##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

tests: add a substitution for EADDRINUSE/WSAEADDRINUSE messages...
Matt Harbison -
r35233:1b22d325 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,67 +1,75 b''
1 1 # common patterns in test at can safely be replaced
2 2 from __future__ import absolute_import
3 3
4 4 substitutions = [
5 5 # list of possible compressions
6 6 (br'zstd,zlib,none,bzip2',
7 7 br'$USUAL_COMPRESSIONS$'
8 8 ),
9 9 # capabilities sent through http
10 10 (br'bundlecaps=HG20%2Cbundle2%3DHG20%250A'
11 11 br'changegroup%253D01%252C02%250A'
12 12 br'digests%253Dmd5%252Csha1%252Csha512%250A'
13 13 br'error%253Dabort%252Cunsupportedcontent%252Cpushraced%252Cpushkey%250A'
14 14 br'hgtagsfnodes%250A'
15 15 br'listkeys%250A'
16 16 br'phases%253Dheads%250A'
17 17 br'pushkey%250A'
18 18 br'remote-changegroup%253Dhttp%252Chttps',
19 19 # (the replacement patterns)
20 20 br'$USUAL_BUNDLE_CAPS$'
21 21 ),
22 22 # bundle2 capabilities sent through ssh
23 23 (br'bundle2=HG20%0A'
24 24 br'changegroup%3D01%2C02%0A'
25 25 br'digests%3Dmd5%2Csha1%2Csha512%0A'
26 26 br'error%3Dabort%2Cunsupportedcontent%2Cpushraced%2Cpushkey%0A'
27 27 br'hgtagsfnodes%0A'
28 28 br'listkeys%0A'
29 29 br'phases%3Dheads%0A'
30 30 br'pushkey%0A'
31 31 br'remote-changegroup%3Dhttp%2Chttps',
32 32 # (replacement patterns)
33 33 br'$USUAL_BUNDLE2_CAPS$'
34 34 ),
35 35 # HTTP log dates
36 36 (br' - - \[\d\d/.../2\d\d\d \d\d:\d\d:\d\d] "GET',
37 37 br' - - [$LOGDATE$] "GET'
38 38 ),
39 39 ]
40 40
41 41 # Various platform error strings, keyed on a common replacement string
42 42 _errors = {
43 43 br'$ENOENT$': (
44 44 # strerror()
45 45 br'No such file or directory',
46 46
47 47 # FormatMessage(ERROR_FILE_NOT_FOUND)
48 48 br'The system cannot find the file specified',
49 49 ),
50 50 br'$ENOTDIR$': (
51 51 # strerror()
52 52 br'Not a directory',
53 53
54 54 # FormatMessage(ERROR_PATH_NOT_FOUND)
55 55 br'The system cannot find the path specified',
56 56 ),
57 57 br'$ECONNRESET$': (
58 58 # strerror()
59 59 br'Connection reset by peer',
60 60
61 61 # FormatMessage(WSAECONNRESET)
62 62 br'An existing connection was forcibly closed by the remote host',
63 63 ),
64 br'$EADDRINUSE$': (
65 # strerror()
66 br'Address already in use',
67
68 # FormatMessage(WSAEADDRINUSE)
69 br'Only one usage of each socket address'
70 br' \(protocol/network address/port\) is normally permitted',
71 ),
64 72 }
65 73
66 74 for replace, msgs in _errors.items():
67 75 substitutions.extend((m, replace) for m in msgs)
Show file before | Show file after | Hide comments
@@ -1,416 +1,411 b''
1 1 #require serve
2 2
3 3 This test is a duplicate of 'test-http.t', feel free to factor out
4 4 parts that are not bundle1/bundle2 specific.
5 5
6 6 $ cat << EOF >> $HGRCPATH
7 7 > [devel]
8 8 > # This test is dedicated to interaction through old bundle
9 9 > legacy.exchange = bundle1
10 10 > EOF
11 11
12 12 $ hg init test
13 13 $ cd test
14 14 $ echo foo>foo
15 15 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
16 16 $ echo foo>foo.d/foo
17 17 $ echo bar>foo.d/bAr.hg.d/BaR
18 18 $ echo bar>foo.d/baR.d.hg/bAR
19 19 $ hg commit -A -m 1
20 20 adding foo
21 21 adding foo.d/bAr.hg.d/BaR
22 22 adding foo.d/baR.d.hg/bAR
23 23 adding foo.d/foo
24 24 $ hg serve -p $HGPORT -d --pid-file=../hg1.pid -E ../error.log
25 25 $ hg serve --config server.uncompressed=False -p $HGPORT1 -d --pid-file=../hg2.pid
26 26
27 27 Test server address cannot be reused
28 28
29 #if windows
30 29 $ hg serve -p $HGPORT1 2>&1
31 abort: cannot start server at 'localhost:$HGPORT1': * (glob)
30 abort: cannot start server at 'localhost:$HGPORT1': $EADDRINUSE$
32 31 [255]
33 #else
34 $ hg serve -p $HGPORT1 2>&1
35 abort: cannot start server at 'localhost:$HGPORT1': Address already in use
36 [255]
37 #endif
32
38 33 $ cd ..
39 34 $ cat hg1.pid hg2.pid >> $DAEMON_PIDS
40 35
41 36 clone via stream
42 37
43 38 $ hg clone --stream http://localhost:$HGPORT/ copy 2>&1
44 39 streaming all changes
45 40 6 files to transfer, 606 bytes of data
46 41 transferred * bytes in * seconds (*/sec) (glob)
47 42 searching for changes
48 43 no changes found
49 44 updating to branch default
50 45 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
51 46 $ hg verify -R copy
52 47 checking changesets
53 48 checking manifests
54 49 crosschecking files in changesets and manifests
55 50 checking files
56 51 4 files, 1 changesets, 4 total revisions
57 52
58 53 try to clone via stream, should use pull instead
59 54
60 55 $ hg clone --stream http://localhost:$HGPORT1/ copy2
61 56 warning: stream clone requested but server has them disabled
62 57 requesting all changes
63 58 adding changesets
64 59 adding manifests
65 60 adding file changes
66 61 added 1 changesets with 4 changes to 4 files
67 62 new changesets 8b6053c928fe
68 63 updating to branch default
69 64 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
70 65
71 66 try to clone via stream but missing requirements, so should use pull instead
72 67
73 68 $ cat > $TESTTMP/removesupportedformat.py << EOF
74 69 > from mercurial import localrepo
75 70 > def extsetup(ui):
76 71 > localrepo.localrepository.supportedformats.remove('generaldelta')
77 72 > EOF
78 73
79 74 $ hg clone --config extensions.rsf=$TESTTMP/removesupportedformat.py --stream http://localhost:$HGPORT/ copy3
80 75 warning: stream clone requested but client is missing requirements: generaldelta
81 76 (see https://www.mercurial-scm.org/wiki/MissingRequirement for more information)
82 77 requesting all changes
83 78 adding changesets
84 79 adding manifests
85 80 adding file changes
86 81 added 1 changesets with 4 changes to 4 files
87 82 new changesets 8b6053c928fe
88 83 updating to branch default
89 84 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
90 85
91 86 clone via pull
92 87
93 88 $ hg clone http://localhost:$HGPORT1/ copy-pull
94 89 requesting all changes
95 90 adding changesets
96 91 adding manifests
97 92 adding file changes
98 93 added 1 changesets with 4 changes to 4 files
99 94 new changesets 8b6053c928fe
100 95 updating to branch default
101 96 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
102 97 $ hg verify -R copy-pull
103 98 checking changesets
104 99 checking manifests
105 100 crosschecking files in changesets and manifests
106 101 checking files
107 102 4 files, 1 changesets, 4 total revisions
108 103 $ cd test
109 104 $ echo bar > bar
110 105 $ hg commit -A -d '1 0' -m 2
111 106 adding bar
112 107 $ cd ..
