Show More
@@ -1,67 +1,75 b'' | |||
|
1 | 1 | # common patterns in test at can safely be replaced |
|
2 | 2 | from __future__ import absolute_import |
|
3 | 3 | |
|
4 | 4 | substitutions = [ |
|
5 | 5 | # list of possible compressions |
|
6 | 6 | (br'zstd,zlib,none,bzip2', |
|
7 | 7 | br'$USUAL_COMPRESSIONS$' |
|
8 | 8 | ), |
|
9 | 9 | # capabilities sent through http |
|
10 | 10 | (br'bundlecaps=HG20%2Cbundle2%3DHG20%250A' |
|
11 | 11 | br'changegroup%253D01%252C02%250A' |
|
12 | 12 | br'digests%253Dmd5%252Csha1%252Csha512%250A' |
|
13 | 13 | br'error%253Dabort%252Cunsupportedcontent%252Cpushraced%252Cpushkey%250A' |
|
14 | 14 | br'hgtagsfnodes%250A' |
|
15 | 15 | br'listkeys%250A' |
|
16 | 16 | br'phases%253Dheads%250A' |
|
17 | 17 | br'pushkey%250A' |
|
18 | 18 | br'remote-changegroup%253Dhttp%252Chttps', |
|
19 | 19 | # (the replacement patterns) |
|
20 | 20 | br'$USUAL_BUNDLE_CAPS$' |
|
21 | 21 | ), |
|
22 | 22 | # bundle2 capabilities sent through ssh |
|
23 | 23 | (br'bundle2=HG20%0A' |
|
24 | 24 | br'changegroup%3D01%2C02%0A' |
|
25 | 25 | br'digests%3Dmd5%2Csha1%2Csha512%0A' |
|
26 | 26 | br'error%3Dabort%2Cunsupportedcontent%2Cpushraced%2Cpushkey%0A' |
|
27 | 27 | br'hgtagsfnodes%0A' |
|
28 | 28 | br'listkeys%0A' |
|
29 | 29 | br'phases%3Dheads%0A' |
|
30 | 30 | br'pushkey%0A' |
|
31 | 31 | br'remote-changegroup%3Dhttp%2Chttps', |
|
32 | 32 | # (replacement patterns) |
|
33 | 33 | br'$USUAL_BUNDLE2_CAPS$' |
|
34 | 34 | ), |
|
35 | 35 | # HTTP log dates |
|
36 | 36 | (br' - - \[\d\d/.../2\d\d\d \d\d:\d\d:\d\d] "GET', |
|
37 | 37 | br' - - [$LOGDATE$] "GET' |
|
38 | 38 | ), |
|
39 | 39 | ] |
|
40 | 40 | |
|
41 | 41 | # Various platform error strings, keyed on a common replacement string |
|
42 | 42 | _errors = { |
|
43 | 43 | br'$ENOENT$': ( |
|
44 | 44 | # strerror() |
|
45 | 45 | br'No such file or directory', |
|
46 | 46 | |
|
47 | 47 | # FormatMessage(ERROR_FILE_NOT_FOUND) |
|
48 | 48 | br'The system cannot find the file specified', |
|
49 | 49 | ), |
|
50 | 50 | br'$ENOTDIR$': ( |
|
51 | 51 | # strerror() |
|
52 | 52 | br'Not a directory', |
|
53 | 53 | |
|
54 | 54 | # FormatMessage(ERROR_PATH_NOT_FOUND) |
|
55 | 55 | br'The system cannot find the path specified', |
|
56 | 56 | ), |
|
57 | 57 | br'$ECONNRESET$': ( |
|
58 | 58 | # strerror() |
|
59 | 59 | br'Connection reset by peer', |
|
60 | 60 | |
|
61 | 61 | # FormatMessage(WSAECONNRESET) |
|
62 | 62 | br'An existing connection was forcibly closed by the remote host', |
|
63 | 63 | ), |
|
64 | br'$EADDRINUSE$': ( | |
|
65 | # strerror() | |
|
66 | br'Address already in use', | |
|
67 | ||
|
68 | # FormatMessage(WSAEADDRINUSE) | |
|
69 | br'Only one usage of each socket address' | |
|
70 | br' \(protocol/network address/port\) is normally permitted', | |
|
71 | ), | |
|
64 | 72 | } |
|
65 | 73 | |
|
66 | 74 | for replace, msgs in _errors.items(): |
|
67 | 75 | substitutions.extend((m, replace) for m in msgs) |
@@ -1,416 +1,411 b'' | |||
|
1 | 1 | #require serve |
|
2 | 2 | |
|
3 | 3 | This test is a duplicate of 'test-http.t', feel free to factor out |
|
4 | 4 | parts that are not bundle1/bundle2 specific. |
|
5 | 5 | |
|
6 | 6 | $ cat << EOF >> $HGRCPATH |
|
7 | 7 | > [devel] |
|
8 | 8 | > # This test is dedicated to interaction through old bundle |
|
9 | 9 | > legacy.exchange = bundle1 |
|
10 | 10 | > EOF |
|
11 | 11 | |
|
12 | 12 | $ hg init test |
|
13 | 13 | $ cd test |
|
14 | 14 | $ echo foo>foo |
|
15 | 15 | $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg |
|
16 | 16 | $ echo foo>foo.d/foo |
|
17 | 17 | $ echo bar>foo.d/bAr.hg.d/BaR |
|
18 | 18 | $ echo bar>foo.d/baR.d.hg/bAR |
|
19 | 19 | $ hg commit -A -m 1 |
|
20 | 20 | adding foo |
|
21 | 21 | adding foo.d/bAr.hg.d/BaR |
|
22 | 22 | adding foo.d/baR.d.hg/bAR |
|
23 | 23 | adding foo.d/foo |
|
24 | 24 | $ hg serve -p $HGPORT -d --pid-file=../hg1.pid -E ../error.log |
|
25 | 25 | $ hg serve --config server.uncompressed=False -p $HGPORT1 -d --pid-file=../hg2.pid |
|
26 | 26 | |
|
27 | 27 | Test server address cannot be reused |
|
28 | 28 | |
|
29 | #if windows | |
|
30 | 29 | $ hg serve -p $HGPORT1 2>&1 |
|
31 |
abort: cannot start server at 'localhost:$HGPORT1': |
|
|
30 | abort: cannot start server at 'localhost:$HGPORT1': $EADDRINUSE$ | |
|
32 | 31 | [255] |
|
33 | #else | |
|
34 | $ hg serve -p $HGPORT1 2>&1 | |
|
35 | abort: cannot start server at 'localhost:$HGPORT1': Address already in use | |
|
36 | [255] | |
|
37 | #endif | |
|
32 | ||
|
38 | 33 | $ cd .. |
|
39 | 34 | $ cat hg1.pid hg2.pid >> $DAEMON_PIDS |
|
40 | 35 | |
|
41 | 36 | clone via stream |
|
42 | 37 | |
|
43 | 38 | $ hg clone --stream http://localhost:$HGPORT/ copy 2>&1 |
|
44 | 39 | streaming all changes |
|
45 | 40 | 6 files to transfer, 606 bytes of data |
|
46 | 41 | transferred * bytes in * seconds (*/sec) (glob) |
|
47 | 42 | searching for changes |
|
48 | 43 | no changes found |
|
49 | 44 | updating to branch default |
|
50 | 45 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
51 | 46 | $ hg verify -R copy |
|
52 | 47 | checking changesets |
|
53 | 48 | checking manifests |
|
54 | 49 | crosschecking files in changesets and manifests |
|
55 | 50 | checking files |
|
56 | 51 | 4 files, 1 changesets, 4 total revisions |
|
57 | 52 | |
|
58 | 53 | try to clone via stream, should use pull instead |
|
59 | 54 | |
|
60 | 55 | $ hg clone --stream http://localhost:$HGPORT1/ copy2 |
|
61 | 56 | warning: stream clone requested but server has them disabled |
|
62 | 57 | requesting all changes |
|
63 | 58 | adding changesets |
|
64 | 59 | adding manifests |
|
65 | 60 | adding file changes |
|
66 | 61 | added 1 changesets with 4 changes to 4 files |
|
67 | 62 | new changesets 8b6053c928fe |
|
68 | 63 | updating to branch default |
|
69 | 64 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
70 | 65 | |
|
71 | 66 | try to clone via stream but missing requirements, so should use pull instead |
|
72 | 67 | |
|
73 | 68 | $ cat > $TESTTMP/removesupportedformat.py << EOF |
|
74 | 69 | > from mercurial import localrepo |
|
75 | 70 | > def extsetup(ui): |
|
76 | 71 | > localrepo.localrepository.supportedformats.remove('generaldelta') |
|
77 | 72 | > EOF |
|
78 | 73 | |
|
79 | 74 | $ hg clone --config extensions.rsf=$TESTTMP/removesupportedformat.py --stream http://localhost:$HGPORT/ copy3 |
|
80 | 75 | warning: stream clone requested but client is missing requirements: generaldelta |
|
81 | 76 | (see https://www.mercurial-scm.org/wiki/MissingRequirement for more information) |
|
82 | 77 | requesting all changes |
|
83 | 78 | adding changesets |
|
84 | 79 | adding manifests |
|
85 | 80 | adding file changes |
|
86 | 81 | added 1 changesets with 4 changes to 4 files |
|
87 | 82 | new changesets 8b6053c928fe |
|
88 | 83 | updating to branch default |
|
89 | 84 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
90 | 85 | |
|
91 | 86 | clone via pull |
|
92 | 87 | |
|
93 | 88 | $ hg clone http://localhost:$HGPORT1/ copy-pull |
|
94 | 89 | requesting all changes |
|
95 | 90 | adding changesets |
|
96 | 91 | adding manifests |
|
97 | 92 | adding file changes |
|
98 | 93 | added 1 changesets with 4 changes to 4 files |
|
99 | 94 | new changesets 8b6053c928fe |
|
100 | 95 | updating to branch default |
|
101 | 96 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
102 | 97 | $ hg verify -R copy-pull |
|
103 | 98 | checking changesets |
|
104 | 99 | checking manifests |
|
105 | 100 | crosschecking files in changesets and manifests |
|
106 | 101 | checking files |
|
107 | 102 | 4 files, 1 changesets, 4 total revisions |
|
108 | 103 | $ cd test |
|
109 | 104 | $ echo bar > bar |
|
110 | 105 | $ hg commit -A -d '1 0' -m 2 |
|
111 | 106 | adding bar |
|
112 | 107 | $ cd .. |
|
113 | 108 | |
|
114 | 109 | clone over http with --update |
|
115 | 110 | |
|
116 | 111 | $ hg clone http://localhost:$HGPORT1/ updated --update 0 |
|
117 | 112 | requesting all changes |
|
118 | 113 | adding changesets |
|
119 | 114 | adding manifests |
|
120 | 115 | adding file changes |
|
121 | 116 | added 2 changesets with 5 changes to 5 files |
|
122 | 117 | new changesets 8b6053c928fe:5fed3813f7f5 |
|
123 | 118 | updating to branch default |
|
124 | 119 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
125 | 120 | $ hg log -r . -R updated |
|
126 | 121 | changeset: 0:8b6053c928fe |
|
127 | 122 | user: test |
|
128 | 123 | date: Thu Jan 01 00:00:00 1970 +0000 |
|
129 | 124 | summary: 1 |
|
130 | 125 | |
|
131 | 126 | $ rm -rf updated |
|
132 | 127 | |
|
133 | 128 | incoming via HTTP |
|
134 | 129 | |
|
135 | 130 | $ hg clone http://localhost:$HGPORT1/ --rev 0 partial |
|
136 | 131 | adding changesets |
|
137 | 132 | adding manifests |
|
138 | 133 | adding file changes |
|
139 | 134 | added 1 changesets with 4 changes to 4 files |
|
140 | 135 | new changesets 8b6053c928fe |
|
141 | 136 | updating to branch default |
|
142 | 137 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
143 | 138 | $ cd partial |
|
144 | 139 | $ touch LOCAL |
|
145 | 140 | $ hg ci -qAm LOCAL |
|
146 | 141 | $ hg incoming http://localhost:$HGPORT1/ --template '{desc}\n' |
|
147 | 142 | comparing with http://localhost:$HGPORT1/ |
|
148 | 143 | searching for changes |
|
149 | 144 | 2 |
|
150 | 145 | $ cd .. |
|
151 | 146 | |
|
152 | 147 | pull |
|
153 | 148 | |
|
154 | 149 | $ cd copy-pull |
|
155 | 150 | $ cat >> .hg/hgrc <<EOF |
|
156 | 151 | > [hooks] |
|
157 | 152 | > changegroup = sh -c "printenv.py changegroup" |
|
158 | 153 | > EOF |
|
159 | 154 | $ hg pull |
|
160 | 155 | pulling from http://localhost:$HGPORT1/ |
|
161 | 156 | searching for changes |
|
162 | 157 | adding changesets |
