network address/port\) is normally permitted',
+                ),
             }
             for replace, msgs in _errors.items():
                 substitutions.extend((m, replace) for m in msgs)

tests/test-http-bundle1.t

0 +2 -7

             #require serve
             This test is a duplicate of 'test-http.t', feel free to factor out
             parts that are not bundle1/bundle2 specific.
               $ cat << EOF >> $HGRCPATH
               > [devel]
               > # This test is dedicated to interaction through old bundle
               > legacy.exchange = bundle1
               > EOF
               $ hg init test
               $ cd test
               $ echo foo>foo
               $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
               $ echo foo>foo.d/foo
               $ echo bar>foo.d/bAr.hg.d/BaR
               $ echo bar>foo.d/baR.d.hg/bAR
               $ hg commit -A -m 1
               adding foo
               adding foo.d/bAr.hg.d/BaR
               adding foo.d/baR.d.hg/bAR
               adding foo.d/foo
               $ hg serve -p $HGPORT -d --pid-file=../hg1.pid -E ../error.log
               $ hg serve --config server.uncompressed=False -p $HGPORT1 -d --pid-file=../hg2.pid
             Test server address cannot be reused
-            #if windows
               $ hg serve -p $HGPORT1 2>&1
-              abort: cannot start server at 'localhost:$HGPORT1': * (glob)
+              abort: cannot start server at 'localhost:$HGPORT1': $EADDRINUSE$
               [255]
-            #else
-              $ hg serve -p $HGPORT1 2>&1
-              abort: cannot start server at 'localhost:$HGPORT1': Address already in use
-              [255]
-            #endif
               $ cd ..
               $ cat hg1.pid hg2.pid >> $DAEMON_PIDS
             clone via stream
               $ hg clone --stream http://localhost:$HGPORT/ copy 2>&1
               streaming all changes
 files to transfer, 606 bytes of data
               transferred * bytes in * seconds (*/sec) (glob)
               searching for changes
               no changes found
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg verify -R copy
               checking changesets
               checking manifests
               crosschecking files in changesets and manifests
               checking files
 files, 1 changesets, 4 total revisions
             try to clone via stream, should use pull instead
               $ hg clone --stream http://localhost:$HGPORT1/ copy2
               warning: stream clone requested but server has them disabled
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
             try to clone via stream but missing requirements, so should use pull instead
               $ cat > $TESTTMP/removesupportedformat.py << EOF
               > from mercurial import localrepo
               > def extsetup(ui):
               >     localrepo.localrepository.supportedformats.remove('generaldelta')
               > EOF
               $ hg clone --config extensions.rsf=$TESTTMP/removesupportedformat.py --stream http://localhost:$HGPORT/ copy3
               warning: stream clone requested but client is missing requirements: generaldelta
               (see https://www.mercurial-scm.org/wiki/MissingRequirement for more information)
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
             clone via pull
               $ hg clone http://localhost:$HGPORT1/ copy-pull
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg verify -R copy-pull
               checking changesets
               checking manifests
               crosschecking files in changesets and manifests
               checking files
 files, 1 changesets, 4 total revisions
               $ cd test
               $ echo bar > bar
               $ hg commit -A -d '1 0' -m 2
               adding bar
               $ cd ..
             clone over http with --update
               $ hg clone http://localhost:$HGPORT1/ updated --update 0
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 5 changes to 5 files
               new changesets 8b6053c928fe:5fed3813f7f5
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg log -r . -R updated
               changeset:   0:8b6053c928fe
               user:        test
               date:        Thu Jan 01 00:00:00 1970 +0000
               summary:     1
               $ rm -rf updated
             incoming via HTTP
               $ hg clone http://localhost:$HGPORT1/ --rev 0 partial
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ cd partial
               $ touch LOCAL
               $ hg ci -qAm LOCAL
               $ hg incoming http://localhost:$HGPORT1/ --template '{desc}\n'
               comparing with http://localhost:$HGPORT1/
               searching for changes
               $ cd ..
             pull
               $ cd copy-pull
               $ cat >> .hg/hgrc <<EOF
               > [hooks]
               > changegroup = sh -c "printenv.py changegroup"
               > EOF
               $ hg pull
               pulling from http://localhost:$HGPORT1/
               searching for changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 1 changes to 1 files
               new changesets 5fed3813f7f5
               changegroup hook: HG_HOOKNAME=changegroup HG_HOOKTYPE=changegroup HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:$ID$ HG_URL=http://localhost:$HGPORT1/
               (run 'hg update' to get a working copy)
               $ cd ..