113 108
114 109 clone over http with --update
115 110
116 111 $ hg clone http://localhost:$HGPORT1/ updated --update 0
117 112 requesting all changes
118 113 adding changesets
119 114 adding manifests
120 115 adding file changes
121 116 added 2 changesets with 5 changes to 5 files
122 117 new changesets 8b6053c928fe:5fed3813f7f5
123 118 updating to branch default
124 119 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
125 120 $ hg log -r . -R updated
126 121 changeset: 0:8b6053c928fe
127 122 user: test
128 123 date: Thu Jan 01 00:00:00 1970 +0000
129 124 summary: 1
130 125
131 126 $ rm -rf updated
132 127
133 128 incoming via HTTP
134 129
135 130 $ hg clone http://localhost:$HGPORT1/ --rev 0 partial
136 131 adding changesets
137 132 adding manifests
138 133 adding file changes
139 134 added 1 changesets with 4 changes to 4 files
140 135 new changesets 8b6053c928fe
141 136 updating to branch default
142 137 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
143 138 $ cd partial
144 139 $ touch LOCAL
145 140 $ hg ci -qAm LOCAL
146 141 $ hg incoming http://localhost:$HGPORT1/ --template '{desc}\n'
147 142 comparing with http://localhost:$HGPORT1/
148 143 searching for changes
149 144 2
150 145 $ cd ..
151 146
152 147 pull
153 148
154 149 $ cd copy-pull
155 150 $ cat >> .hg/hgrc <<EOF
156 151 > [hooks]
157 152 > changegroup = sh -c "printenv.py changegroup"
158 153 > EOF
159 154 $ hg pull
160 155 pulling from http://localhost:$HGPORT1/
161 156 searching for changes
162 157 adding changesets
163 158 adding manifests
164 159 adding file changes
165 160 added 1 changesets with 1 changes to 1 files
166 161 new changesets 5fed3813f7f5
167 162 changegroup hook: HG_HOOKNAME=changegroup HG_HOOKTYPE=changegroup HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:$ID$ HG_URL=http://localhost:$HGPORT1/
168 163 (run 'hg update' to get a working copy)
169 164 $ cd ..
170 165
171 166 clone from invalid URL
172 167
173 168 $ hg clone http://localhost:$HGPORT/bad
174 169 abort: HTTP Error 404: Not Found
175 170 [255]
176 171
177 172 test http authentication
178 173 + use the same server to test server side streaming preference
179 174
180 175 $ cd test
181 176 $ cat << EOT > userpass.py
182 177 > import base64
183 178 > from mercurial.hgweb import common
184 179 > def perform_authentication(hgweb, req, op):
185 180 > auth = req.env.get('HTTP_AUTHORIZATION')
186 181 > if not auth:
187 182 > raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who',
188 183 > [('WWW-Authenticate', 'Basic Realm="mercurial"')])
189 184 > if base64.b64decode(auth.split()[1]).split(':', 1) != ['user', 'pass']:
190 185 > raise common.ErrorResponse(common.HTTP_FORBIDDEN, 'no')
191 186 > def extsetup():
192 187 > common.permhooks.insert(0, perform_authentication)
193 188 > EOT
194 189 $ hg serve --config extensions.x=userpass.py -p $HGPORT2 -d --pid-file=pid \
195 190 > --config server.preferuncompressed=True \
196 191 > --config web.push_ssl=False --config web.allow_push=* -A ../access.log
197 192 $ cat pid >> $DAEMON_PIDS
198 193
199 194 $ cat << EOF > get_pass.py
200 195 > import getpass
201 196 > def newgetpass(arg):
202 197 > return "pass"
203 198 > getpass.getpass = newgetpass
204 199 > EOF
205 200
206 201 $ hg id http://localhost:$HGPORT2/
207 202 abort: http authorization required for http://localhost:$HGPORT2/
208 203 [255]
209 204 $ hg id http://localhost:$HGPORT2/
210 205 abort: http authorization required for http://localhost:$HGPORT2/
211 206 [255]
212 207 $ hg id --config ui.interactive=true --config extensions.getpass=get_pass.py http://user@localhost:$HGPORT2/
213 208 http authorization required for http://localhost:$HGPORT2/
214 209 realm: mercurial
215 210 user: user
216 211 password: 5fed3813f7f5
217 212 $ hg id http://user:pass@localhost:$HGPORT2/
218 213 5fed3813f7f5
219 214 $ echo '[auth]' >> .hg/hgrc
220 215 $ echo 'l.schemes=http' >> .hg/hgrc
221 216 $ echo 'l.prefix=lo' >> .hg/hgrc
222 217 $ echo 'l.username=user' >> .hg/hgrc
223 218 $ echo 'l.password=pass' >> .hg/hgrc
224 219 $ hg id http://localhost:$HGPORT2/
225 220 5fed3813f7f5
226 221 $ hg id http://localhost:$HGPORT2/
227 222 5fed3813f7f5
228 223 $ hg id http://user@localhost:$HGPORT2/
229 224 5fed3813f7f5
230 225 $ hg clone http://user:pass@localhost:$HGPORT2/ dest 2>&1
231 226 streaming all changes
232 227 7 files to transfer, 916 bytes of data
233 228 transferred * bytes in * seconds (*/sec) (glob)
234 229 searching for changes
235 230 no changes found
236 231 updating to branch default
237 232 5 files updated, 0 files merged, 0 files removed, 0 files unresolved
238 233 --pull should override server's preferuncompressed
239 234 $ hg clone --pull http://user:pass@localhost:$HGPORT2/ dest-pull 2>&1
240 235 requesting all changes
241 236 adding changesets
242 237 adding manifests
243 238 adding file changes
244 239 added 2 changesets with 5 changes to 5 files
245 240 new changesets 8b6053c928fe:5fed3813f7f5
246 241 updating to branch default
247 242 5 files updated, 0 files merged, 0 files removed, 0 files unresolved
248 243
249 244 $ hg id http://user2@localhost:$HGPORT2/
250 245 abort: http authorization required for http://localhost:$HGPORT2/
251 246 [255]
252 247 $ hg id http://user:pass2@localhost:$HGPORT2/
253 248 abort: HTTP Error 403: no
254 249 [255]
255 250
256 251 $ hg -R dest tag -r tip top
257 252 $ hg -R dest push http://user:pass@localhost:$HGPORT2/
258 253 pushing to http://user:***@localhost:$HGPORT2/
259 254 searching for changes
260 255 remote: adding changesets
261 256 remote: adding manifests
262 257 remote: adding file changes
263 258 remote: added 1 changesets with 1 changes to 1 files
264 259 $ hg rollback -q
265 260
266 261 $ sed 's/.*] "/"/' < ../access.log
267 262 "GET /?cmd=capabilities HTTP/1.1" 200 -
268 263 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
269 264 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
270 265 "GET /?cmd=capabilities HTTP/1.1" 200 -
271 266 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
272 267 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
273 268 "GET /?cmd=capabilities HTTP/1.1" 200 -
274 269 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
275 270 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
276 271 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
277 272 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
278 273 "GET /?cmd=capabilities HTTP/1.1" 200 -
279 274 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
280 275 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
281 276 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
282 277 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
283 278 "GET /?cmd=capabilities HTTP/1.1" 200 -
284 279 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
285 280 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
286 281 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
287 282 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
288 283 "GET /?cmd=capabilities HTTP/1.1" 200 -
289 284 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
290 285 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
291 286 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
292 287 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
293 288 "GET /?cmd=capabilities HTTP/1.1" 200 -
294 289 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
295 290 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
296 291 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
297 292 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
298 293 "GET /?cmd=capabilities HTTP/1.1" 200 -
299 294 "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
300 295 "GET /?cmd=stream_out HTTP/1.1" 401 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
301 296 "GET /?cmd=stream_out HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
302 297 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
303 298 "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
304 299 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
305 300 "GET /?cmd=capabilities HTTP/1.1" 200 -
306 301 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
307 302 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
308 303 "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
309 304 "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
310 305 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
311 306 "GET /?cmd=capabilities HTTP/1.1" 200 -
312 307 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
313 308 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
314 309 "GET /?cmd=capabilities HTTP/1.1" 200 -
315 310 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
316 311 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
317 312 "GET /?cmd=listkeys HTTP/1.1" 403 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
318 313 "GET /?cmd=capabilities HTTP/1.1" 200 -
319 314 "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D7f4e523d01f2cc3765ac8934da3d14db775ff872 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
320 315 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
321 316 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
322 317 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
323 318 "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
324 319 "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
325 320 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
326 321 "POST /?cmd=unbundle HTTP/1.1" 200 - x-hgarg-1:heads=686173686564+5eb5abfefeea63c80dd7553bcc3783f37e0c5524* (glob)
327 322 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
328 323
329 324 $ cd ..