|
163 | 158 | adding manifests |
|
164 | 159 | adding file changes |
|
165 | 160 | added 1 changesets with 1 changes to 1 files |
|
166 | 161 | new changesets 5fed3813f7f5 |
|
167 | 162 | changegroup hook: HG_HOOKNAME=changegroup HG_HOOKTYPE=changegroup HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:$ID$ HG_URL=http://localhost:$HGPORT1/ |
|
168 | 163 | (run 'hg update' to get a working copy) |
|
169 | 164 | $ cd .. |
|
170 | 165 | |
|
171 | 166 | clone from invalid URL |
|
172 | 167 | |
|
173 | 168 | $ hg clone http://localhost:$HGPORT/bad |
|
174 | 169 | abort: HTTP Error 404: Not Found |
|
175 | 170 | [255] |
|
176 | 171 | |
|
177 | 172 | test http authentication |
|
178 | 173 | + use the same server to test server side streaming preference |
|
179 | 174 | |
|
180 | 175 | $ cd test |
|
181 | 176 | $ cat << EOT > userpass.py |
|
182 | 177 | > import base64 |
|
183 | 178 | > from mercurial.hgweb import common |
|
184 | 179 | > def perform_authentication(hgweb, req, op): |
|
185 | 180 | > auth = req.env.get('HTTP_AUTHORIZATION') |
|
186 | 181 | > if not auth: |
|
187 | 182 | > raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who', |
|
188 | 183 | > [('WWW-Authenticate', 'Basic Realm="mercurial"')]) |
|
189 | 184 | > if base64.b64decode(auth.split()[1]).split(':', 1) != ['user', 'pass']: |
|
190 | 185 | > raise common.ErrorResponse(common.HTTP_FORBIDDEN, 'no') |
|
191 | 186 | > def extsetup(): |
|
192 | 187 | > common.permhooks.insert(0, perform_authentication) |
|
193 | 188 | > EOT |
|
194 | 189 | $ hg serve --config extensions.x=userpass.py -p $HGPORT2 -d --pid-file=pid \ |
|
195 | 190 | > --config server.preferuncompressed=True \ |
|
196 | 191 | > --config web.push_ssl=False --config web.allow_push=* -A ../access.log |
|
197 | 192 | $ cat pid >> $DAEMON_PIDS |
|
198 | 193 | |
|
199 | 194 | $ cat << EOF > get_pass.py |
|
200 | 195 | > import getpass |
|
201 | 196 | > def newgetpass(arg): |
|
202 | 197 | > return "pass" |
|
203 | 198 | > getpass.getpass = newgetpass |
|
204 | 199 | > EOF |
|
205 | 200 | |
|
206 | 201 | $ hg id http://localhost:$HGPORT2/ |
|
207 | 202 | abort: http authorization required for http://localhost:$HGPORT2/ |
|
208 | 203 | [255] |
|
209 | 204 | $ hg id http://localhost:$HGPORT2/ |
|
210 | 205 | abort: http authorization required for http://localhost:$HGPORT2/ |
|
211 | 206 | [255] |
|
212 | 207 | $ hg id --config ui.interactive=true --config extensions.getpass=get_pass.py http://user@localhost:$HGPORT2/ |
|
213 | 208 | http authorization required for http://localhost:$HGPORT2/ |
|
214 | 209 | realm: mercurial |
|
215 | 210 | user: user |
|
216 | 211 | password: 5fed3813f7f5 |
|
217 | 212 | $ hg id http://user:pass@localhost:$HGPORT2/ |
|
218 | 213 | 5fed3813f7f5 |
|
219 | 214 | $ echo '[auth]' >> .hg/hgrc |
|
220 | 215 | $ echo 'l.schemes=http' >> .hg/hgrc |
|
221 | 216 | $ echo 'l.prefix=lo' >> .hg/hgrc |
|
222 | 217 | $ echo 'l.username=user' >> .hg/hgrc |
|
223 | 218 | $ echo 'l.password=pass' >> .hg/hgrc |
|
224 | 219 | $ hg id http://localhost:$HGPORT2/ |
|
225 | 220 | 5fed3813f7f5 |
|
226 | 221 | $ hg id http://localhost:$HGPORT2/ |
|
227 | 222 | 5fed3813f7f5 |
|
228 | 223 | $ hg id http://user@localhost:$HGPORT2/ |
|
229 | 224 | 5fed3813f7f5 |
|
230 | 225 | $ hg clone http://user:pass@localhost:$HGPORT2/ dest 2>&1 |
|
231 | 226 | streaming all changes |
|
232 | 227 | 7 files to transfer, 916 bytes of data |
|
233 | 228 | transferred * bytes in * seconds (*/sec) (glob) |
|
234 | 229 | searching for changes |
|
235 | 230 | no changes found |
|
236 | 231 | updating to branch default |
|
237 | 232 | 5 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
238 | 233 | --pull should override server's preferuncompressed |
|
239 | 234 | $ hg clone --pull http://user:pass@localhost:$HGPORT2/ dest-pull 2>&1 |
|
240 | 235 | requesting all changes |
|
241 | 236 | adding changesets |
|
242 | 237 | adding manifests |
|
243 | 238 | adding file changes |
|
244 | 239 | added 2 changesets with 5 changes to 5 files |
|
245 | 240 | new changesets 8b6053c928fe:5fed3813f7f5 |
|
246 | 241 | updating to branch default |
|
247 | 242 | 5 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
248 | 243 | |
|
249 | 244 | $ hg id http://user2@localhost:$HGPORT2/ |
|
250 | 245 | abort: http authorization required for http://localhost:$HGPORT2/ |
|
251 | 246 | [255] |
|
252 | 247 | $ hg id http://user:pass2@localhost:$HGPORT2/ |
|
253 | 248 | abort: HTTP Error 403: no |
|
254 | 249 | [255] |
|
255 | 250 | |
|
256 | 251 | $ hg -R dest tag -r tip top |
|
257 | 252 | $ hg -R dest push http://user:pass@localhost:$HGPORT2/ |
|
258 | 253 | pushing to http://user:***@localhost:$HGPORT2/ |
|
259 | 254 | searching for changes |
|
260 | 255 | remote: adding changesets |
|
261 | 256 | remote: adding manifests |
|
262 | 257 | remote: adding file changes |
|
263 | 258 | remote: added 1 changesets with 1 changes to 1 files |
|
264 | 259 | $ hg rollback -q |
|
265 | 260 | |
|
266 | 261 | $ sed 's/.*] "/"/' < ../access.log |
|
267 | 262 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
268 | 263 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
269 | 264 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
270 | 265 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
271 | 266 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
272 | 267 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
273 | 268 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
274 | 269 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
275 | 270 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
276 | 271 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
277 | 272 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
278 | 273 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
279 | 274 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
280 | 275 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
281 | 276 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
282 | 277 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
283 | 278 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
284 | 279 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
285 | 280 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
286 | 281 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
287 | 282 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
288 | 283 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
289 | 284 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
290 | 285 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
291 | 286 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
292 | 287 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
293 | 288 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
294 | 289 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
295 | 290 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
296 | 291 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
297 | 292 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
298 | 293 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
299 | 294 | "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
300 | 295 | "GET /?cmd=stream_out HTTP/1.1" 401 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
301 | 296 | "GET /?cmd=stream_out HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
302 | 297 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
303 | 298 | "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
304 | 299 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
305 | 300 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
306 | 301 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
307 | 302 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
308 | 303 | "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
309 | 304 | "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
310 | 305 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
311 | 306 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
312 | 307 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
313 | 308 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
314 | 309 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
315 | 310 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
316 | 311 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
317 | 312 | "GET /?cmd=listkeys HTTP/1.1" 403 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
318 | 313 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
319 | 314 | "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D7f4e523d01f2cc3765ac8934da3d14db775ff872 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
320 | 315 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
321 | 316 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
322 | 317 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
323 | 318 | "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
324 | 319 | "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
325 | 320 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
326 | 321 | "POST /?cmd=unbundle HTTP/1.1" 200 - x-hgarg-1:heads=686173686564+5eb5abfefeea63c80dd7553bcc3783f37e0c5524* (glob) |
|
327 | 322 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
328 | 323 | |
|
329 | 324 | $ cd .. |
|
330 | 325 | |
|
331 | 326 | clone of serve with repo in root and unserved subrepo (issue2970) |
|
332 | 327 | |
|
333 | 328 | $ hg --cwd test init sub |
|
334 | 329 | $ echo empty > test/sub/empty |
|
335 | 330 | $ hg --cwd test/sub add empty |
|
336 | 331 | $ hg --cwd test/sub commit -qm 'add empty' |
|
337 | 332 | $ hg --cwd test/sub tag -r 0 something |