             clone from invalid URL
               $ hg clone http://localhost:$HGPORT/bad
               abort: HTTP Error 404: Not Found
               [255]
             test http authentication
             + use the same server to test server side streaming preference
               $ cd test
               $ cat << EOT > userpass.py
               > import base64
               > from mercurial.hgweb import common
               > def perform_authentication(hgweb, req, op):
               >     auth = req.env.get('HTTP_AUTHORIZATION')
               >     if not auth:
               >         raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who',
               >                 [('WWW-Authenticate', 'Basic Realm="mercurial"')])
               >     if base64.b64decode(auth.split()[1]).split(':', 1) != ['user', 'pass']:
               >         raise common.ErrorResponse(common.HTTP_FORBIDDEN, 'no')
               > def extsetup():
               >     common.permhooks.insert(0, perform_authentication)
               > EOT
               $ hg serve --config extensions.x=userpass.py -p $HGPORT2 -d --pid-file=pid \
               >    --config server.preferuncompressed=True \
               >    --config web.push_ssl=False --config web.allow_push=* -A ../access.log
               $ cat pid >> $DAEMON_PIDS
               $ cat << EOF > get_pass.py
               > import getpass
               > def newgetpass(arg):
               >   return "pass"
               > getpass.getpass = newgetpass
               > EOF
               $ hg id http://localhost:$HGPORT2/
               abort: http authorization required for http://localhost:$HGPORT2/
               [255]
               $ hg id http://localhost:$HGPORT2/
               abort: http authorization required for http://localhost:$HGPORT2/
               [255]
               $ hg id --config ui.interactive=true --config extensions.getpass=get_pass.py http://user@localhost:$HGPORT2/
               http authorization required for http://localhost:$HGPORT2/
               realm: mercurial
               user: user
               password: 5fed3813f7f5
               $ hg id http://user:pass@localhost:$HGPORT2/
 fed3813f7f5
               $ echo '[auth]' >> .hg/hgrc
               $ echo 'l.schemes=http' >> .hg/hgrc
               $ echo 'l.prefix=lo' >> .hg/hgrc
               $ echo 'l.username=user' >> .hg/hgrc
               $ echo 'l.password=pass' >> .hg/hgrc
               $ hg id http://localhost:$HGPORT2/
 fed3813f7f5
               $ hg id http://localhost:$HGPORT2/
 fed3813f7f5
               $ hg id http://user@localhost:$HGPORT2/
 fed3813f7f5
               $ hg clone http://user:pass@localhost:$HGPORT2/ dest 2>&1
               streaming all changes
 files to transfer, 916 bytes of data
               transferred * bytes in * seconds (*/sec) (glob)
               searching for changes
               no changes found
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
             --pull should override server's preferuncompressed
               $ hg clone --pull http://user:pass@localhost:$HGPORT2/ dest-pull 2>&1
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 5 changes to 5 files
               new changesets 8b6053c928fe:5fed3813f7f5
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg id http://user2@localhost:$HGPORT2/
               abort: http authorization required for http://localhost:$HGPORT2/
               [255]
               $ hg id http://user:pass2@localhost:$HGPORT2/
               abort: HTTP Error 403: no
               [255]
               $ hg -R dest tag -r tip top
               $ hg -R dest push http://user:pass@localhost:$HGPORT2/
               pushing to http://user:***@localhost:$HGPORT2/
               searching for changes
               remote: adding changesets
               remote: adding manifests
               remote: adding file changes
               remote: added 1 changesets with 1 changes to 1 files
               $ hg rollback -q
               $ sed 's/.*] "/"/' < ../access.log
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=stream_out HTTP/1.1" 401 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=stream_out HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 403 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D7f4e523d01f2cc3765ac8934da3d14db775ff872 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "POST /?cmd=unbundle HTTP/1.1" 200 - x-hgarg-1:heads=686173686564+5eb5abfefeea63c80dd7553bcc3783f37e0c5524* (glob)
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               $ cd ..