330 325
331 326 clone of serve with repo in root and unserved subrepo (issue2970)
332 327
333 328 $ hg --cwd test init sub
334 329 $ echo empty > test/sub/empty
335 330 $ hg --cwd test/sub add empty
336 331 $ hg --cwd test/sub commit -qm 'add empty'
337 332 $ hg --cwd test/sub tag -r 0 something
338 333 $ echo sub = sub > test/.hgsub
339 334 $ hg --cwd test add .hgsub
340 335 $ hg --cwd test commit -qm 'add subrepo'
341 336 $ hg clone http://localhost:$HGPORT noslash-clone
342 337 requesting all changes
343 338 adding changesets
344 339 adding manifests
345 340 adding file changes
346 341 added 3 changesets with 7 changes to 7 files
347 342 new changesets 8b6053c928fe:56f9bc90cce6
348 343 updating to branch default
349 344 abort: HTTP Error 404: Not Found
350 345 [255]
351 346 $ hg clone http://localhost:$HGPORT/ slash-clone
352 347 requesting all changes
353 348 adding changesets
354 349 adding manifests
355 350 adding file changes
356 351 added 3 changesets with 7 changes to 7 files
357 352 new changesets 8b6053c928fe:56f9bc90cce6
358 353 updating to branch default
359 354 abort: HTTP Error 404: Not Found
360 355 [255]
361 356
362 357 check error log
363 358
364 359 $ cat error.log
365 360
366 361 Check error reporting while pulling/cloning
367 362
368 363 $ $RUNTESTDIR/killdaemons.py
369 364 $ hg serve -R test -p $HGPORT -d --pid-file=hg3.pid -E error.log --config extensions.crash=${TESTDIR}/crashgetbundler.py
370 365 $ cat hg3.pid >> $DAEMON_PIDS
371 366 $ hg clone http://localhost:$HGPORT/ abort-clone
372 367 requesting all changes
373 368 abort: remote error:
374 369 this is an exercise
375 370 [255]
376 371 $ cat error.log
377 372
378 373 disable pull-based clones
379 374
380 375 $ hg serve -R test -p $HGPORT1 -d --pid-file=hg4.pid -E error.log --config server.disablefullbundle=True
381 376 $ cat hg4.pid >> $DAEMON_PIDS
382 377 $ hg clone http://localhost:$HGPORT1/ disable-pull-clone
383 378 requesting all changes
384 379 abort: remote error:
385 380 server has pull-based clones disabled
386 381 [255]
387 382
388 383 ... but keep stream clones working
389 384
390 385 $ hg clone --stream --noupdate http://localhost:$HGPORT1/ test-stream-clone
391 386 streaming all changes
392 387 * files to transfer, * of data (glob)
393 388 transferred * in * seconds (* KB/sec) (glob)
394 389 searching for changes
395 390 no changes found
396 391
397 392 ... and also keep partial clones and pulls working
398 393 $ hg clone http://localhost:$HGPORT1 --rev 0 test-partial-clone
399 394 adding changesets
400 395 adding manifests
401 396 adding file changes
402 397 added 1 changesets with 4 changes to 4 files
403 398 new changesets 8b6053c928fe
404 399 updating to branch default
405 400 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
406 401 $ hg pull -R test-partial-clone
407 402 pulling from http://localhost:$HGPORT1/
408 403 searching for changes
409 404 adding changesets
410 405 adding manifests
411 406 adding file changes
412 407 added 2 changesets with 3 changes to 3 files
413 408 new changesets 5fed3813f7f5:56f9bc90cce6
414 409 (run 'hg update' to get a working copy)
415 410
416 411 $ cat error.log
Show file before | Show file after | Hide comments
@@ -1,465 +1,460 b''
1 1 #require killdaemons serve
2 2
3 3 $ hg init test
4 4 $ cd test
5 5 $ echo foo>foo
6 6 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
7 7 $ echo foo>foo.d/foo
8 8 $ echo bar>foo.d/bAr.hg.d/BaR
9 9 $ echo bar>foo.d/baR.d.hg/bAR
10 10 $ hg commit -A -m 1
11 11 adding foo
12 12 adding foo.d/bAr.hg.d/BaR
13 13 adding foo.d/baR.d.hg/bAR
14 14 adding foo.d/foo
15 15 $ hg serve -p $HGPORT -d --pid-file=../hg1.pid -E ../error.log
16 16 $ hg serve --config server.uncompressed=False -p $HGPORT1 -d --pid-file=../hg2.pid
17 17
18 18 Test server address cannot be reused
19 19
20 #if windows
21 20 $ hg serve -p $HGPORT1 2>&1
22 abort: cannot start server at 'localhost:$HGPORT1': * (glob)
21 abort: cannot start server at 'localhost:$HGPORT1': $EADDRINUSE$
23 22 [255]
24 #else
25 $ hg serve -p $HGPORT1 2>&1
26 abort: cannot start server at 'localhost:$HGPORT1': Address already in use
27 [255]
28 #endif
23
29 24 $ cd ..