|
338 | 333 | $ echo sub = sub > test/.hgsub |
|
339 | 334 | $ hg --cwd test add .hgsub |
|
340 | 335 | $ hg --cwd test commit -qm 'add subrepo' |
|
341 | 336 | $ hg clone http://localhost:$HGPORT noslash-clone |
|
342 | 337 | requesting all changes |
|
343 | 338 | adding changesets |
|
344 | 339 | adding manifests |
|
345 | 340 | adding file changes |
|
346 | 341 | added 3 changesets with 7 changes to 7 files |
|
347 | 342 | new changesets 8b6053c928fe:56f9bc90cce6 |
|
348 | 343 | updating to branch default |
|
349 | 344 | abort: HTTP Error 404: Not Found |
|
350 | 345 | [255] |
|
351 | 346 | $ hg clone http://localhost:$HGPORT/ slash-clone |
|
352 | 347 | requesting all changes |
|
353 | 348 | adding changesets |
|
354 | 349 | adding manifests |
|
355 | 350 | adding file changes |
|
356 | 351 | added 3 changesets with 7 changes to 7 files |
|
357 | 352 | new changesets 8b6053c928fe:56f9bc90cce6 |
|
358 | 353 | updating to branch default |
|
359 | 354 | abort: HTTP Error 404: Not Found |
|
360 | 355 | [255] |
|
361 | 356 | |
|
362 | 357 | check error log |
|
363 | 358 | |
|
364 | 359 | $ cat error.log |
|
365 | 360 | |
|
366 | 361 | Check error reporting while pulling/cloning |
|
367 | 362 | |
|
368 | 363 | $ $RUNTESTDIR/killdaemons.py |
|
369 | 364 | $ hg serve -R test -p $HGPORT -d --pid-file=hg3.pid -E error.log --config extensions.crash=${TESTDIR}/crashgetbundler.py |
|
370 | 365 | $ cat hg3.pid >> $DAEMON_PIDS |
|
371 | 366 | $ hg clone http://localhost:$HGPORT/ abort-clone |
|
372 | 367 | requesting all changes |
|
373 | 368 | abort: remote error: |
|
374 | 369 | this is an exercise |
|
375 | 370 | [255] |
|
376 | 371 | $ cat error.log |
|
377 | 372 | |
|
378 | 373 | disable pull-based clones |
|
379 | 374 | |
|
380 | 375 | $ hg serve -R test -p $HGPORT1 -d --pid-file=hg4.pid -E error.log --config server.disablefullbundle=True |
|
381 | 376 | $ cat hg4.pid >> $DAEMON_PIDS |
|
382 | 377 | $ hg clone http://localhost:$HGPORT1/ disable-pull-clone |
|
383 | 378 | requesting all changes |
|
384 | 379 | abort: remote error: |
|
385 | 380 | server has pull-based clones disabled |
|
386 | 381 | [255] |
|
387 | 382 | |
|
388 | 383 | ... but keep stream clones working |
|
389 | 384 | |
|
390 | 385 | $ hg clone --stream --noupdate http://localhost:$HGPORT1/ test-stream-clone |
|
391 | 386 | streaming all changes |
|
392 | 387 | * files to transfer, * of data (glob) |
|
393 | 388 | transferred * in * seconds (* KB/sec) (glob) |
|
394 | 389 | searching for changes |
|
395 | 390 | no changes found |
|
396 | 391 | |
|
397 | 392 | ... and also keep partial clones and pulls working |
|
398 | 393 | $ hg clone http://localhost:$HGPORT1 --rev 0 test-partial-clone |
|
399 | 394 | adding changesets |
|
400 | 395 | adding manifests |
|
401 | 396 | adding file changes |
|
402 | 397 | added 1 changesets with 4 changes to 4 files |
|
403 | 398 | new changesets 8b6053c928fe |
|
404 | 399 | updating to branch default |
|
405 | 400 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
406 | 401 | $ hg pull -R test-partial-clone |
|
407 | 402 | pulling from http://localhost:$HGPORT1/ |
|
408 | 403 | searching for changes |
|
409 | 404 | adding changesets |
|
410 | 405 | adding manifests |
|
411 | 406 | adding file changes |
|
412 | 407 | added 2 changesets with 3 changes to 3 files |
|
413 | 408 | new changesets 5fed3813f7f5:56f9bc90cce6 |
|
414 | 409 | (run 'hg update' to get a working copy) |
|
415 | 410 | |
|
416 | 411 | $ cat error.log |
@@ -1,465 +1,460 b'' | |||
|
1 | 1 | #require killdaemons serve |
|
2 | 2 | |
|
3 | 3 | $ hg init test |
|
4 | 4 | $ cd test |
|
5 | 5 | $ echo foo>foo |
|
6 | 6 | $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg |
|
7 | 7 | $ echo foo>foo.d/foo |
|
8 | 8 | $ echo bar>foo.d/bAr.hg.d/BaR |
|
9 | 9 | $ echo bar>foo.d/baR.d.hg/bAR |
|
10 | 10 | $ hg commit -A -m 1 |
|
11 | 11 | adding foo |
|
12 | 12 | adding foo.d/bAr.hg.d/BaR |
|
13 | 13 | adding foo.d/baR.d.hg/bAR |
|
14 | 14 | adding foo.d/foo |
|
15 | 15 | $ hg serve -p $HGPORT -d --pid-file=../hg1.pid -E ../error.log |
|
16 | 16 | $ hg serve --config server.uncompressed=False -p $HGPORT1 -d --pid-file=../hg2.pid |
|
17 | 17 | |
|
18 | 18 | Test server address cannot be reused |
|
19 | 19 | |
|
20 | #if windows | |
|
21 | 20 | $ hg serve -p $HGPORT1 2>&1 |
|
22 |
abort: cannot start server at 'localhost:$HGPORT1': |
|
|
21 | abort: cannot start server at 'localhost:$HGPORT1': $EADDRINUSE$ | |
|
23 | 22 | [255] |
|
24 | #else | |
|
25 | $ hg serve -p $HGPORT1 2>&1 | |
|
26 | abort: cannot start server at 'localhost:$HGPORT1': Address already in use | |
|
27 | [255] | |
|
28 | #endif | |
|
23 | ||
|
29 | 24 | $ cd .. |
|
30 | 25 | $ cat hg1.pid hg2.pid >> $DAEMON_PIDS |
|
31 | 26 | |
|
32 | 27 | clone via stream |
|
33 | 28 | |
|
34 | 29 | $ hg clone --stream http://localhost:$HGPORT/ copy 2>&1 |
|
35 | 30 | streaming all changes |
|
36 | 31 | 6 files to transfer, 606 bytes of data |
|
37 | 32 | transferred * bytes in * seconds (*/sec) (glob) |
|
38 | 33 | searching for changes |
|
39 | 34 | no changes found |
|
40 | 35 | updating to branch default |
|
41 | 36 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
42 | 37 | $ hg verify -R copy |
|
43 | 38 | checking changesets |
|
44 | 39 | checking manifests |
|
45 | 40 | crosschecking files in changesets and manifests |
|
46 | 41 | checking files |
|
47 | 42 | 4 files, 1 changesets, 4 total revisions |
|
48 | 43 | |
|
49 | 44 | try to clone via stream, should use pull instead |
|
50 | 45 | |
|
51 | 46 | $ hg clone --stream http://localhost:$HGPORT1/ copy2 |
|
52 | 47 | warning: stream clone requested but server has them disabled |
|
53 | 48 | requesting all changes |
|
54 | 49 | adding changesets |
|
55 | 50 | adding manifests |
|
56 | 51 | adding file changes |
|
57 | 52 | added 1 changesets with 4 changes to 4 files |
|
58 | 53 | new changesets 8b6053c928fe |
|
59 | 54 | updating to branch default |
|
60 | 55 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
61 | 56 | |
|
62 | 57 | try to clone via stream but missing requirements, so should use pull instead |
|
63 | 58 | |
|
64 | 59 | $ cat > $TESTTMP/removesupportedformat.py << EOF |
|
65 | 60 | > from mercurial import localrepo |
|
66 | 61 | > def extsetup(ui): |
|
67 | 62 | > localrepo.localrepository.supportedformats.remove('generaldelta') |
|
68 | 63 | > EOF |
|
69 | 64 | |
|
70 | 65 | $ hg clone --config extensions.rsf=$TESTTMP/removesupportedformat.py --stream http://localhost:$HGPORT/ copy3 |
|
71 | 66 | warning: stream clone requested but client is missing requirements: generaldelta |
|
72 | 67 | (see https://www.mercurial-scm.org/wiki/MissingRequirement for more information) |
|
73 | 68 | requesting all changes |
|
74 | 69 | adding changesets |
|
75 | 70 | adding manifests |
|
76 | 71 | adding file changes |
|
77 | 72 | added 1 changesets with 4 changes to 4 files |
|
78 | 73 | new changesets 8b6053c928fe |
|
79 | 74 | updating to branch default |
|
80 | 75 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
81 | 76 | |
|
82 | 77 | clone via pull |
|
83 | 78 | |
|
84 | 79 | $ hg clone http://localhost:$HGPORT1/ copy-pull |
|
85 | 80 | requesting all changes |
|
86 | 81 | adding changesets |
|
87 | 82 | adding manifests |
|
88 | 83 | adding file changes |
|
89 | 84 | added 1 changesets with 4 changes to 4 files |
|
90 | 85 | new changesets 8b6053c928fe |
|
91 | 86 | updating to branch default |
|
92 | 87 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
93 | 88 | $ hg verify -R copy-pull |
|
94 | 89 | checking changesets |
|
95 | 90 | checking manifests |
|
96 | 91 | crosschecking files in changesets and manifests |
|
97 | 92 | checking files |
|
98 | 93 | 4 files, 1 changesets, 4 total revisions |
|
99 | 94 | $ cd test |
|
100 | 95 | $ echo bar > bar |
|
101 | 96 | $ hg commit -A -d '1 0' -m 2 |
|
102 | 97 | adding bar |
|
103 | 98 | $ cd .. |
|
104 | 99 | |
|
105 | 100 | clone over http with --update |
|
106 | 101 | |
|
107 | 102 | $ hg clone http://localhost:$HGPORT1/ updated --update 0 |
|
108 | 103 | requesting all changes |
|
109 | 104 | adding changesets |
|
110 | 105 | adding manifests |
|
111 | 106 | adding file changes |
|
112 | 107 | added 2 changesets with 5 changes to 5 files |
|
113 | 108 | new changesets 8b6053c928fe:5fed3813f7f5 |
|
114 | 109 | updating to branch default |
|
115 | 110 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
116 | 111 | $ hg log -r . -R updated |
|
117 | 112 | changeset: 0:8b6053c928fe |
|
118 | 113 | user: test |
|
119 | 114 | date: Thu Jan 01 00:00:00 1970 +0000 |
|
120 | 115 | summary: 1 |
|
121 | 116 | |
|
122 | 117 | $ rm -rf updated |
|
123 | 118 | |
|
124 | 119 | incoming via HTTP |
|
125 | 120 | |
|
126 | 121 | $ hg clone http://localhost:$HGPORT1/ --rev 0 partial |
|
127 | 122 | adding changesets |
|
128 | 123 | adding manifests |
|
129 | 124 | adding file changes |
|
130 | 125 | added 1 changesets with 4 changes to 4 files |
|
131 | 126 | new changesets 8b6053c928fe |
|
132 | 127 | updating to branch default |
|
133 | 128 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
134 | 129 | $ cd partial |
|
135 | 130 | $ touch LOCAL |
|
136 | 131 | $ hg ci -qAm LOCAL |
|
137 | 132 | $ hg incoming http://localhost:$HGPORT1/ --template '{desc}\n' |
|
138 | 133 | comparing with http://localhost:$HGPORT1/ |
|
139 | 134 | searching for changes |
|
140 | 135 | 2 |
|
141 | 136 | $ cd .. |
|
142 | 137 | |
|
143 | 138 | pull |
|
144 | 139 | |
|
145 | 140 | $ cd copy-pull |
|
146 | 141 | $ cat >> .hg/hgrc <<EOF |
|
147 | 142 | > [hooks] |
|
148 | 143 | > changegroup = sh -c "printenv.py changegroup" |