             clone of serve with repo in root and unserved subrepo (issue2970)
               $ hg --cwd test init sub
               $ echo empty > test/sub/empty
               $ hg --cwd test/sub add empty
               $ hg --cwd test/sub commit -qm 'add empty'
               $ hg --cwd test/sub tag -r 0 something
               $ echo sub = sub > test/.hgsub
               $ hg --cwd test add .hgsub
               $ hg --cwd test commit -qm 'add subrepo'
               $ hg clone http://localhost:$HGPORT noslash-clone
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 3 changesets with 7 changes to 7 files
               new changesets 8b6053c928fe:56f9bc90cce6
               updating to branch default
               abort: HTTP Error 404: Not Found
               [255]
               $ hg clone http://localhost:$HGPORT/ slash-clone
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 3 changesets with 7 changes to 7 files
               new changesets 8b6053c928fe:56f9bc90cce6
               updating to branch default
               abort: HTTP Error 404: Not Found
               [255]
             check error log
               $ cat error.log
             Check error reporting while pulling/cloning
               $ $RUNTESTDIR/killdaemons.py
               $ hg serve -R test -p $HGPORT -d --pid-file=hg3.pid -E error.log --config extensions.crash=${TESTDIR}/crashgetbundler.py
               $ cat hg3.pid >> $DAEMON_PIDS
               $ hg clone http://localhost:$HGPORT/ abort-clone
               requesting all changes
               abort: remote error:
               this is an exercise
               [255]
               $ cat error.log
             disable pull-based clones
               $ hg serve -R test -p $HGPORT1 -d --pid-file=hg4.pid -E error.log --config server.disablefullbundle=True
               $ cat hg4.pid >> $DAEMON_PIDS
               $ hg clone http://localhost:$HGPORT1/ disable-pull-clone
               requesting all changes
               abort: remote error:
               server has pull-based clones disabled
               [255]
             ... but keep stream clones working
               $ hg clone --stream --noupdate http://localhost:$HGPORT1/ test-stream-clone
               streaming all changes
               * files to transfer, * of data (glob)
               transferred * in * seconds (* KB/sec) (glob)
               searching for changes
               no changes found
             ... and also keep partial clones and pulls working
               $ hg clone http://localhost:$HGPORT1 --rev 0 test-partial-clone
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg pull -R test-partial-clone
               pulling from http://localhost:$HGPORT1/
               searching for changes
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 3 changes to 3 files
               new changesets 5fed3813f7f5:56f9bc90cce6
               (run 'hg update' to get a working copy)
               $ cat error.log

tests/test-http.t

0 +2 -7

             #require killdaemons serve
               $ hg init test
               $ cd test
               $ echo foo>foo
               $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
               $ echo foo>foo.d/foo
               $ echo bar>foo.d/bAr.hg.d/BaR
               $ echo bar>foo.d/baR.d.hg/bAR
               $ hg commit -A -m 1
               adding foo
               adding foo.d/bAr.hg.d/BaR
               adding foo.d/baR.d.hg/bAR
               adding foo.d/foo
               $ hg serve -p $HGPORT -d --pid-file=../hg1.pid -E ../error.log
               $ hg serve --config server.uncompressed=False -p $HGPORT1 -d --pid-file=../hg2.pid
             Test server address cannot be reused
-            #if windows
               $ hg serve -p $HGPORT1 2>&1
-              abort: cannot start server at 'localhost:$HGPORT1': * (glob)
+              abort: cannot start server at 'localhost:$HGPORT1': $EADDRINUSE$
               [255]
-            #else
-              $ hg serve -p $HGPORT1 2>&1
-              abort: cannot start server at 'localhost:$HGPORT1': Address already in use
-              [255]
-            #endif
               $ cd ..
               $ cat hg1.pid hg2.pid >> $DAEMON_PIDS
             clone via stream
               $ hg clone --stream http://localhost:$HGPORT/ copy 2>&1
               streaming all changes
 files to transfer, 606 bytes of data
               transferred * bytes in * seconds (*/sec) (glob)
               searching for changes
               no changes found
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg verify -R copy
               checking changesets
               checking manifests
               crosschecking files in changesets and manifests
               checking files
 files, 1 changesets, 4 total revisions
             try to clone via stream, should use pull instead
               $ hg clone --stream http://localhost:$HGPORT1/ copy2
               warning: stream clone requested but server has them disabled
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
             try to clone via stream but missing requirements, so should use pull instead
               $ cat > $TESTTMP/removesupportedformat.py << EOF
               > from mercurial import localrepo
               > def extsetup(ui):
               >     localrepo.localrepository.supportedformats.remove('generaldelta')
               > EOF
               $ hg clone --config extensions.rsf=$TESTTMP/removesupportedformat.py --stream http://localhost:$HGPORT/ copy3
               warning: stream clone requested but client is missing requirements: generaldelta
               (see https://www.mercurial-scm.org/wiki/MissingRequirement for more information)
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
             clone via pull
               $ hg clone http://localhost:$HGPORT1/ copy-pull
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg verify -R copy-pull
               checking changesets
               checking manifests
               crosschecking files in changesets and manifests
               checking files
 files, 1 changesets, 4 total revisions
               $ cd test
               $ echo bar > bar
               $ hg commit -A -d '1 0' -m 2
               adding bar
               $ cd ..