30 25 $ cat hg1.pid hg2.pid >> $DAEMON_PIDS
31 26
32 27 clone via stream
33 28
34 29 $ hg clone --stream http://localhost:$HGPORT/ copy 2>&1
35 30 streaming all changes
36 31 6 files to transfer, 606 bytes of data
37 32 transferred * bytes in * seconds (*/sec) (glob)
38 33 searching for changes
39 34 no changes found
40 35 updating to branch default
41 36 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
42 37 $ hg verify -R copy
43 38 checking changesets
44 39 checking manifests
45 40 crosschecking files in changesets and manifests
46 41 checking files
47 42 4 files, 1 changesets, 4 total revisions
48 43
49 44 try to clone via stream, should use pull instead
50 45
51 46 $ hg clone --stream http://localhost:$HGPORT1/ copy2
52 47 warning: stream clone requested but server has them disabled
53 48 requesting all changes
54 49 adding changesets
55 50 adding manifests
56 51 adding file changes
57 52 added 1 changesets with 4 changes to 4 files
58 53 new changesets 8b6053c928fe
59 54 updating to branch default
60 55 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
61 56
62 57 try to clone via stream but missing requirements, so should use pull instead
63 58
64 59 $ cat > $TESTTMP/removesupportedformat.py << EOF
65 60 > from mercurial import localrepo
66 61 > def extsetup(ui):
67 62 > localrepo.localrepository.supportedformats.remove('generaldelta')
68 63 > EOF
69 64
70 65 $ hg clone --config extensions.rsf=$TESTTMP/removesupportedformat.py --stream http://localhost:$HGPORT/ copy3
71 66 warning: stream clone requested but client is missing requirements: generaldelta
72 67 (see https://www.mercurial-scm.org/wiki/MissingRequirement for more information)
73 68 requesting all changes
74 69 adding changesets
75 70 adding manifests
76 71 adding file changes
77 72 added 1 changesets with 4 changes to 4 files
78 73 new changesets 8b6053c928fe
79 74 updating to branch default
80 75 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
81 76
82 77 clone via pull
83 78
84 79 $ hg clone http://localhost:$HGPORT1/ copy-pull
85 80 requesting all changes
86 81 adding changesets
87 82 adding manifests
88 83 adding file changes
89 84 added 1 changesets with 4 changes to 4 files
90 85 new changesets 8b6053c928fe
91 86 updating to branch default
92 87 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
93 88 $ hg verify -R copy-pull
94 89 checking changesets
95 90 checking manifests
96 91 crosschecking files in changesets and manifests
97 92 checking files
98 93 4 files, 1 changesets, 4 total revisions
99 94 $ cd test
100 95 $ echo bar > bar
101 96 $ hg commit -A -d '1 0' -m 2
102 97 adding bar
103 98 $ cd ..
104 99
105 100 clone over http with --update
106 101
107 102 $ hg clone http://localhost:$HGPORT1/ updated --update 0
108 103 requesting all changes
109 104 adding changesets
110 105 adding manifests
111 106 adding file changes
112 107 added 2 changesets with 5 changes to 5 files
113 108 new changesets 8b6053c928fe:5fed3813f7f5
114 109 updating to branch default
115 110 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
116 111 $ hg log -r . -R updated
117 112 changeset: 0:8b6053c928fe
118 113 user: test
119 114 date: Thu Jan 01 00:00:00 1970 +0000
120 115 summary: 1
121 116
122 117 $ rm -rf updated
123 118
124 119 incoming via HTTP
125 120
126 121 $ hg clone http://localhost:$HGPORT1/ --rev 0 partial
127 122 adding changesets
128 123 adding manifests
129 124 adding file changes
130 125 added 1 changesets with 4 changes to 4 files
131 126 new changesets 8b6053c928fe
132 127 updating to branch default
133 128 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
134 129 $ cd partial
135 130 $ touch LOCAL
136 131 $ hg ci -qAm LOCAL
137 132 $ hg incoming http://localhost:$HGPORT1/ --template '{desc}\n'
138 133 comparing with http://localhost:$HGPORT1/
139 134 searching for changes
140 135 2
141 136 $ cd ..
142 137
143 138 pull
144 139
145 140 $ cd copy-pull
146 141 $ cat >> .hg/hgrc <<EOF
147 142 > [hooks]
148 143 > changegroup = sh -c "printenv.py changegroup"
149 144 > EOF
150 145 $ hg pull
151 146 pulling from http://localhost:$HGPORT1/
152 147 searching for changes
153 148 adding changesets
154 149 adding manifests
155 150 adding file changes
156 151 added 1 changesets with 1 changes to 1 files
157 152 new changesets 5fed3813f7f5
158 153 changegroup hook: HG_HOOKNAME=changegroup HG_HOOKTYPE=changegroup HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:$ID$ HG_URL=http://localhost:$HGPORT1/
159 154 (run 'hg update' to get a working copy)
160 155 $ cd ..
161 156
162 157 clone from invalid URL
163 158
164 159 $ hg clone http://localhost:$HGPORT/bad
165 160 abort: HTTP Error 404: Not Found
166 161 [255]
167 162
168 163 test http authentication
169 164 + use the same server to test server side streaming preference
170 165
171 166 $ cd test
172 167 $ cat << EOT > userpass.py
173 168 > import base64
174 169 > from mercurial.hgweb import common
175 170 > def perform_authentication(hgweb, req, op):
176 171 > auth = req.env.get('HTTP_AUTHORIZATION')
177 172 > if not auth:
178 173 > raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who',
179 174 > [('WWW-Authenticate', 'Basic Realm="mercurial"')])
180 175 > if base64.b64decode(auth.split()[1]).split(':', 1) != ['user', 'pass']:
181 176 > raise common.ErrorResponse(common.HTTP_FORBIDDEN, 'no')
182 177 > def extsetup():
183 178 > common.permhooks.insert(0, perform_authentication)
184 179 > EOT
185 180 $ hg serve --config extensions.x=userpass.py -p $HGPORT2 -d --pid-file=pid \
186 181 > --config server.preferuncompressed=True \
187 182 > --config web.push_ssl=False --config web.allow_push=* -A ../access.log
188 183 $ cat pid >> $DAEMON_PIDS
189 184
190 185 $ cat << EOF > get_pass.py
191 186 > import getpass
192 187 > def newgetpass(arg):
193 188 > return "pass"
194 189 > getpass.getpass = newgetpass
195 190 > EOF
196 191
197 192 $ hg id http://localhost:$HGPORT2/
198 193 abort: http authorization required for http://localhost:$HGPORT2/
199 194 [255]
200 195 $ hg id http://localhost:$HGPORT2/
201 196 abort: http authorization required for http://localhost:$HGPORT2/
202 197 [255]
203 198 $ hg id --config ui.interactive=true --config extensions.getpass=get_pass.py http://user@localhost:$HGPORT2/
204 199 http authorization required for http://localhost:$HGPORT2/
205 200 realm: mercurial
206 201 user: user
207 202 password: 5fed3813f7f5
208 203 $ hg id http://user:pass@localhost:$HGPORT2/
209 204 5fed3813f7f5
210 205 $ echo '[auth]' >> .hg/hgrc
211 206 $ echo 'l.schemes=http' >> .hg/hgrc
212 207 $ echo 'l.prefix=lo' >> .hg/hgrc
213 208 $ echo 'l.username=user' >> .hg/hgrc
214 209 $ echo 'l.password=pass' >> .hg/hgrc
215 210 $ hg id http://localhost:$HGPORT2/
216 211 5fed3813f7f5
217 212 $ hg id http://localhost:$HGPORT2/
218 213 5fed3813f7f5
219 214 $ hg id http://user@localhost:$HGPORT2/
220 215 5fed3813f7f5
221 216 $ hg clone http://user:pass@localhost:$HGPORT2/ dest 2>&1
222 217 streaming all changes
223 218 7 files to transfer, 916 bytes of data
224 219 transferred * bytes in * seconds (*/sec) (glob)
225 220 searching for changes
226 221 no changes found
227 222 updating to branch default
228 223 5 files updated, 0 files merged, 0 files removed, 0 files unresolved
229 224 --pull should override server's preferuncompressed
230 225 $ hg clone --pull http://user:pass@localhost:$HGPORT2/ dest-pull 2>&1
231 226 requesting all changes
232 227 adding changesets
233 228 adding manifests
234 229 adding file changes
235 230 added 2 changesets with 5 changes to 5 files
236 231 new changesets 8b6053c928fe:5fed3813f7f5
237 232 updating to branch default
238 233 5 files updated, 0 files merged, 0 files removed, 0 files unresolved
239 234
240 235 $ hg id http://user2@localhost:$HGPORT2/
241 236 abort: http authorization required for http://localhost:$HGPORT2/
242 237 [255]
243 238 $ hg id http://user:pass2@localhost:$HGPORT2/
244 239 abort: HTTP Error 403: no
245 240 [255]
246 241
247 242 $ hg -R dest tag -r tip top
248 243 $ hg -R dest push http://user:pass@localhost:$HGPORT2/
249 244 pushing to http://user:***@localhost:$HGPORT2/