|
149 | 144 | > EOF |
|
150 | 145 | $ hg pull |
|
151 | 146 | pulling from http://localhost:$HGPORT1/ |
|
152 | 147 | searching for changes |
|
153 | 148 | adding changesets |
|
154 | 149 | adding manifests |
|
155 | 150 | adding file changes |
|
156 | 151 | added 1 changesets with 1 changes to 1 files |
|
157 | 152 | new changesets 5fed3813f7f5 |
|
158 | 153 | changegroup hook: HG_HOOKNAME=changegroup HG_HOOKTYPE=changegroup HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:$ID$ HG_URL=http://localhost:$HGPORT1/ |
|
159 | 154 | (run 'hg update' to get a working copy) |
|
160 | 155 | $ cd .. |
|
161 | 156 | |
|
162 | 157 | clone from invalid URL |
|
163 | 158 | |
|
164 | 159 | $ hg clone http://localhost:$HGPORT/bad |
|
165 | 160 | abort: HTTP Error 404: Not Found |
|
166 | 161 | [255] |
|
167 | 162 | |
|
168 | 163 | test http authentication |
|
169 | 164 | + use the same server to test server side streaming preference |
|
170 | 165 | |
|
171 | 166 | $ cd test |
|
172 | 167 | $ cat << EOT > userpass.py |
|
173 | 168 | > import base64 |
|
174 | 169 | > from mercurial.hgweb import common |
|
175 | 170 | > def perform_authentication(hgweb, req, op): |
|
176 | 171 | > auth = req.env.get('HTTP_AUTHORIZATION') |
|
177 | 172 | > if not auth: |
|
178 | 173 | > raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who', |
|
179 | 174 | > [('WWW-Authenticate', 'Basic Realm="mercurial"')]) |
|
180 | 175 | > if base64.b64decode(auth.split()[1]).split(':', 1) != ['user', 'pass']: |
|
181 | 176 | > raise common.ErrorResponse(common.HTTP_FORBIDDEN, 'no') |
|
182 | 177 | > def extsetup(): |
|
183 | 178 | > common.permhooks.insert(0, perform_authentication) |
|
184 | 179 | > EOT |
|
185 | 180 | $ hg serve --config extensions.x=userpass.py -p $HGPORT2 -d --pid-file=pid \ |
|
186 | 181 | > --config server.preferuncompressed=True \ |
|
187 | 182 | > --config web.push_ssl=False --config web.allow_push=* -A ../access.log |
|
188 | 183 | $ cat pid >> $DAEMON_PIDS |
|
189 | 184 | |
|
190 | 185 | $ cat << EOF > get_pass.py |
|
191 | 186 | > import getpass |
|
192 | 187 | > def newgetpass(arg): |
|
193 | 188 | > return "pass" |
|
194 | 189 | > getpass.getpass = newgetpass |
|
195 | 190 | > EOF |
|
196 | 191 | |
|
197 | 192 | $ hg id http://localhost:$HGPORT2/ |
|
198 | 193 | abort: http authorization required for http://localhost:$HGPORT2/ |
|
199 | 194 | [255] |
|
200 | 195 | $ hg id http://localhost:$HGPORT2/ |
|
201 | 196 | abort: http authorization required for http://localhost:$HGPORT2/ |
|
202 | 197 | [255] |
|
203 | 198 | $ hg id --config ui.interactive=true --config extensions.getpass=get_pass.py http://user@localhost:$HGPORT2/ |
|
204 | 199 | http authorization required for http://localhost:$HGPORT2/ |
|
205 | 200 | realm: mercurial |
|
206 | 201 | user: user |
|
207 | 202 | password: 5fed3813f7f5 |
|
208 | 203 | $ hg id http://user:pass@localhost:$HGPORT2/ |
|
209 | 204 | 5fed3813f7f5 |
|
210 | 205 | $ echo '[auth]' >> .hg/hgrc |
|
211 | 206 | $ echo 'l.schemes=http' >> .hg/hgrc |
|
212 | 207 | $ echo 'l.prefix=lo' >> .hg/hgrc |
|
213 | 208 | $ echo 'l.username=user' >> .hg/hgrc |
|
214 | 209 | $ echo 'l.password=pass' >> .hg/hgrc |
|
215 | 210 | $ hg id http://localhost:$HGPORT2/ |
|
216 | 211 | 5fed3813f7f5 |
|
217 | 212 | $ hg id http://localhost:$HGPORT2/ |
|
218 | 213 | 5fed3813f7f5 |
|
219 | 214 | $ hg id http://user@localhost:$HGPORT2/ |
|
220 | 215 | 5fed3813f7f5 |
|
221 | 216 | $ hg clone http://user:pass@localhost:$HGPORT2/ dest 2>&1 |
|
222 | 217 | streaming all changes |
|
223 | 218 | 7 files to transfer, 916 bytes of data |
|
224 | 219 | transferred * bytes in * seconds (*/sec) (glob) |
|
225 | 220 | searching for changes |
|
226 | 221 | no changes found |
|
227 | 222 | updating to branch default |
|
228 | 223 | 5 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
229 | 224 | --pull should override server's preferuncompressed |
|
230 | 225 | $ hg clone --pull http://user:pass@localhost:$HGPORT2/ dest-pull 2>&1 |
|
231 | 226 | requesting all changes |
|
232 | 227 | adding changesets |
|
233 | 228 | adding manifests |
|
234 | 229 | adding file changes |
|
235 | 230 | added 2 changesets with 5 changes to 5 files |
|
236 | 231 | new changesets 8b6053c928fe:5fed3813f7f5 |
|
237 | 232 | updating to branch default |
|
238 | 233 | 5 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
239 | 234 | |
|
240 | 235 | $ hg id http://user2@localhost:$HGPORT2/ |
|
241 | 236 | abort: http authorization required for http://localhost:$HGPORT2/ |
|
242 | 237 | [255] |
|
243 | 238 | $ hg id http://user:pass2@localhost:$HGPORT2/ |
|
244 | 239 | abort: HTTP Error 403: no |
|
245 | 240 | [255] |
|
246 | 241 | |
|
247 | 242 | $ hg -R dest tag -r tip top |
|
248 | 243 | $ hg -R dest push http://user:pass@localhost:$HGPORT2/ |
|
249 | 244 | pushing to http://user:***@localhost:$HGPORT2/ |
|
250 | 245 | searching for changes |
|
251 | 246 | remote: adding changesets |
|
252 | 247 | remote: adding manifests |
|
253 | 248 | remote: adding file changes |
|
254 | 249 | remote: added 1 changesets with 1 changes to 1 files |
|
255 | 250 | $ hg rollback -q |
|
256 | 251 | |
|
257 | 252 | $ sed 's/.*] "/"/' < ../access.log |
|
258 | 253 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
259 | 254 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
260 | 255 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
261 | 256 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
262 | 257 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
263 | 258 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
264 | 259 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
265 | 260 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
266 | 261 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
267 | 262 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
268 | 263 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
269 | 264 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
270 | 265 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
271 | 266 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
272 | 267 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
273 | 268 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
274 | 269 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
275 | 270 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
276 | 271 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
277 | 272 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
278 | 273 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
279 | 274 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
280 | 275 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
281 | 276 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
282 | 277 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
283 | 278 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
284 | 279 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
285 | 280 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
286 | 281 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
287 | 282 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
288 | 283 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
289 | 284 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
290 | 285 | "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
291 | 286 | "GET /?cmd=stream_out HTTP/1.1" 401 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
292 | 287 | "GET /?cmd=stream_out HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
293 | 288 | "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
294 | 289 | "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:$USUAL_BUNDLE_CAPS$&cg=0&common=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
295 | 290 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
296 | 291 | "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
297 | 292 | "GET /?cmd=getbundle HTTP/1.1" 401 - x-hgarg-1:$USUAL_BUNDLE_CAPS$&cg=1&common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
298 | 293 | "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:$USUAL_BUNDLE_CAPS$&cg=1&common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
299 | 294 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
300 | 295 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
301 | 296 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
302 | 297 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
303 | 298 | "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
304 | 299 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
305 | 300 | "GET /?cmd=listkeys HTTP/1.1" 403 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
306 | 301 | "GET /?cmd=capabilities HTTP/1.1" 200 - |
|
307 | 302 | "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D7f4e523d01f2cc3765ac8934da3d14db775ff872 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
308 | 303 | "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
309 | 304 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
310 | 305 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
311 | 306 | "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
312 | 307 | "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
313 | 308 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
314 | 309 | "POST /?cmd=unbundle HTTP/1.1" 200 - x-hgarg-1:heads=666f726365* (glob) |
|
315 | 310 | "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ |
|
316 | 311 | |
|
317 | 312 | $ cd .. |
|
318 | 313 | |
|
319 | 314 | clone of serve with repo in root and unserved subrepo (issue2970) |
|
320 | 315 | |
|