             clone over http with --update
               $ hg clone http://localhost:$HGPORT1/ updated --update 0
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 5 changes to 5 files
               new changesets 8b6053c928fe:5fed3813f7f5
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg log -r . -R updated
               changeset:   0:8b6053c928fe
               user:        test
               date:        Thu Jan 01 00:00:00 1970 +0000
               summary:     1
               $ rm -rf updated
             incoming via HTTP
               $ hg clone http://localhost:$HGPORT1/ --rev 0 partial
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ cd partial
               $ touch LOCAL
               $ hg ci -qAm LOCAL
               $ hg incoming http://localhost:$HGPORT1/ --template '{desc}\n'
               comparing with http://localhost:$HGPORT1/
               searching for changes
               $ cd ..
             pull
               $ cd copy-pull
               $ cat >> .hg/hgrc <<EOF
               > [hooks]
               > changegroup = sh -c "printenv.py changegroup"
               > EOF
               $ hg pull
               pulling from http://localhost:$HGPORT1/
               searching for changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 1 changes to 1 files
               new changesets 5fed3813f7f5
               changegroup hook: HG_HOOKNAME=changegroup HG_HOOKTYPE=changegroup HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:$ID$ HG_URL=http://localhost:$HGPORT1/
               (run 'hg update' to get a working copy)
               $ cd ..
             clone from invalid URL
               $ hg clone http://localhost:$HGPORT/bad
               abort: HTTP Error 404: Not Found
               [255]
             test http authentication
             + use the same server to test server side streaming preference
               $ cd test
               $ cat << EOT > userpass.py
               > import base64
               > from mercurial.hgweb import common
               > def perform_authentication(hgweb, req, op):
               >     auth = req.env.get('HTTP_AUTHORIZATION')
               >     if not auth:
               >         raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who',
               >                 [('WWW-Authenticate', 'Basic Realm="mercurial"')])
               >     if base64.b64decode(auth.split()[1]).split(':', 1) != ['user', 'pass']:
               >         raise common.ErrorResponse(common.HTTP_FORBIDDEN, 'no')
               > def extsetup():
               >     common.permhooks.insert(0, perform_authentication)
               > EOT
               $ hg serve --config extensions.x=userpass.py -p $HGPORT2 -d --pid-file=pid \
               >    --config server.preferuncompressed=True \
               >    --config web.push_ssl=False --config web.allow_push=* -A ../access.log
               $ cat pid >> $DAEMON_PIDS
               $ cat << EOF > get_pass.py
               > import getpass
               > def newgetpass(arg):
               >   return "pass"
               > getpass.getpass = newgetpass
               > EOF
               $ hg id http://localhost:$HGPORT2/
               abort: http authorization required for http://localhost:$HGPORT2/
               [255]
               $ hg id http://localhost:$HGPORT2/
               abort: http authorization required for http://localhost:$HGPORT2/
               [255]
               $ hg id --config ui.interactive=true --config extensions.getpass=get_pass.py http://user@localhost:$HGPORT2/
               http authorization required for http://localhost:$HGPORT2/
               realm: mercurial
               user: user
               password: 5fed3813f7f5
               $ hg id http://user:pass@localhost:$HGPORT2/
 fed3813f7f5
               $ echo '[auth]' >> .hg/hgrc
               $ echo 'l.schemes=http' >> .hg/hgrc
               $ echo 'l.prefix=lo' >> .hg/hgrc
               $ echo 'l.username=user' >> .hg/hgrc
               $ echo 'l.password=pass' >> .hg/hgrc
               $ hg id http://localhost:$HGPORT2/
 fed3813f7f5
               $ hg id http://localhost:$HGPORT2/
 fed3813f7f5
               $ hg id http://user@localhost:$HGPORT2/
 fed3813f7f5
               $ hg clone http://user:pass@localhost:$HGPORT2/ dest 2>&1
               streaming all changes
 files to transfer, 916 bytes of data
               transferred * bytes in * seconds (*/sec) (glob)
               searching for changes
               no changes found
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
             --pull should override server's preferuncompressed
               $ hg clone --pull http://user:pass@localhost:$HGPORT2/ dest-pull 2>&1
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 5 changes to 5 files
               new changesets 8b6053c928fe:5fed3813f7f5
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg id http://user2@localhost:$HGPORT2/
               abort: http authorization required for http://localhost:$HGPORT2/
               [255]
               $ hg id http://user:pass2@localhost:$HGPORT2/
               abort: HTTP Error 403: no
               [255]
               $ hg -R dest tag -r tip top
               $ hg -R dest push http://user:pass@localhost:$HGPORT2/
               pushing to http://user:***@localhost:$HGPORT2/
               searching for changes
               remote: adding changesets
               remote: adding manifests
               remote: adding file changes
               remote: added 1 changesets with 1 changes to 1 files
               $ hg rollback -q
               $ sed 's/.*] "/"/' < ../access.log
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=stream_out HTTP/1.1" 401 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=stream_out HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:$USUAL_BUNDLE_CAPS$&cg=0&common=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=getbundle HTTP/1.1" 401 - x-hgarg-1:$USUAL_BUNDLE_CAPS$&cg=1&common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:$USUAL_BUNDLE_CAPS$&cg=1&common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 403 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D7f4e523d01f2cc3765ac8934da3d14db775ff872 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "POST /?cmd=unbundle HTTP/1.1" 200 - x-hgarg-1:heads=666f726365* (glob)
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               $ cd ..