250 245 searching for changes
251 246 remote: adding changesets
252 247 remote: adding manifests
253 248 remote: adding file changes
254 249 remote: added 1 changesets with 1 changes to 1 files
255 250 $ hg rollback -q
256 251
257 252 $ sed 's/.*] "/"/' < ../access.log
258 253 "GET /?cmd=capabilities HTTP/1.1" 200 -
259 254 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
260 255 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
261 256 "GET /?cmd=capabilities HTTP/1.1" 200 -
262 257 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
263 258 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
264 259 "GET /?cmd=capabilities HTTP/1.1" 200 -
265 260 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
266 261 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
267 262 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
268 263 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
269 264 "GET /?cmd=capabilities HTTP/1.1" 200 -
270 265 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
271 266 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
272 267 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
273 268 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
274 269 "GET /?cmd=capabilities HTTP/1.1" 200 -
275 270 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
276 271 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
277 272 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
278 273 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
279 274 "GET /?cmd=capabilities HTTP/1.1" 200 -
280 275 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
281 276 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
282 277 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
283 278 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
284 279 "GET /?cmd=capabilities HTTP/1.1" 200 -
285 280 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
286 281 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
287 282 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
288 283 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
289 284 "GET /?cmd=capabilities HTTP/1.1" 200 -
290 285 "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
291 286 "GET /?cmd=stream_out HTTP/1.1" 401 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
292 287 "GET /?cmd=stream_out HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
293 288 "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
294 289 "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:$USUAL_BUNDLE_CAPS$&cg=0&common=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
295 290 "GET /?cmd=capabilities HTTP/1.1" 200 -
296 291 "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
297 292 "GET /?cmd=getbundle HTTP/1.1" 401 - x-hgarg-1:$USUAL_BUNDLE_CAPS$&cg=1&common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
298 293 "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:$USUAL_BUNDLE_CAPS$&cg=1&common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
299 294 "GET /?cmd=capabilities HTTP/1.1" 200 -
300 295 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
301 296 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
302 297 "GET /?cmd=capabilities HTTP/1.1" 200 -
303 298 "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
304 299 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
305 300 "GET /?cmd=listkeys HTTP/1.1" 403 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
306 301 "GET /?cmd=capabilities HTTP/1.1" 200 -
307 302 "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D7f4e523d01f2cc3765ac8934da3d14db775ff872 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
308 303 "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
309 304 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
310 305 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
311 306 "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
312 307 "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
313 308 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
314 309 "POST /?cmd=unbundle HTTP/1.1" 200 - x-hgarg-1:heads=666f726365* (glob)
315 310 "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
316 311
317 312 $ cd ..
318 313
319 314 clone of serve with repo in root and unserved subrepo (issue2970)
320 315
321 316 $ hg --cwd test init sub
322 317 $ echo empty > test/sub/empty
323 318 $ hg --cwd test/sub add empty
324 319 $ hg --cwd test/sub commit -qm 'add empty'
325 320 $ hg --cwd test/sub tag -r 0 something
326 321 $ echo sub = sub > test/.hgsub
327 322 $ hg --cwd test add .hgsub
328 323 $ hg --cwd test commit -qm 'add subrepo'
329 324 $ hg clone http://localhost:$HGPORT noslash-clone
330 325 requesting all changes
331 326 adding changesets
332 327 adding manifests
333 328 adding file changes
334 329 added 3 changesets with 7 changes to 7 files
335 330 new changesets 8b6053c928fe:56f9bc90cce6
336 331 updating to branch default
337 332 abort: HTTP Error 404: Not Found
338 333 [255]
339 334 $ hg clone http://localhost:$HGPORT/ slash-clone
340 335 requesting all changes
341 336 adding changesets
342 337 adding manifests
343 338 adding file changes
344 339 added 3 changesets with 7 changes to 7 files
345 340 new changesets 8b6053c928fe:56f9bc90cce6
346 341 updating to branch default
347 342 abort: HTTP Error 404: Not Found
348 343 [255]
349 344
350 345 check error log
351 346
352 347 $ cat error.log
353 348
354 349 check abort error reporting while pulling/cloning
355 350
356 351 $ $RUNTESTDIR/killdaemons.py
357 352 $ hg serve -R test -p $HGPORT -d --pid-file=hg3.pid -E error.log --config extensions.crash=${TESTDIR}/crashgetbundler.py
358 353 $ cat hg3.pid >> $DAEMON_PIDS
359 354 $ hg clone http://localhost:$HGPORT/ abort-clone
360 355 requesting all changes
361 356 remote: abort: this is an exercise
362 357 abort: pull failed on remote
363 358 [255]
364 359 $ cat error.log
365 360
366 361 disable pull-based clones
367 362
368 363 $ hg serve -R test -p $HGPORT1 -d --pid-file=hg4.pid -E error.log --config server.disablefullbundle=True
369 364 $ cat hg4.pid >> $DAEMON_PIDS
370 365 $ hg clone http://localhost:$HGPORT1/ disable-pull-clone
371 366 requesting all changes
372 367 remote: abort: server has pull-based clones disabled
373 368 abort: pull failed on remote
374 369 (remove --pull if specified or upgrade Mercurial)
375 370 [255]
376 371
377 372 ... but keep stream clones working
378 373
379 374 $ hg clone --stream --noupdate http://localhost:$HGPORT1/ test-stream-clone
380 375 streaming all changes
381 376 * files to transfer, * of data (glob)
382 377 transferred * in * seconds (*/sec) (glob)
383 378 searching for changes
384 379 no changes found
385 380 $ cat error.log
386 381
387 382 ... and also keep partial clones and pulls working
388 383 $ hg clone http://localhost:$HGPORT1 --rev 0 test-partial-clone
389 384 adding changesets
390 385 adding manifests
391 386 adding file changes
392 387 added 1 changesets with 4 changes to 4 files
393 388 new changesets 8b6053c928fe
394 389 updating to branch default
395 390 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
396 391 $ hg pull -R test-partial-clone
397 392 pulling from http://localhost:$HGPORT1/
398 393 searching for changes
399 394 adding changesets
400 395 adding manifests
401 396 adding file changes
402 397 added 2 changesets with 3 changes to 3 files
403 398 new changesets 5fed3813f7f5:56f9bc90cce6
404 399 (run 'hg update' to get a working copy)
405 400
406 401 corrupt cookies file should yield a warning
407 402
408 403 $ cat > $TESTTMP/cookies.txt << EOF
409 404 > bad format
410 405 > EOF
411 406
412 407 $ hg --config auth.cookiefile=$TESTTMP/cookies.txt id http://localhost:$HGPORT/
413 408 (error loading cookie file $TESTTMP/cookies.txt: '*/cookies.txt' does not look like a Netscape format cookies file; continuing without cookies) (glob)
414 409 56f9bc90cce6
415 410
416 411 $ killdaemons.py
417 412
418 413 Create dummy authentication handler that looks for cookies. It doesn't do anything
419 414 useful. It just raises an HTTP 500 with details about the Cookie request header.