321 | 316 | $ hg --cwd test init sub |
|
322 | 317 | $ echo empty > test/sub/empty |
|
323 | 318 | $ hg --cwd test/sub add empty |
|
324 | 319 | $ hg --cwd test/sub commit -qm 'add empty' |
|
325 | 320 | $ hg --cwd test/sub tag -r 0 something |
|
326 | 321 | $ echo sub = sub > test/.hgsub |
|
327 | 322 | $ hg --cwd test add .hgsub |
|
328 | 323 | $ hg --cwd test commit -qm 'add subrepo' |
|
329 | 324 | $ hg clone http://localhost:$HGPORT noslash-clone |
|
330 | 325 | requesting all changes |
|
331 | 326 | adding changesets |
|
332 | 327 | adding manifests |
|
333 | 328 | adding file changes |
|
334 | 329 | added 3 changesets with 7 changes to 7 files |
|
335 | 330 | new changesets 8b6053c928fe:56f9bc90cce6 |
|
336 | 331 | updating to branch default |
|
337 | 332 | abort: HTTP Error 404: Not Found |
|
338 | 333 | [255] |
|
339 | 334 | $ hg clone http://localhost:$HGPORT/ slash-clone |
|
340 | 335 | requesting all changes |
|
341 | 336 | adding changesets |
|
342 | 337 | adding manifests |
|
343 | 338 | adding file changes |
|
344 | 339 | added 3 changesets with 7 changes to 7 files |
|
345 | 340 | new changesets 8b6053c928fe:56f9bc90cce6 |
|
346 | 341 | updating to branch default |
|
347 | 342 | abort: HTTP Error 404: Not Found |
|
348 | 343 | [255] |
|
349 | 344 | |
|
350 | 345 | check error log |
|
351 | 346 | |
|
352 | 347 | $ cat error.log |
|
353 | 348 | |
|
354 | 349 | check abort error reporting while pulling/cloning |
|
355 | 350 | |
|
356 | 351 | $ $RUNTESTDIR/killdaemons.py |
|
357 | 352 | $ hg serve -R test -p $HGPORT -d --pid-file=hg3.pid -E error.log --config extensions.crash=${TESTDIR}/crashgetbundler.py |
|
358 | 353 | $ cat hg3.pid >> $DAEMON_PIDS |
|
359 | 354 | $ hg clone http://localhost:$HGPORT/ abort-clone |
|
360 | 355 | requesting all changes |
|
361 | 356 | remote: abort: this is an exercise |
|
362 | 357 | abort: pull failed on remote |
|
363 | 358 | [255] |
|
364 | 359 | $ cat error.log |
|
365 | 360 | |
|
366 | 361 | disable pull-based clones |
|
367 | 362 | |
|
368 | 363 | $ hg serve -R test -p $HGPORT1 -d --pid-file=hg4.pid -E error.log --config server.disablefullbundle=True |
|
369 | 364 | $ cat hg4.pid >> $DAEMON_PIDS |
|
370 | 365 | $ hg clone http://localhost:$HGPORT1/ disable-pull-clone |
|
371 | 366 | requesting all changes |
|
372 | 367 | remote: abort: server has pull-based clones disabled |
|
373 | 368 | abort: pull failed on remote |
|
374 | 369 | (remove --pull if specified or upgrade Mercurial) |
|
375 | 370 | [255] |
|
376 | 371 | |
|
377 | 372 | ... but keep stream clones working |
|
378 | 373 | |
|
379 | 374 | $ hg clone --stream --noupdate http://localhost:$HGPORT1/ test-stream-clone |
|
380 | 375 | streaming all changes |
|
381 | 376 | * files to transfer, * of data (glob) |
|
382 | 377 | transferred * in * seconds (*/sec) (glob) |
|
383 | 378 | searching for changes |
|
384 | 379 | no changes found |
|
385 | 380 | $ cat error.log |
|
386 | 381 | |
|
387 | 382 | ... and also keep partial clones and pulls working |
|
388 | 383 | $ hg clone http://localhost:$HGPORT1 --rev 0 test-partial-clone |
|
389 | 384 | adding changesets |
|
390 | 385 | adding manifests |
|
391 | 386 | adding file changes |
|
392 | 387 | added 1 changesets with 4 changes to 4 files |
|
393 | 388 | new changesets 8b6053c928fe |
|
394 | 389 | updating to branch default |
|
395 | 390 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
396 | 391 | $ hg pull -R test-partial-clone |
|
397 | 392 | pulling from http://localhost:$HGPORT1/ |
|
398 | 393 | searching for changes |
|
399 | 394 | adding changesets |
|
400 | 395 | adding manifests |
|
401 | 396 | adding file changes |
|
402 | 397 | added 2 changesets with 3 changes to 3 files |
|
403 | 398 | new changesets 5fed3813f7f5:56f9bc90cce6 |
|
404 | 399 | (run 'hg update' to get a working copy) |
|
405 | 400 | |
|
406 | 401 | corrupt cookies file should yield a warning |
|
407 | 402 | |
|
408 | 403 | $ cat > $TESTTMP/cookies.txt << EOF |
|
409 | 404 | > bad format |
|
410 | 405 | > EOF |
|
411 | 406 | |
|
412 | 407 | $ hg --config auth.cookiefile=$TESTTMP/cookies.txt id http://localhost:$HGPORT/ |
|
413 | 408 | (error loading cookie file $TESTTMP/cookies.txt: '*/cookies.txt' does not look like a Netscape format cookies file; continuing without cookies) (glob) |
|
414 | 409 | 56f9bc90cce6 |
|
415 | 410 | |
|
416 | 411 | $ killdaemons.py |
|
417 | 412 | |
|
418 | 413 | Create dummy authentication handler that looks for cookies. It doesn't do anything |
|
419 | 414 | useful. It just raises an HTTP 500 with details about the Cookie request header. |
|
420 | 415 | We raise HTTP 500 because its message is printed in the abort message. |
|
421 | 416 | |
|
422 | 417 | $ cat > cookieauth.py << EOF |
|
423 | 418 | > from mercurial import util |
|
424 | 419 | > from mercurial.hgweb import common |
|
425 | 420 | > def perform_authentication(hgweb, req, op): |
|
426 | 421 | > cookie = req.env.get('HTTP_COOKIE') |
|
427 | 422 | > if not cookie: |
|
428 | 423 | > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'no-cookie') |
|
429 | 424 | > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'Cookie: %s' % cookie) |
|
430 | 425 | > def extsetup(): |
|
431 | 426 | > common.permhooks.insert(0, perform_authentication) |
|
432 | 427 | > EOF |
|
433 | 428 | |
|
434 | 429 | $ hg serve --config extensions.cookieauth=cookieauth.py -R test -p $HGPORT -d --pid-file=pid |
|
435 | 430 | $ cat pid > $DAEMON_PIDS |
|
436 | 431 | |
|
437 | 432 | Request without cookie sent should fail due to lack of cookie |
|
438 | 433 | |
|
439 | 434 | $ hg id http://localhost:$HGPORT |
|
440 | 435 | abort: HTTP Error 500: no-cookie |
|
441 | 436 | [255] |
|
442 | 437 | |
|
443 | 438 | Populate a cookies file |
|
444 | 439 | |
|
445 | 440 | $ cat > cookies.txt << EOF |
|
446 | 441 | > # HTTP Cookie File |
|
447 | 442 | > # Expiration is 2030-01-01 at midnight |
|
448 | 443 | > .example.com TRUE / FALSE 1893456000 hgkey examplevalue |
|
449 | 444 | > EOF |
|
450 | 445 | |
|
451 | 446 | Should not send a cookie for another domain |
|
452 | 447 | |
|
453 | 448 | $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/ |
|
454 | 449 | abort: HTTP Error 500: no-cookie |
|
455 | 450 | [255] |
|
456 | 451 | |
|
457 | 452 | Add a cookie entry for our test server and verify it is sent |
|
458 | 453 | |
|
459 | 454 | $ cat >> cookies.txt << EOF |
|
460 | 455 | > localhost.local FALSE / FALSE 1893456000 hgkey localhostvalue |
|
461 | 456 | > EOF |
|
462 | 457 | |
|
463 | 458 | $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/ |
|
464 | 459 | abort: HTTP Error 500: Cookie: hgkey=localhostvalue |
|
465 | 460 | [255] |
@@ -1,671 +1,666 b'' | |||
|
1 | 1 | #require serve ssl |
|
2 | 2 | |
|
3 | 3 | Proper https client requires the built-in ssl from Python 2.6. |
|
4 | 4 | |
|
5 | 5 | Make server certificates: |
|
6 | 6 | |
|
7 | 7 | $ CERTSDIR="$TESTDIR/sslcerts" |
|
8 | 8 | $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem |
|
9 | 9 | $ PRIV=`pwd`/server.pem |
|
10 | 10 | $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem |
|
11 | 11 | $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem |
|
12 | 12 | |
|
13 | 13 | $ hg init test |
|
14 | 14 | $ cd test |
|
15 | 15 | $ echo foo>foo |
|
16 | 16 | $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg |
|
17 | 17 | $ echo foo>foo.d/foo |
|
18 | 18 | $ echo bar>foo.d/bAr.hg.d/BaR |
|
19 | 19 | $ echo bar>foo.d/baR.d.hg/bAR |
|
20 | 20 | $ hg commit -A -m 1 |
|
21 | 21 | adding foo |
|
22 | 22 | adding foo.d/bAr.hg.d/BaR |
|
23 | 23 | adding foo.d/baR.d.hg/bAR |
|
24 | 24 | adding foo.d/foo |
|
25 | 25 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV |
|
26 | 26 | $ cat ../hg0.pid >> $DAEMON_PIDS |
|
27 | 27 | |
|
28 | 28 | cacert not found |
|
29 | 29 | |
|
30 | 30 | $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/ |
|
31 | 31 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
32 | 32 | abort: could not find web.cacerts: no-such.pem |
|
33 | 33 | [255] |
|
34 | 34 | |
|
35 | 35 | Test server address cannot be reused |
|
36 | 36 | |
|
37 | #if windows | |
|
38 | 37 | $ hg serve -p $HGPORT --certificate=$PRIV 2>&1 |
|
39 |
abort: cannot start server at 'localhost:$HGPORT': |
|
|
38 | abort: cannot start server at 'localhost:$HGPORT': $EADDRINUSE$ | |
|
40 | 39 | [255] |
|
41 | #else | |
|
42 | $ hg serve -p $HGPORT --certificate=$PRIV 2>&1 | |
|
43 | abort: cannot start server at 'localhost:$HGPORT': Address already in use | |
|
44 | [255] | |
|
45 | #endif | |
|
40 | ||
|
46 | 41 | $ cd .. |
|
47 | 42 | |
|
48 | 43 | Our test cert is not signed by a trusted CA. It should fail to verify if |
|
49 | 44 | we are able to load CA certs. |
|
50 | 45 | |
|
51 | 46 | #if sslcontext defaultcacerts no-defaultcacertsloaded |
|
52 | 47 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
53 | 48 | (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
54 | 49 | abort: error: *certificate verify failed* (glob) |
|
55 | 50 | [255] |
|
56 | 51 | #endif |
|
57 | 52 | |
|
58 | 53 | #if no-sslcontext defaultcacerts |
|
59 | 54 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
60 | 55 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
61 | 56 | (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) |
|
62 | 57 | abort: error: *certificate verify failed* (glob) |
|
63 | 58 | [255] |
|
64 | 59 | #endif |
|
65 | 60 | |
|
66 | 61 | #if no-sslcontext windows |
|
67 | 62 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
68 | 63 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
69 | 64 | (unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) |
|