             clone of serve with repo in root and unserved subrepo (issue2970)
               $ hg --cwd test init sub
               $ echo empty > test/sub/empty
               $ hg --cwd test/sub add empty
               $ hg --cwd test/sub commit -qm 'add empty'
               $ hg --cwd test/sub tag -r 0 something
               $ echo sub = sub > test/.hgsub
               $ hg --cwd test add .hgsub
               $ hg --cwd test commit -qm 'add subrepo'
               $ hg clone http://localhost:$HGPORT noslash-clone
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 3 changesets with 7 changes to 7 files
               new changesets 8b6053c928fe:56f9bc90cce6
               updating to branch default
               abort: HTTP Error 404: Not Found
               [255]
               $ hg clone http://localhost:$HGPORT/ slash-clone
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 3 changesets with 7 changes to 7 files
               new changesets 8b6053c928fe:56f9bc90cce6
               updating to branch default
               abort: HTTP Error 404: Not Found
               [255]
             check error log
               $ cat error.log
             check abort error reporting while pulling/cloning
               $ $RUNTESTDIR/killdaemons.py
               $ hg serve -R test -p $HGPORT -d --pid-file=hg3.pid -E error.log --config extensions.crash=${TESTDIR}/crashgetbundler.py
               $ cat hg3.pid >> $DAEMON_PIDS
               $ hg clone http://localhost:$HGPORT/ abort-clone
               requesting all changes
               remote: abort: this is an exercise
               abort: pull failed on remote
               [255]
               $ cat error.log
             disable pull-based clones
               $ hg serve -R test -p $HGPORT1 -d --pid-file=hg4.pid -E error.log --config server.disablefullbundle=True
               $ cat hg4.pid >> $DAEMON_PIDS
               $ hg clone http://localhost:$HGPORT1/ disable-pull-clone
               requesting all changes
               remote: abort: server has pull-based clones disabled
               abort: pull failed on remote
               (remove --pull if specified or upgrade Mercurial)
               [255]
             ... but keep stream clones working
               $ hg clone --stream --noupdate http://localhost:$HGPORT1/ test-stream-clone
               streaming all changes
               * files to transfer, * of data (glob)
               transferred * in * seconds (*/sec) (glob)
               searching for changes
               no changes found
               $ cat error.log
             ... and also keep partial clones and pulls working
               $ hg clone http://localhost:$HGPORT1 --rev 0 test-partial-clone
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg pull -R test-partial-clone
               pulling from http://localhost:$HGPORT1/
               searching for changes
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 3 changes to 3 files
               new changesets 5fed3813f7f5:56f9bc90cce6
               (run 'hg update' to get a working copy)
             corrupt cookies file should yield a warning
               $ cat > $TESTTMP/cookies.txt << EOF
               > bad format
               > EOF
               $ hg --config auth.cookiefile=$TESTTMP/cookies.txt id http://localhost:$HGPORT/
               (error loading cookie file $TESTTMP/cookies.txt: '*/cookies.txt' does not look like a Netscape format cookies file; continuing without cookies) (glob)
 f9bc90cce6
               $ killdaemons.py
             Create dummy authentication handler that looks for cookies. It doesn't do anything
             useful. It just raises an HTTP 500 with details about the Cookie request header.
             We raise HTTP 500 because its message is printed in the abort message.