420 415 We raise HTTP 500 because its message is printed in the abort message.
421 416
422 417 $ cat > cookieauth.py << EOF
423 418 > from mercurial import util
424 419 > from mercurial.hgweb import common
425 420 > def perform_authentication(hgweb, req, op):
426 421 > cookie = req.env.get('HTTP_COOKIE')
427 422 > if not cookie:
428 423 > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'no-cookie')
429 424 > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'Cookie: %s' % cookie)
430 425 > def extsetup():
431 426 > common.permhooks.insert(0, perform_authentication)
432 427 > EOF
433 428
434 429 $ hg serve --config extensions.cookieauth=cookieauth.py -R test -p $HGPORT -d --pid-file=pid
435 430 $ cat pid > $DAEMON_PIDS
436 431
437 432 Request without cookie sent should fail due to lack of cookie
438 433
439 434 $ hg id http://localhost:$HGPORT
440 435 abort: HTTP Error 500: no-cookie
441 436 [255]
442 437
443 438 Populate a cookies file
444 439
445 440 $ cat > cookies.txt << EOF
446 441 > # HTTP Cookie File
447 442 > # Expiration is 2030-01-01 at midnight
448 443 > .example.com TRUE / FALSE 1893456000 hgkey examplevalue
449 444 > EOF
450 445
451 446 Should not send a cookie for another domain
452 447
453 448 $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/
454 449 abort: HTTP Error 500: no-cookie
455 450 [255]
456 451
457 452 Add a cookie entry for our test server and verify it is sent
458 453
459 454 $ cat >> cookies.txt << EOF
460 455 > localhost.local FALSE / FALSE 1893456000 hgkey localhostvalue
461 456 > EOF
462 457
463 458 $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/
464 459 abort: HTTP Error 500: Cookie: hgkey=localhostvalue
465 460 [255]
Show file before | Show file after | Hide comments
@@ -1,671 +1,666 b''
1 1 #require serve ssl
2 2
3 3 Proper https client requires the built-in ssl from Python 2.6.
4 4
5 5 Make server certificates:
6 6
7 7 $ CERTSDIR="$TESTDIR/sslcerts"
8 8 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
9 9 $ PRIV=`pwd`/server.pem
10 10 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem
11 11 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem
12 12
13 13 $ hg init test
14 14 $ cd test
15 15 $ echo foo>foo
16 16 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
17 17 $ echo foo>foo.d/foo
18 18 $ echo bar>foo.d/bAr.hg.d/BaR
19 19 $ echo bar>foo.d/baR.d.hg/bAR
20 20 $ hg commit -A -m 1
21 21 adding foo
22 22 adding foo.d/bAr.hg.d/BaR
23 23 adding foo.d/baR.d.hg/bAR
24 24 adding foo.d/foo
25 25 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
26 26 $ cat ../hg0.pid >> $DAEMON_PIDS
27 27
28 28 cacert not found
29 29
30 30 $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
31 31 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
32 32 abort: could not find web.cacerts: no-such.pem
33 33 [255]
34 34
35 35 Test server address cannot be reused
36 36
37 #if windows
38 37 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
39 abort: cannot start server at 'localhost:$HGPORT': * (glob)
38 abort: cannot start server at 'localhost:$HGPORT': $EADDRINUSE$
40 39 [255]
41 #else
42 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
43 abort: cannot start server at 'localhost:$HGPORT': Address already in use
44 [255]
45 #endif
40
46 41 $ cd ..
47 42
48 43 Our test cert is not signed by a trusted CA. It should fail to verify if
49 44 we are able to load CA certs.
50 45
51 46 #if sslcontext defaultcacerts no-defaultcacertsloaded
52 47 $ hg clone https://localhost:$HGPORT/ copy-pull
53 48 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
54 49 abort: error: *certificate verify failed* (glob)
55 50 [255]
56 51 #endif
57 52
58 53 #if no-sslcontext defaultcacerts
59 54 $ hg clone https://localhost:$HGPORT/ copy-pull
60 55 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
61 56 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
62 57 abort: error: *certificate verify failed* (glob)
63 58 [255]
64 59 #endif
65 60
66 61 #if no-sslcontext windows
67 62 $ hg clone https://localhost:$HGPORT/ copy-pull
68 63 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
69 64 (unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
70 65 abort: error: *certificate verify failed* (glob)
71 66 [255]
72 67 #endif
73 68
74 69 #if no-sslcontext osx
75 70 $ hg clone https://localhost:$HGPORT/ copy-pull
76 71 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
77 72 (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
78 73 abort: localhost certificate error: no certificate received
79 74 (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
80 75 [255]
81 76 #endif
82 77
83 78 #if defaultcacertsloaded
84 79 $ hg clone https://localhost:$HGPORT/ copy-pull
85 80 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
86 81 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
87 82 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
88 83 abort: error: *certificate verify failed* (glob)
89 84 [255]
90 85 #endif
91 86
92 87 #if no-defaultcacerts
93 88 $ hg clone https://localhost:$HGPORT/ copy-pull
94 89 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
95 90 (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
96 91 abort: localhost certificate error: no certificate received
97 92 (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
98 93 [255]
99 94 #endif
100 95
101 96 Specifying a per-host certificate file that doesn't exist will abort. The full
102 97 C:/path/to/msysroot will print on Windows.
103 98
104 99 $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/
105 100 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
106 101 abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: */does/not/exist (glob)
107 102 [255]
108 103
109 104 A malformed per-host certificate file will raise an error
110 105
111 106 $ echo baddata > badca.pem
112 107 #if sslcontext
113 108 $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
114 109 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
115 110 abort: error loading CA file badca.pem: * (glob)
116 111 (file is empty or malformed?)
117 112 [255]
118 113 #else
119 114 $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
120 115 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
121 116 abort: error: * (glob)
122 117 [255]
123 118 #endif
124 119
125 120 A per-host certificate mismatching the server will fail verification
126 121
127 122 (modern ssl is able to discern whether the loaded cert is a CA cert)
128 123 #if sslcontext
129 124 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
130 125 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
131 126 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
132 127 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
133 128 abort: error: *certificate verify failed* (glob)
134 129 [255]
135 130 #else
136 131 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
137 132 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
138 133 abort: error: *certificate verify failed* (glob)
139 134 [255]
140 135 #endif
141 136
142 137 A per-host certificate matching the server's cert will be accepted
143 138
144 139 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1
145 140 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
146 141 requesting all changes
147 142 adding changesets
148 143 adding manifests
149 144 adding file changes
150 145 added 1 changesets with 4 changes to 4 files
151 146 new changesets 8b6053c928fe
152 147
153 148 A per-host certificate with multiple certs and one matching will be accepted
154 149
155 150 $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem
156 151 $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2
157 152 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
158 153 requesting all changes
159 154 adding changesets
160 155 adding manifests
161 156 adding file changes
162 157 added 1 changesets with 4 changes to 4 files
163 158 new changesets 8b6053c928fe
164 159
165 160 Defining both per-host certificate and a fingerprint will print a warning
166 161
167 162 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning
168 163 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
169 164 (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification)
170 165 requesting all changes
171 166 adding changesets
172 167 adding manifests
173 168 adding file changes
174 169 added 1 changesets with 4 changes to 4 files
175 170 new changesets 8b6053c928fe
176 171
177 172 $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
178 173
179 174 Inability to verify peer certificate will result in abort
180 175
181 176 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
182 177 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
183 178 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
184 179 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
185 180 [255]
186 181
187 182 $ hg clone --insecure https://localhost:$HGPORT/ copy-pull
188 183 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
189 184 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
190 185 requesting all changes
191 186 adding changesets
192 187 adding manifests
193 188 adding file changes
194 189 added 1 changesets with 4 changes to 4 files
195 190 new changesets 8b6053c928fe
196 191 updating to branch default
197 192 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
198 193 $ hg verify -R copy-pull
199 194 checking changesets
200 195 checking manifests
201 196 crosschecking files in changesets and manifests
202 197 checking files
203 198 4 files, 1 changesets, 4 total revisions
204 199 $ cd test
205 200 $ echo bar > bar
206 201 $ hg commit -A -d '1 0' -m 2
207 202 adding bar
208 203 $ cd ..