70 | 65 | abort: error: *certificate verify failed* (glob) |
|
71 | 66 | [255] |
|
72 | 67 | #endif |
|
73 | 68 | |
|
74 | 69 | #if no-sslcontext osx |
|
75 | 70 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
76 | 71 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
77 | 72 | (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) |
|
78 | 73 | abort: localhost certificate error: no certificate received |
|
79 | 74 | (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) |
|
80 | 75 | [255] |
|
81 | 76 | #endif |
|
82 | 77 | |
|
83 | 78 | #if defaultcacertsloaded |
|
84 | 79 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
85 | 80 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
86 | 81 | (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) |
|
87 | 82 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
88 | 83 | abort: error: *certificate verify failed* (glob) |
|
89 | 84 | [255] |
|
90 | 85 | #endif |
|
91 | 86 | |
|
92 | 87 | #if no-defaultcacerts |
|
93 | 88 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
94 | 89 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
95 | 90 | (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) |
|
96 | 91 | abort: localhost certificate error: no certificate received |
|
97 | 92 | (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) |
|
98 | 93 | [255] |
|
99 | 94 | #endif |
|
100 | 95 | |
|
101 | 96 | Specifying a per-host certificate file that doesn't exist will abort. The full |
|
102 | 97 | C:/path/to/msysroot will print on Windows. |
|
103 | 98 | |
|
104 | 99 | $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/ |
|
105 | 100 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
106 | 101 | abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: */does/not/exist (glob) |
|
107 | 102 | [255] |
|
108 | 103 | |
|
109 | 104 | A malformed per-host certificate file will raise an error |
|
110 | 105 | |
|
111 | 106 | $ echo baddata > badca.pem |
|
112 | 107 | #if sslcontext |
|
113 | 108 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ |
|
114 | 109 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
115 | 110 | abort: error loading CA file badca.pem: * (glob) |
|
116 | 111 | (file is empty or malformed?) |
|
117 | 112 | [255] |
|
118 | 113 | #else |
|
119 | 114 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ |
|
120 | 115 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
121 | 116 | abort: error: * (glob) |
|
122 | 117 | [255] |
|
123 | 118 | #endif |
|
124 | 119 | |
|
125 | 120 | A per-host certificate mismatching the server will fail verification |
|
126 | 121 | |
|
127 | 122 | (modern ssl is able to discern whether the loaded cert is a CA cert) |
|
128 | 123 | #if sslcontext |
|
129 | 124 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ |
|
130 | 125 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
131 | 126 | (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
132 | 127 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
133 | 128 | abort: error: *certificate verify failed* (glob) |
|
134 | 129 | [255] |
|
135 | 130 | #else |
|
136 | 131 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ |
|
137 | 132 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
138 | 133 | abort: error: *certificate verify failed* (glob) |
|
139 | 134 | [255] |
|
140 | 135 | #endif |
|
141 | 136 | |
|
142 | 137 | A per-host certificate matching the server's cert will be accepted |
|
143 | 138 | |
|
144 | 139 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1 |
|
145 | 140 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
146 | 141 | requesting all changes |
|
147 | 142 | adding changesets |
|
148 | 143 | adding manifests |
|
149 | 144 | adding file changes |
|
150 | 145 | added 1 changesets with 4 changes to 4 files |
|
151 | 146 | new changesets 8b6053c928fe |
|
152 | 147 | |
|
153 | 148 | A per-host certificate with multiple certs and one matching will be accepted |
|
154 | 149 | |
|
155 | 150 | $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem |
|
156 | 151 | $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2 |
|
157 | 152 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
158 | 153 | requesting all changes |
|
159 | 154 | adding changesets |
|
160 | 155 | adding manifests |
|
161 | 156 | adding file changes |
|
162 | 157 | added 1 changesets with 4 changes to 4 files |
|
163 | 158 | new changesets 8b6053c928fe |
|
164 | 159 | |
|
165 | 160 | Defining both per-host certificate and a fingerprint will print a warning |
|
166 | 161 | |
|
167 | 162 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning |
|
168 | 163 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
169 | 164 | (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification) |
|
170 | 165 | requesting all changes |
|
171 | 166 | adding changesets |
|
172 | 167 | adding manifests |
|
173 | 168 | adding file changes |
|
174 | 169 | added 1 changesets with 4 changes to 4 files |
|
175 | 170 | new changesets 8b6053c928fe |
|
176 | 171 | |
|
177 | 172 | $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true" |
|
178 | 173 | |
|
179 | 174 | Inability to verify peer certificate will result in abort |
|
180 | 175 | |
|
181 | 176 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS |
|
182 | 177 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
183 | 178 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect |
|
184 | 179 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) |
|
185 | 180 | [255] |
|
186 | 181 | |
|
187 | 182 | $ hg clone --insecure https://localhost:$HGPORT/ copy-pull |
|
188 | 183 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
189 | 184 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
190 | 185 | requesting all changes |
|
191 | 186 | adding changesets |
|
192 | 187 | adding manifests |
|
193 | 188 | adding file changes |
|
194 | 189 | added 1 changesets with 4 changes to 4 files |
|
195 | 190 | new changesets 8b6053c928fe |
|
196 | 191 | updating to branch default |
|
197 | 192 | 4 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
198 | 193 | $ hg verify -R copy-pull |
|
199 | 194 | checking changesets |
|
200 | 195 | checking manifests |
|
201 | 196 | crosschecking files in changesets and manifests |
|
202 | 197 | checking files |
|
203 | 198 | 4 files, 1 changesets, 4 total revisions |
|
204 | 199 | $ cd test |
|
205 | 200 | $ echo bar > bar |
|
206 | 201 | $ hg commit -A -d '1 0' -m 2 |
|
207 | 202 | adding bar |
|
208 | 203 | $ cd .. |
|
209 | 204 | |
|
210 | 205 | pull without cacert |
|
211 | 206 | |
|
212 | 207 | $ cd copy-pull |
|
213 | 208 | $ cat >> .hg/hgrc <<EOF |
|
214 | 209 | > [hooks] |
|
215 | 210 | > changegroup = sh -c "printenv.py changegroup" |
|
216 | 211 | > EOF |
|
217 | 212 | $ hg pull $DISABLECACERTS |
|
218 | 213 | pulling from https://localhost:$HGPORT/ |
|
219 | 214 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
220 | 215 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect |
|
221 | 216 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) |
|
222 | 217 | [255] |
|
223 | 218 | |
|
224 | 219 | $ hg pull --insecure |
|
225 | 220 | pulling from https://localhost:$HGPORT/ |
|
226 | 221 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
227 | 222 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
228 | 223 | searching for changes |
|
229 | 224 | adding changesets |
|
230 | 225 | adding manifests |
|
231 | 226 | adding file changes |
|
232 | 227 | added 1 changesets with 1 changes to 1 files |
|
233 | 228 | new changesets 5fed3813f7f5 |
|
234 | 229 | changegroup hook: HG_HOOKNAME=changegroup HG_HOOKTYPE=changegroup HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:$ID$ HG_URL=https://localhost:$HGPORT/ |
|
235 | 230 | (run 'hg update' to get a working copy) |
|
236 | 231 | $ cd .. |
|
237 | 232 | |
|
238 | 233 | cacert configured in local repo |
|
239 | 234 | |
|
240 | 235 | $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu |
|
241 | 236 | $ echo "[web]" >> copy-pull/.hg/hgrc |
|
242 | 237 | $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc |
|
243 | 238 | $ hg -R copy-pull pull |
|
244 | 239 | pulling from https://localhost:$HGPORT/ |
|
245 | 240 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
246 | 241 | searching for changes |
|
247 | 242 | no changes found |
|
248 | 243 | $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc |
|
249 | 244 | |
|
250 | 245 | cacert configured globally, also testing expansion of environment |
|
251 | 246 | variables in the filename |
|
252 | 247 | |
|
253 | 248 | $ echo "[web]" >> $HGRCPATH |
|
254 | 249 | $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH |
|
255 | 250 | $ P="$CERTSDIR" hg -R copy-pull pull |
|
256 | 251 | pulling from https://localhost:$HGPORT/ |
|
257 | 252 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
258 | 253 | searching for changes |
|
259 | 254 | no changes found |
|
260 | 255 | $ P="$CERTSDIR" hg -R copy-pull pull --insecure |
|
261 | 256 | pulling from https://localhost:$HGPORT/ |
|
262 | 257 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
263 | 258 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
264 | 259 | searching for changes |
|
265 | 260 | no changes found |
|
266 | 261 | |
|
267 | 262 | empty cacert file |
|
268 | 263 | |
|
269 | 264 | $ touch emptycafile |
|
270 | 265 | |
|
271 | 266 | #if sslcontext |
|
272 | 267 | $ hg --config web.cacerts=emptycafile -R copy-pull pull |
|
273 | 268 | pulling from https://localhost:$HGPORT/ |
|
274 | 269 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
275 | 270 | abort: error loading CA file emptycafile: * (glob) |