               $ cat > cookieauth.py << EOF
               > from mercurial import util
               > from mercurial.hgweb import common
               > def perform_authentication(hgweb, req, op):
               >     cookie = req.env.get('HTTP_COOKIE')
               >     if not cookie:
               >         raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'no-cookie')
               >     raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'Cookie: %s' % cookie)
               > def extsetup():
               >     common.permhooks.insert(0, perform_authentication)
               > EOF
               $ hg serve --config extensions.cookieauth=cookieauth.py -R test -p $HGPORT -d --pid-file=pid
               $ cat pid > $DAEMON_PIDS
             Request without cookie sent should fail due to lack of cookie
               $ hg id http://localhost:$HGPORT
               abort: HTTP Error 500: no-cookie
               [255]
             Populate a cookies file
               $ cat > cookies.txt << EOF
               > # HTTP Cookie File
               > # Expiration is 2030-01-01 at midnight
               > .example.com	TRUE	/	FALSE	1893456000	hgkey	examplevalue
               > EOF
             Should not send a cookie for another domain
               $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/
               abort: HTTP Error 500: no-cookie
               [255]
             Add a cookie entry for our test server and verify it is sent
               $ cat >> cookies.txt << EOF
               > localhost.local	FALSE	/	FALSE	1893456000	hgkey	localhostvalue
               > EOF
               $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/
               abort: HTTP Error 500: Cookie: hgkey=localhostvalue
               [255]

tests/test-https.t

0 +2 -7

             #require serve ssl
             Proper https client requires the built-in ssl from Python 2.6.
             Make server certificates:
               $ CERTSDIR="$TESTDIR/sslcerts"
               $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
               $ PRIV=`pwd`/server.pem
               $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem
               $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem
               $ hg init test
               $ cd test
               $ echo foo>foo
               $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
               $ echo foo>foo.d/foo
               $ echo bar>foo.d/bAr.hg.d/BaR
               $ echo bar>foo.d/baR.d.hg/bAR
               $ hg commit -A -m 1
               adding foo
               adding foo.d/bAr.hg.d/BaR
               adding foo.d/baR.d.hg/bAR
               adding foo.d/foo
               $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
               $ cat ../hg0.pid >> $DAEMON_PIDS
             cacert not found
               $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: could not find web.cacerts: no-such.pem
               [255]
             Test server address cannot be reused
-            #if windows
               $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
-              abort: cannot start server at 'localhost:$HGPORT': * (glob)
+              abort: cannot start server at 'localhost:$HGPORT': $EADDRINUSE$
               [255]
-            #else
-              $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
-              abort: cannot start server at 'localhost:$HGPORT': Address already in use
-              [255]
-            #endif
               $ cd ..
             Our test cert is not signed by a trusted CA. It should fail to verify if
             we are able to load CA certs.
             #if sslcontext defaultcacerts no-defaultcacertsloaded
               $ hg clone https://localhost:$HGPORT/ copy-pull
               (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
               abort: error: *certificate verify failed* (glob)
               [255]
             #endif
             #if no-sslcontext defaultcacerts
               $ hg clone https://localhost:$HGPORT/ copy-pull
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
               abort: error: *certificate verify failed* (glob)
               [255]
             #endif
             #if no-sslcontext windows
               $ hg clone https://localhost:$HGPORT/ copy-pull
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
               (unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
               abort: error: *certificate verify failed* (glob)
               [255]
             #endif
             #if no-sslcontext osx
               $ hg clone https://localhost:$HGPORT/ copy-pull
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
               (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
               abort: localhost certificate error: no certificate received
               (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
               [255]
             #endif
             #if defaultcacertsloaded
               $ hg clone https://localhost:$HGPORT/ copy-pull
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
             #endif
             #if no-defaultcacerts
               $ hg clone https://localhost:$HGPORT/ copy-pull
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
               abort: localhost certificate error: no certificate received
               (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
               [255]
             #endif
             Specifying a per-host certificate file that doesn't exist will abort.  The full
             C:/path/to/msysroot will print on Windows.
               $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: */does/not/exist (glob)
               [255]
             A malformed per-host certificate file will raise an error
               $ echo baddata > badca.pem
             #if sslcontext
               $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error loading CA file badca.pem: * (glob)
               (file is empty or malformed?)