209 204
210 205 pull without cacert
211 206
212 207 $ cd copy-pull
213 208 $ cat >> .hg/hgrc <<EOF
214 209 > [hooks]
215 210 > changegroup = sh -c "printenv.py changegroup"
216 211 > EOF
217 212 $ hg pull $DISABLECACERTS
218 213 pulling from https://localhost:$HGPORT/
219 214 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
220 215 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
221 216 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
222 217 [255]
223 218
224 219 $ hg pull --insecure
225 220 pulling from https://localhost:$HGPORT/
226 221 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
227 222 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
228 223 searching for changes
229 224 adding changesets
230 225 adding manifests
231 226 adding file changes
232 227 added 1 changesets with 1 changes to 1 files
233 228 new changesets 5fed3813f7f5
234 229 changegroup hook: HG_HOOKNAME=changegroup HG_HOOKTYPE=changegroup HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:$ID$ HG_URL=https://localhost:$HGPORT/
235 230 (run 'hg update' to get a working copy)
236 231 $ cd ..
237 232
238 233 cacert configured in local repo
239 234
240 235 $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
241 236 $ echo "[web]" >> copy-pull/.hg/hgrc
242 237 $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc
243 238 $ hg -R copy-pull pull
244 239 pulling from https://localhost:$HGPORT/
245 240 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
246 241 searching for changes
247 242 no changes found
248 243 $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
249 244
250 245 cacert configured globally, also testing expansion of environment
251 246 variables in the filename
252 247
253 248 $ echo "[web]" >> $HGRCPATH
254 249 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
255 250 $ P="$CERTSDIR" hg -R copy-pull pull
256 251 pulling from https://localhost:$HGPORT/
257 252 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
258 253 searching for changes
259 254 no changes found
260 255 $ P="$CERTSDIR" hg -R copy-pull pull --insecure
261 256 pulling from https://localhost:$HGPORT/
262 257 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
263 258 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
264 259 searching for changes
265 260 no changes found
266 261
267 262 empty cacert file
268 263
269 264 $ touch emptycafile
270 265
271 266 #if sslcontext
272 267 $ hg --config web.cacerts=emptycafile -R copy-pull pull
273 268 pulling from https://localhost:$HGPORT/
274 269 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
275 270 abort: error loading CA file emptycafile: * (glob)
276 271 (file is empty or malformed?)
277 272 [255]
278 273 #else
279 274 $ hg --config web.cacerts=emptycafile -R copy-pull pull
280 275 pulling from https://localhost:$HGPORT/
281 276 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
282 277 abort: error: * (glob)
283 278 [255]
284 279 #endif
285 280
286 281 cacert mismatch
287 282
288 283 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
289 284 > https://$LOCALIP:$HGPORT/
290 285 pulling from https://*:$HGPORT/ (glob)
291 286 warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
292 287 abort: $LOCALIP certificate error: certificate is for localhost (glob)
293 288 (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
294 289 [255]
295 290 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
296 291 > https://$LOCALIP:$HGPORT/ --insecure
297 292 pulling from https://*:$HGPORT/ (glob)
298 293 warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
299 294 warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob)
300 295 searching for changes
301 296 no changes found
302 297 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
303 298 pulling from https://localhost:$HGPORT/
304 299 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
305 300 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
306 301 abort: error: *certificate verify failed* (glob)
307 302 [255]
308 303 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
309 304 > --insecure
310 305 pulling from https://localhost:$HGPORT/
311 306 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
312 307 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
313 308 searching for changes
314 309 no changes found
315 310
316 311 Test server cert which isn't valid yet
317 312
318 313 $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
319 314 $ cat hg1.pid >> $DAEMON_PIDS
320 315 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \
321 316 > https://localhost:$HGPORT1/
322 317 pulling from https://localhost:$HGPORT1/
323 318 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
324 319 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
325 320 abort: error: *certificate verify failed* (glob)
326 321 [255]
327 322
328 323 Test server cert which no longer is valid
329 324
330 325 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
331 326 $ cat hg2.pid >> $DAEMON_PIDS
332 327 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \
333 328 > https://localhost:$HGPORT2/
334 329 pulling from https://localhost:$HGPORT2/
335 330 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
336 331 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
337 332 abort: error: *certificate verify failed* (glob)
338 333 [255]
339 334
340 335 Disabling the TLS 1.0 warning works
341 336 $ hg -R copy-pull id https://localhost:$HGPORT/ \
342 337 > --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 \
343 338 > --config hostsecurity.disabletls10warning=true
344 339 5fed3813f7f5
345 340
346 341 Error message for setting ciphers is different depending on SSLContext support
347 342
348 343 #if no-sslcontext
349 344 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
350 345 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
351 346 abort: *No cipher can be selected. (glob)
352 347 [255]
353 348
354 349 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
355 350 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
356 351 5fed3813f7f5
357 352 #endif
358 353
359 354 #if sslcontext
360 355 Setting ciphers to an invalid value aborts
361 356 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
362 357 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
363 358 abort: could not set ciphers: No cipher can be selected.
364 359 (change cipher string (invalid) in config)
365 360 [255]
366 361
367 362 $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
368 363 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
369 364 abort: could not set ciphers: No cipher can be selected.
370 365 (change cipher string (invalid) in config)
371 366 [255]
372 367
373 368 Changing the cipher string works
374 369
375 370 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
376 371 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
377 372 5fed3813f7f5
378 373 #endif
379 374
380 375 Fingerprints
381 376
382 377 - works without cacerts (hostfingerprints)
383 378 $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
384 379 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
385 380 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
386 381 5fed3813f7f5
387 382
388 383 - works without cacerts (hostsecurity)
389 384 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
390 385 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
391 386 5fed3813f7f5
392 387
393 388 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
394 389 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
395 390 5fed3813f7f5
396 391
397 392 - multiple fingerprints specified and first matches
398 393 $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
399 394 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
400 395 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
401 396 5fed3813f7f5
402 397
403 398 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
404 399 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
405 400 5fed3813f7f5
406 401
407 402 - multiple fingerprints specified and last matches
408 403 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure
409 404 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
410 405 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
411 406 5fed3813f7f5
412 407
413 408 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/
414 409 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
415 410 5fed3813f7f5
416 411
417 412 - multiple fingerprints specified and none match
418 413
419 414 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
420 415 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
421 416 abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
422 417 (check hostfingerprint configuration)
423 418 [255]
424 419
425 420 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
426 421 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
427 422 abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
428 423 (check hostsecurity configuration)
429 424 [255]
430 425
431 426 - fails when cert doesn't match hostname (port is ignored)
432 427 $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
433 428 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
434 429 abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84
435 430 (check hostfingerprint configuration)
436 431 [255]
437 432
438 433
439 434 - ignores that certificate doesn't match hostname
440 435 $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
441 436 warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
442 437 (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
443 438 5fed3813f7f5
444 439
445 440 Ports used by next test. Kill servers.
446 441
447 442 $ killdaemons.py hg0.pid
448 443 $ killdaemons.py hg1.pid
449 444 $ killdaemons.py hg2.pid
450 445
451 446 #if sslcontext tls1.2
452 447 Start servers running supported TLS versions
453 448
454 449 $ cd test
455 450 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
456 451 > --config devel.serverexactprotocol=tls1.0
457 452 $ cat ../hg0.pid >> $DAEMON_PIDS
458 453 $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
459 454 > --config devel.serverexactprotocol=tls1.1
460 455 $ cat ../hg1.pid >> $DAEMON_PIDS
461 456 $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
462 457 > --config devel.serverexactprotocol=tls1.2
463 458 $ cat ../hg2.pid >> $DAEMON_PIDS
464 459 $ cd ..
465 460
466 461 Clients talking same TLS versions work
467 462
468 463 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/
469 464 5fed3813f7f5
470 465 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/
471 466 5fed3813f7f5
472 467 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
473 468 5fed3813f7f5
474 469
475 470 Clients requiring newer TLS version than what server supports fail
476 471
477 472 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
478 473 (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
479 474 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
480 475 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
481 476 abort: error: *unsupported protocol* (glob)
482 477 [255]
483 478
484 479 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/
485 480 (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
486 481 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
487 482 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
488 483 abort: error: *unsupported protocol* (glob)
489 484 [255]
490 485 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/
491 486 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
492 487 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
493 488 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
494 489 abort: error: *unsupported protocol* (glob)
495 490 [255]
496 491 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/
497 492 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
498 493 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
499 494 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
500 495 abort: error: *unsupported protocol* (glob)
501 496 [255]
502 497
503 498 --insecure will allow TLS 1.0 connections and override configs
504 499
505 500 $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/
506 501 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
507 502 5fed3813f7f5
508 503
509 504 The per-host config option overrides the default
510 505
511 506 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
512 507 > --config hostsecurity.minimumprotocol=tls1.2 \
513 508 > --config hostsecurity.localhost:minimumprotocol=tls1.0
514 509 5fed3813f7f5
515 510
516 511 The per-host config option by itself works
517 512
518 513 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
519 514 > --config hostsecurity.localhost:minimumprotocol=tls1.2
520 515 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
521 516 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
522 517 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
523 518 abort: error: *unsupported protocol* (glob)
524 519 [255]
525 520
526 521 .hg/hgrc file [hostsecurity] settings are applied to remote ui instances (issue5305)
527 522
528 523 $ cat >> copy-pull/.hg/hgrc << EOF
529 524 > [hostsecurity]
530 525 > localhost:minimumprotocol=tls1.2
531 526 > EOF
532 527 $ P="$CERTSDIR" hg -R copy-pull id https://localhost:$HGPORT/
533 528 (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
534 529 (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
535 530 (see https://mercurial-scm.org/wiki/SecureConnections for more info)
536 531 abort: error: *unsupported protocol* (glob)
537 532 [255]
538 533
539 534 $ killdaemons.py hg0.pid
540 535 $ killdaemons.py hg1.pid
541 536 $ killdaemons.py hg2.pid
542 537 #endif
543 538
544 539 Prepare for connecting through proxy
545 540
546 541 $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV
547 542 $ cat hg0.pid >> $DAEMON_PIDS
548 543 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
549 544 $ cat hg2.pid >> $DAEMON_PIDS
550 545 tinyproxy.py doesn't fully detach, so killing it may result in extra output
551 546 from the shell. So don't kill it.
552 547 $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
553 548 $ while [ ! -f proxy.pid ]; do sleep 0; done
554 549 $ cat proxy.pid >> $DAEMON_PIDS
555 550
556 551 $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
557 552 $ echo "always=True" >> copy-pull/.hg/hgrc
558 553 $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
559 554 $ echo "localhost =" >> copy-pull/.hg/hgrc
560 555
561 556 Test unvalidated https through proxy
562 557
563 558 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure
564 559 pulling from https://localhost:$HGPORT/
565 560 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
566 561 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
567 562 searching for changes
568 563 no changes found
569 564
570 565 Test https with cacert and fingerprint through proxy
571 566
572 567 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
573 568 > --config web.cacerts="$CERTSDIR/pub.pem"
574 569 pulling from https://localhost:$HGPORT/
575 570 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
576 571 searching for changes
577 572 no changes found
578 573 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace
579 574 pulling from https://*:$HGPORT/ (glob)
580 575 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
581 576 (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
582 577 searching for changes
583 578 no changes found
584 579
585 580 Test https with cert problems through proxy
586 581
587 582 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
588 583 > --config web.cacerts="$CERTSDIR/pub-other.pem"
589 584 pulling from https://localhost:$HGPORT/
590 585 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
591 586 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
592 587 abort: error: *certificate verify failed* (glob)
593 588 [255]
594 589 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
595 590 > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
596 591 pulling from https://localhost:$HGPORT2/
597 592 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
598 593 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
599 594 abort: error: *certificate verify failed* (glob)
600 595 [255]
601 596
602 597
603 598 $ killdaemons.py hg0.pid
604 599
605 600 #if sslcontext
606 601
607 602 $ cd test
608 603
609 604 Missing certificate file(s) are detected
610 605
611 606 $ hg serve -p $HGPORT --certificate=/missing/certificate \
612 607 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
613 608 abort: referenced certificate file (*/missing/certificate) does not exist (glob)
614 609 [255]
615 610
616 611 $ hg serve -p $HGPORT --certificate=$PRIV \
617 612 > --config devel.servercafile=/missing/cafile --config devel.serverrequirecert=true
618 613 abort: referenced certificate file (*/missing/cafile) does not exist (glob)
619 614 [255]
620 615
621 616 Start hgweb that requires client certificates:
622 617
623 618 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
624 619 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
625 620 $ cat ../hg0.pid >> $DAEMON_PIDS
626 621 $ cd ..
627 622
628 623 without client certificate:
629 624
630 625 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
631 626 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
632 627 abort: error: *handshake failure* (glob)
633 628 [255]
634 629
635 630 with client certificate:
636 631
637 632 $ cat << EOT >> $HGRCPATH
638 633 > [auth]
639 634 > l.prefix = localhost
640 635 > l.cert = $CERTSDIR/client-cert.pem
641 636 > l.key = $CERTSDIR/client-key.pem
642 637 > EOT
643 638
644 639 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
645 640 > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem"
646 641 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
647 642 5fed3813f7f5
648 643
649 644 $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
650 645 > --config ui.interactive=True --config ui.nontty=True
651 646 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
652 647 passphrase for */client-key.pem: 5fed3813f7f5 (glob)
653 648
654 649 $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/
655 650 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
656 651 abort: error: * (glob)
657 652 [255]
658 653
659 654 Missing certficate and key files result in error
660 655
661 656 $ hg id https://localhost:$HGPORT/ --config auth.l.cert=/missing/cert
662 657 abort: certificate file (*/missing/cert) does not exist; cannot connect to localhost (glob)
663 658 (restore missing file or fix references in Mercurial config)
664 659 [255]
665 660
666 661 $ hg id https://localhost:$HGPORT/ --config auth.l.key=/missing/key
667 662 abort: certificate file (*/missing/key) does not exist; cannot connect to localhost (glob)
668 663 (restore missing file or fix references in Mercurial config)
669 664 [255]
670 665
671 666 #endif
General Comments 0
You need to be logged in to leave comments. Login now