|
276 | 271 | (file is empty or malformed?) |
|
277 | 272 | [255] |
|
278 | 273 | #else |
|
279 | 274 | $ hg --config web.cacerts=emptycafile -R copy-pull pull |
|
280 | 275 | pulling from https://localhost:$HGPORT/ |
|
281 | 276 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
282 | 277 | abort: error: * (glob) |
|
283 | 278 | [255] |
|
284 | 279 | #endif |
|
285 | 280 | |
|
286 | 281 | cacert mismatch |
|
287 | 282 | |
|
288 | 283 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ |
|
289 | 284 | > https://$LOCALIP:$HGPORT/ |
|
290 | 285 | pulling from https://*:$HGPORT/ (glob) |
|
291 | 286 | warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
292 | 287 | abort: $LOCALIP certificate error: certificate is for localhost (glob) |
|
293 | 288 | (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) |
|
294 | 289 | [255] |
|
295 | 290 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ |
|
296 | 291 | > https://$LOCALIP:$HGPORT/ --insecure |
|
297 | 292 | pulling from https://*:$HGPORT/ (glob) |
|
298 | 293 | warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
299 | 294 | warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob) |
|
300 | 295 | searching for changes |
|
301 | 296 | no changes found |
|
302 | 297 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" |
|
303 | 298 | pulling from https://localhost:$HGPORT/ |
|
304 | 299 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
305 | 300 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
306 | 301 | abort: error: *certificate verify failed* (glob) |
|
307 | 302 | [255] |
|
308 | 303 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \ |
|
309 | 304 | > --insecure |
|
310 | 305 | pulling from https://localhost:$HGPORT/ |
|
311 | 306 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
312 | 307 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
313 | 308 | searching for changes |
|
314 | 309 | no changes found |
|
315 | 310 | |
|
316 | 311 | Test server cert which isn't valid yet |
|
317 | 312 | |
|
318 | 313 | $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem |
|
319 | 314 | $ cat hg1.pid >> $DAEMON_PIDS |
|
320 | 315 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \ |
|
321 | 316 | > https://localhost:$HGPORT1/ |
|
322 | 317 | pulling from https://localhost:$HGPORT1/ |
|
323 | 318 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
324 | 319 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
325 | 320 | abort: error: *certificate verify failed* (glob) |
|
326 | 321 | [255] |
|
327 | 322 | |
|
328 | 323 | Test server cert which no longer is valid |
|
329 | 324 | |
|
330 | 325 | $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem |
|
331 | 326 | $ cat hg2.pid >> $DAEMON_PIDS |
|
332 | 327 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \ |
|
333 | 328 | > https://localhost:$HGPORT2/ |
|
334 | 329 | pulling from https://localhost:$HGPORT2/ |
|
335 | 330 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
336 | 331 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
337 | 332 | abort: error: *certificate verify failed* (glob) |
|
338 | 333 | [255] |
|
339 | 334 | |
|
340 | 335 | Disabling the TLS 1.0 warning works |
|
341 | 336 | $ hg -R copy-pull id https://localhost:$HGPORT/ \ |
|
342 | 337 | > --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 \ |
|
343 | 338 | > --config hostsecurity.disabletls10warning=true |
|
344 | 339 | 5fed3813f7f5 |
|
345 | 340 | |
|
346 | 341 | Error message for setting ciphers is different depending on SSLContext support |
|
347 | 342 | |
|
348 | 343 | #if no-sslcontext |
|
349 | 344 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
350 | 345 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
351 | 346 | abort: *No cipher can be selected. (glob) |
|
352 | 347 | [255] |
|
353 | 348 | |
|
354 | 349 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ |
|
355 | 350 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
356 | 351 | 5fed3813f7f5 |
|
357 | 352 | #endif |
|
358 | 353 | |
|
359 | 354 | #if sslcontext |
|
360 | 355 | Setting ciphers to an invalid value aborts |
|
361 | 356 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
362 | 357 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
363 | 358 | abort: could not set ciphers: No cipher can be selected. |
|
364 | 359 | (change cipher string (invalid) in config) |
|
365 | 360 | [255] |
|
366 | 361 | |
|
367 | 362 | $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
368 | 363 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
369 | 364 | abort: could not set ciphers: No cipher can be selected. |
|
370 | 365 | (change cipher string (invalid) in config) |
|
371 | 366 | [255] |
|
372 | 367 | |
|
373 | 368 | Changing the cipher string works |
|
374 | 369 | |
|
375 | 370 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ |
|
376 | 371 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
377 | 372 | 5fed3813f7f5 |
|
378 | 373 | #endif |
|
379 | 374 | |
|
380 | 375 | Fingerprints |
|
381 | 376 | |
|
382 | 377 | - works without cacerts (hostfingerprints) |
|
383 | 378 | $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
384 | 379 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
385 | 380 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
386 | 381 | 5fed3813f7f5 |
|
387 | 382 | |
|
388 | 383 | - works without cacerts (hostsecurity) |
|
389 | 384 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
390 | 385 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
391 | 386 | 5fed3813f7f5 |
|
392 | 387 | |
|
393 | 388 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e |
|
394 | 389 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
395 | 390 | 5fed3813f7f5 |
|
396 | 391 | |
|
397 | 392 | - multiple fingerprints specified and first matches |
|
398 | 393 | $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
399 | 394 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
400 | 395 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
401 | 396 | 5fed3813f7f5 |
|
402 | 397 | |
|
403 | 398 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ |
|
404 | 399 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
405 | 400 | 5fed3813f7f5 |
|
406 | 401 | |
|
407 | 402 | - multiple fingerprints specified and last matches |
|
408 | 403 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
409 | 404 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
410 | 405 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
411 | 406 | 5fed3813f7f5 |
|
412 | 407 | |
|
413 | 408 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ |
|
414 | 409 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
415 | 410 | 5fed3813f7f5 |
|
416 | 411 | |
|
417 | 412 | - multiple fingerprints specified and none match |
|
418 | 413 | |
|
419 | 414 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
420 | 415 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
421 | 416 | abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
422 | 417 | (check hostfingerprint configuration) |
|
423 | 418 | [255] |
|
424 | 419 | |
|
425 | 420 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ |
|
426 | 421 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
427 | 422 | abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
428 | 423 | (check hostsecurity configuration) |
|
429 | 424 | [255] |
|
430 | 425 | |
|
431 | 426 | - fails when cert doesn't match hostname (port is ignored) |
|
432 | 427 | $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
433 | 428 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
434 | 429 | abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84 |
|
435 | 430 | (check hostfingerprint configuration) |
|
436 | 431 | [255] |
|
437 | 432 | |
|
438 | 433 | |
|
439 | 434 | - ignores that certificate doesn't match hostname |
|
440 | 435 | $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
441 | 436 | warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
442 | 437 | (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
443 | 438 | 5fed3813f7f5 |
|
444 | 439 | |
|
445 | 440 | Ports used by next test. Kill servers. |
|
446 | 441 | |
|
447 | 442 | $ killdaemons.py hg0.pid |
|
448 | 443 | $ killdaemons.py hg1.pid |
|
449 | 444 | $ killdaemons.py hg2.pid |
|
450 | 445 | |
|
451 | 446 | #if sslcontext tls1.2 |
|
452 | 447 | Start servers running supported TLS versions |
|
453 | 448 | |
|
454 | 449 | $ cd test |
|
455 | 450 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ |
|
456 | 451 | > --config devel.serverexactprotocol=tls1.0 |
|
457 | 452 | $ cat ../hg0.pid >> $DAEMON_PIDS |
|
458 | 453 | $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \ |
|
459 | 454 | > --config devel.serverexactprotocol=tls1.1 |
|
460 | 455 | $ cat ../hg1.pid >> $DAEMON_PIDS |
|
461 | 456 | $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \ |
|
462 | 457 | > --config devel.serverexactprotocol=tls1.2 |
|
463 | 458 | $ cat ../hg2.pid >> $DAEMON_PIDS |
|
464 | 459 | $ cd .. |
|
465 | 460 | |
|
466 | 461 | Clients talking same TLS versions work |
|
467 | 462 | |
|
468 | 463 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/ |
|
469 | 464 | 5fed3813f7f5 |
|
470 | 465 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/ |
|
471 | 466 | 5fed3813f7f5 |
|
472 | 467 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/ |
|
473 | 468 | 5fed3813f7f5 |
|
474 | 469 | |
|
475 | 470 | Clients requiring newer TLS version than what server supports fail |
|
476 | 471 | |
|
477 | 472 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
|
478 | 473 | (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) |
|
479 | 474 | (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) |
|
480 | 475 | (see https://mercurial-scm.org/wiki/SecureConnections for more info) |
|
481 | 476 | abort: error: *unsupported protocol* (glob) |
|
482 | 477 | [255] |
|
483 | 478 | |
|
484 | 479 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/ |
|
485 | 480 | (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) |
|
486 | 481 | (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) |
|
487 | 482 | (see https://mercurial-scm.org/wiki/SecureConnections for more info) |
|
488 | 483 | abort: error: *unsupported protocol* (glob) |
|
489 | 484 | [255] |
|
490 | 485 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/ |
|
491 | 486 | (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) |
|
492 | 487 | (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) |
|
493 | 488 | (see https://mercurial-scm.org/wiki/SecureConnections for more info) |
|
494 | 489 | abort: error: *unsupported protocol* (glob) |
|
495 | 490 | [255] |
|
496 | 491 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/ |
|
497 | 492 | (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) |
|
498 | 493 | (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) |
|
499 | 494 | (see https://mercurial-scm.org/wiki/SecureConnections for more info) |
|
500 | 495 | abort: error: *unsupported protocol* (glob) |
|
501 | 496 | [255] |
|
502 | 497 | |
|
503 | 498 | --insecure will allow TLS 1.0 connections and override configs |
|
504 | 499 | |
|
505 | 500 | $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/ |
|
506 | 501 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
507 | 502 | 5fed3813f7f5 |
|
508 | 503 | |
|
509 | 504 | The per-host config option overrides the default |
|
510 | 505 | |
|
511 | 506 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
512 | 507 | > --config hostsecurity.minimumprotocol=tls1.2 \ |
|
513 | 508 | > --config hostsecurity.localhost:minimumprotocol=tls1.0 |
|
514 | 509 | 5fed3813f7f5 |
|
515 | 510 | |
|
516 | 511 | The per-host config option by itself works |
|
517 | 512 | |
|
518 | 513 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
519 | 514 | > --config hostsecurity.localhost:minimumprotocol=tls1.2 |
|
520 | 515 | (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) |
|
521 | 516 | (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) |
|
522 | 517 | (see https://mercurial-scm.org/wiki/SecureConnections for more info) |
|
523 | 518 | abort: error: *unsupported protocol* (glob) |
|
524 | 519 | [255] |
|
525 | 520 | |
|
526 | 521 | .hg/hgrc file [hostsecurity] settings are applied to remote ui instances (issue5305) |
|
527 | 522 | |
|
528 | 523 | $ cat >> copy-pull/.hg/hgrc << EOF |
|
529 | 524 | > [hostsecurity] |
|
530 | 525 | > localhost:minimumprotocol=tls1.2 |
|
531 | 526 | > EOF |
|
532 | 527 | $ P="$CERTSDIR" hg -R copy-pull id https://localhost:$HGPORT/ |
|
533 | 528 | (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) |
|
534 | 529 | (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) |
|
535 | 530 | (see https://mercurial-scm.org/wiki/SecureConnections for more info) |
|
536 | 531 | abort: error: *unsupported protocol* (glob) |
|
537 | 532 | [255] |
|
538 | 533 | |
|
539 | 534 | $ killdaemons.py hg0.pid |
|
540 | 535 | $ killdaemons.py hg1.pid |
|
541 | 536 | $ killdaemons.py hg2.pid |
|
542 | 537 | #endif |
|
543 | 538 | |
|
544 | 539 | Prepare for connecting through proxy |
|
545 | 540 | |
|
546 | 541 | $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV |
|
547 | 542 | $ cat hg0.pid >> $DAEMON_PIDS |
|
548 | 543 | $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem |
|
549 | 544 | $ cat hg2.pid >> $DAEMON_PIDS |
|
550 | 545 | tinyproxy.py doesn't fully detach, so killing it may result in extra output |
|
551 | 546 | from the shell. So don't kill it. |
|
552 | 547 | $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 & |
|
553 | 548 | $ while [ ! -f proxy.pid ]; do sleep 0; done |
|
554 | 549 | $ cat proxy.pid >> $DAEMON_PIDS |
|
555 | 550 | |
|
556 | 551 | $ echo "[http_proxy]" >> copy-pull/.hg/hgrc |
|
557 | 552 | $ echo "always=True" >> copy-pull/.hg/hgrc |
|
558 | 553 | $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc |
|
559 | 554 | $ echo "localhost =" >> copy-pull/.hg/hgrc |
|
560 | 555 | |
|
561 | 556 | Test unvalidated https through proxy |
|
562 | 557 | |
|
563 | 558 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure |
|
564 | 559 | pulling from https://localhost:$HGPORT/ |
|
565 | 560 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
566 | 561 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
567 | 562 | searching for changes |
|
568 | 563 | no changes found |
|
569 | 564 | |
|
570 | 565 | Test https with cacert and fingerprint through proxy |
|
571 | 566 | |
|
572 | 567 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
573 | 568 | > --config web.cacerts="$CERTSDIR/pub.pem" |
|
574 | 569 | pulling from https://localhost:$HGPORT/ |
|
575 | 570 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
576 | 571 | searching for changes |
|
577 | 572 | no changes found |
|
578 | 573 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace |
|
579 | 574 | pulling from https://*:$HGPORT/ (glob) |
|
580 | 575 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
581 | 576 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
582 | 577 | searching for changes |
|
583 | 578 | no changes found |
|
584 | 579 | |
|
585 | 580 | Test https with cert problems through proxy |
|
586 | 581 | |
|
587 | 582 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
588 | 583 | > --config web.cacerts="$CERTSDIR/pub-other.pem" |
|
589 | 584 | pulling from https://localhost:$HGPORT/ |
|
590 | 585 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
591 | 586 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
592 | 587 | abort: error: *certificate verify failed* (glob) |
|
593 | 588 | [255] |
|
594 | 589 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
595 | 590 | > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/ |
|
596 | 591 | pulling from https://localhost:$HGPORT2/ |
|
597 | 592 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
598 | 593 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
599 | 594 | abort: error: *certificate verify failed* (glob) |
|
600 | 595 | [255] |
|
601 | 596 | |
|
602 | 597 | |
|
603 | 598 | $ killdaemons.py hg0.pid |
|
604 | 599 | |
|
605 | 600 | #if sslcontext |
|
606 | 601 | |
|
607 | 602 | $ cd test |
|
608 | 603 | |
|
609 | 604 | Missing certificate file(s) are detected |
|
610 | 605 | |
|
611 | 606 | $ hg serve -p $HGPORT --certificate=/missing/certificate \ |
|
612 | 607 | > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true |
|
613 | 608 | abort: referenced certificate file (*/missing/certificate) does not exist (glob) |
|
614 | 609 | [255] |
|
615 | 610 | |
|
616 | 611 | $ hg serve -p $HGPORT --certificate=$PRIV \ |
|
617 | 612 | > --config devel.servercafile=/missing/cafile --config devel.serverrequirecert=true |
|
618 | 613 | abort: referenced certificate file (*/missing/cafile) does not exist (glob) |
|
619 | 614 | [255] |
|
620 | 615 | |
|
621 | 616 | Start hgweb that requires client certificates: |
|
622 | 617 | |
|
623 | 618 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ |
|
624 | 619 | > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true |
|
625 | 620 | $ cat ../hg0.pid >> $DAEMON_PIDS |
|
626 | 621 | $ cd .. |
|
627 | 622 | |
|
628 | 623 | without client certificate: |
|
629 | 624 | |
|
630 | 625 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
|
631 | 626 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
632 | 627 | abort: error: *handshake failure* (glob) |
|
633 | 628 | [255] |
|
634 | 629 | |
|
635 | 630 | with client certificate: |
|
636 | 631 | |
|
637 | 632 | $ cat << EOT >> $HGRCPATH |
|
638 | 633 | > [auth] |
|
639 | 634 | > l.prefix = localhost |
|
640 | 635 | > l.cert = $CERTSDIR/client-cert.pem |
|
641 | 636 | > l.key = $CERTSDIR/client-key.pem |
|
642 | 637 | > EOT |
|
643 | 638 | |
|
644 | 639 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
645 | 640 | > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem" |
|
646 | 641 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
647 | 642 | 5fed3813f7f5 |
|
648 | 643 | |
|
649 | 644 | $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
650 | 645 | > --config ui.interactive=True --config ui.nontty=True |
|
651 | 646 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
652 | 647 | passphrase for */client-key.pem: 5fed3813f7f5 (glob) |
|
653 | 648 | |
|
654 | 649 | $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
|
655 | 650 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
656 | 651 | abort: error: * (glob) |
|
657 | 652 | [255] |
|
658 | 653 | |
|
659 | 654 | Missing certficate and key files result in error |
|
660 | 655 | |
|
661 | 656 | $ hg id https://localhost:$HGPORT/ --config auth.l.cert=/missing/cert |
|
662 | 657 | abort: certificate file (*/missing/cert) does not exist; cannot connect to localhost (glob) |
|
663 | 658 | (restore missing file or fix references in Mercurial config) |
|
664 | 659 | [255] |
|
665 | 660 | |
|
666 | 661 | $ hg id https://localhost:$HGPORT/ --config auth.l.key=/missing/key |
|
667 | 662 | abort: certificate file (*/missing/key) does not exist; cannot connect to localhost (glob) |
|
668 | 663 | (restore missing file or fix references in Mercurial config) |
|
669 | 664 | [255] |
|
670 | 665 | |
|
671 | 666 | #endif |
General Comments 0
You need to be logged in to leave comments.
Login now