               [255]
             #else
               $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error: * (glob)
               [255]
             #endif
             A per-host certificate mismatching the server will fail verification
             (modern ssl is able to discern whether the loaded cert is a CA cert)
             #if sslcontext
               $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
             #else
               $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error: *certificate verify failed* (glob)
               [255]
             #endif
             A per-host certificate matching the server's cert will be accepted
               $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
             A per-host certificate with multiple certs and one matching will be accepted
               $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem
               $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
             Defining both per-host certificate and a fingerprint will print a warning
               $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification)
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
             Inability to verify peer certificate will result in abort
               $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
               (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
               [255]
               $ hg clone --insecure https://localhost:$HGPORT/ copy-pull
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg verify -R copy-pull
               checking changesets
               checking manifests
               crosschecking files in changesets and manifests
               checking files
 files, 1 changesets, 4 total revisions
               $ cd test
               $ echo bar > bar
               $ hg commit -A -d '1 0' -m 2
               adding bar
               $ cd ..
             pull without cacert
               $ cd copy-pull
               $ cat >> .hg/hgrc <<EOF
               > [hooks]
               > changegroup = sh -c "printenv.py changegroup"
               > EOF
               $ hg pull $DISABLECACERTS
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
               (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
               [255]
               $ hg pull --insecure
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
               searching for changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 1 changes to 1 files
               new changesets 5fed3813f7f5
               changegroup hook: HG_HOOKNAME=changegroup HG_HOOKTYPE=changegroup HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:$ID$ HG_URL=https://localhost:$HGPORT/
               (run 'hg update' to get a working copy)
               $ cd ..
             cacert configured in local repo
               $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
               $ echo "[web]" >> copy-pull/.hg/hgrc
               $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc
               $ hg -R copy-pull pull
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               searching for changes
               no changes found
               $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
             cacert configured globally, also testing expansion of environment
             variables in the filename
               $ echo "[web]" >> $HGRCPATH
               $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
               $ P="$CERTSDIR" hg -R copy-pull pull
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               searching for changes
               no changes found
               $ P="$CERTSDIR" hg -R copy-pull pull --insecure
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
               searching for changes
               no changes found
             empty cacert file
               $ touch emptycafile
             #if sslcontext
               $ hg --config web.cacerts=emptycafile -R copy-pull pull
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error loading CA file emptycafile: * (glob)
               (file is empty or malformed?)
               [255]
             #else
               $ hg --config web.cacerts=emptycafile -R copy-pull pull
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error: * (glob)
               [255]
             #endif
             cacert mismatch
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
               > https://$LOCALIP:$HGPORT/
               pulling from https://*:$HGPORT/ (glob)
               warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: $LOCALIP certificate error: certificate is for localhost (glob)
               (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
               [255]
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
               > https://$LOCALIP:$HGPORT/ --insecure
               pulling from https://*:$HGPORT/ (glob)
               warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob)
               searching for changes
               no changes found
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
               > --insecure
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
               searching for changes
               no changes found
             Test server cert which isn't valid yet
               $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
               $ cat hg1.pid >> $DAEMON_PIDS
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \
               > https://localhost:$HGPORT1/
               pulling from https://localhost:$HGPORT1/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
             Test server cert which no longer is valid
               $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
               $ cat hg2.pid >> $DAEMON_PIDS
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \
               > https://localhost:$HGPORT2/
               pulling from https://localhost:$HGPORT2/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
             Disabling the TLS 1.0 warning works
               $ hg -R copy-pull id https://localhost:$HGPORT/ \
               > --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 \
               > --config hostsecurity.disabletls10warning=true
 fed3813f7f5
             Error message for setting ciphers is different depending on SSLContext support
             #if no-sslcontext
               $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
               abort: *No cipher can be selected. (glob)
               [255]
               $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
 fed3813f7f5
             #endif
             #if sslcontext
             Setting ciphers to an invalid value aborts
               $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: could not set ciphers: No cipher can be selected.
               (change cipher string (invalid) in config)
               [255]
               $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: could not set ciphers: No cipher can be selected.
               (change cipher string (invalid) in config)
               [255]
             Changing the cipher string works
               $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
             #endif
             Fingerprints
             - works without cacerts (hostfingerprints)
               $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
 fed3813f7f5
             - works without cacerts (hostsecurity)
               $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
               $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
             - multiple fingerprints specified and first matches
               $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
 fed3813f7f5
               $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
             - multiple fingerprints specified and last matches
               $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
 fed3813f7f5
               $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
             - multiple fingerprints specified and none match
               $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
               (check hostfingerprint configuration)
               [255]
               $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
               (check hostsecurity configuration)
               [255]
             - fails when cert doesn't match hostname (port is ignored)
               $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84
               (check hostfingerprint configuration)
               [255]
             - ignores that certificate doesn't match hostname
               $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
               warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
 fed3813f7f5
             Ports used by next test. Kill servers.
               $ killdaemons.py hg0.pid
               $ killdaemons.py hg1.pid
               $ killdaemons.py hg2.pid
             #if sslcontext tls1.2
             Start servers running supported TLS versions
               $ cd test
               $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
               > --config devel.serverexactprotocol=tls1.0
               $ cat ../hg0.pid >> $DAEMON_PIDS
               $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
               > --config devel.serverexactprotocol=tls1.1
               $ cat ../hg1.pid >> $DAEMON_PIDS
               $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
               > --config devel.serverexactprotocol=tls1.2
               $ cat ../hg2.pid >> $DAEMON_PIDS
               $ cd ..
             Clients talking same TLS versions work
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/
 fed3813f7f5
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/
 fed3813f7f5
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
 fed3813f7f5
             Clients requiring newer TLS version than what server supports fail
               $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
               (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: *unsupported protocol* (glob)
               [255]
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/
               (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: *unsupported protocol* (glob)
               [255]
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/
               (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: *unsupported protocol* (glob)
               [255]
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/
               (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: *unsupported protocol* (glob)
               [255]
             --insecure will allow TLS 1.0 connections and override configs
               $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
 fed3813f7f5
             The per-host config option overrides the default
               $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
               > --config hostsecurity.minimumprotocol=tls1.2 \
               > --config hostsecurity.localhost:minimumprotocol=tls1.0
 fed3813f7f5
             The per-host config option by itself works
               $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
               > --config hostsecurity.localhost:minimumprotocol=tls1.2
               (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: *unsupported protocol* (glob)
               [255]
             .hg/hgrc file [hostsecurity] settings are applied to remote ui instances (issue5305)
               $ cat >> copy-pull/.hg/hgrc << EOF
               > [hostsecurity]
               > localhost:minimumprotocol=tls1.2
               > EOF
               $ P="$CERTSDIR" hg -R copy-pull id https://localhost:$HGPORT/
               (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: *unsupported protocol* (glob)
               [255]
               $ killdaemons.py hg0.pid
               $ killdaemons.py hg1.pid
               $ killdaemons.py hg2.pid
             #endif
             Prepare for connecting through proxy
               $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV
               $ cat hg0.pid >> $DAEMON_PIDS
               $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
               $ cat hg2.pid >> $DAEMON_PIDS
             tinyproxy.py doesn't fully detach, so killing it may result in extra output
             from the shell. So don't kill it.
               $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
               $ while [ ! -f proxy.pid ]; do sleep 0; done
               $ cat proxy.pid >> $DAEMON_PIDS
               $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
               $ echo "always=True" >> copy-pull/.hg/hgrc
               $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
               $ echo "localhost =" >> copy-pull/.hg/hgrc
             Test unvalidated https through proxy
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
               searching for changes
               no changes found
             Test https with cacert and fingerprint through proxy
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
               > --config web.cacerts="$CERTSDIR/pub.pem"
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               searching for changes
               no changes found
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace
               pulling from https://*:$HGPORT/ (glob)
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
               searching for changes
               no changes found
             Test https with cert problems through proxy
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
               > --config web.cacerts="$CERTSDIR/pub-other.pem"
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
               > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
               pulling from https://localhost:$HGPORT2/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
               $ killdaemons.py hg0.pid
             #if sslcontext
               $ cd test
             Missing certificate file(s) are detected
               $ hg serve -p $HGPORT --certificate=/missing/certificate \
               > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
               abort: referenced certificate file (*/missing/certificate) does not exist (glob)
               [255]
               $ hg serve -p $HGPORT --certificate=$PRIV \
               > --config devel.servercafile=/missing/cafile --config devel.serverrequirecert=true
               abort: referenced certificate file (*/missing/cafile) does not exist (glob)
               [255]
             Start hgweb that requires client certificates:
               $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
               > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
               $ cat ../hg0.pid >> $DAEMON_PIDS
               $ cd ..
             without client certificate:
               $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error: *handshake failure* (glob)
               [255]
             with client certificate:
               $ cat << EOT >> $HGRCPATH
               > [auth]
               > l.prefix = localhost
               > l.cert = $CERTSDIR/client-cert.pem
               > l.key = $CERTSDIR/client-key.pem
               > EOT
               $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
               > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem"
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
               $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
               > --config ui.interactive=True --config ui.nontty=True
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               passphrase for */client-key.pem: 5fed3813f7f5 (glob)
               $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error: * (glob)
               [255]
             Missing certficate and key files result in error
               $ hg id https://localhost:$HGPORT/ --config auth.l.cert=/missing/cert
               abort: certificate file (*/missing/cert) does not exist; cannot connect to localhost (glob)
               (restore missing file or fix references in Mercurial config)
               [255]
               $ hg id https://localhost:$HGPORT/ --config auth.l.key=/missing/key
               abort: certificate file (*/missing/key) does not exist; cannot connect to localhost (glob)
               (restore missing file or fix references in Mercurial config)
               [255]
             #endif

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages