upstream/mercurial-mirror Commit - r29331:1e02d957

tests: extract SSL certificates from test-https.t...

Yuya Nishihara -

r29331:1e02d957 default

parent child

tests/sslcerts/README

0 created 644 +26 0

@@ -0,0 +1,26 b''
	1	Certificates created with:
	2	printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' \| \
	3	openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem
	4	Can be dumped with:
	5	openssl x509 -in pub.pem -text
	6
	7	- priv.pem
	8	- pub.pem
	9	- pub-other.pem
	10
	11	pub.pem patched with other notBefore / notAfter:
	12
	13	- pub-not-yet.pem
	14	- pub-expired.pem
	15
	16	Client certificates created with:
	17	openssl genrsa -aes128 -passout pass:1234 -out client-key.pem 512
	18	openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem
	19	printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' \| \
	20	openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
	21	openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
	22	-set_serial 01 -out client-cert.pem
	23
	24	- client-key.pem
	25	- client-key-decrypted.pem
	26	- client-cert.pem

tests/sslcerts/client-cert.pem

0 created 644 +9 0

@@ -0,0 +1,9 b''
	1	-----BEGIN CERTIFICATE-----
	2	MIIBPjCB6QIBATANBgkqhkiG9w0BAQsFADAxMRIwEAYDVQQDDAlsb2NhbGhvc3Qx
	3	GzAZBgkqhkiG9w0BCQEWDGhnQGxvY2FsaG9zdDAeFw0xNTA1MDcwNjI5NDVaFw0z
	4	OTEyMjcwNjI5NDVaMCQxIjAgBgkqhkiG9w0BCQEWE2hnLWNsaWVudEBsb2NhbGhv
	5	c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAmzgtLeCUBhT3ZuDmQ+BE81bzh7AH
	6	R9Yl8ApxwKnUAIcB1k95opsUKKdUxgoBVtWoGTKtn9PKvxpJ8zPjE7j4qwIDAQAB
	7	MA0GCSqGSIb3DQEBCwUAA0EAfBTqBG5pYhuGk+ZnyUufgS+d7Nk/sZAZjNdCAEj/
	8	NFPo5fR1jM6jlEWoWbeg298+SkjV7tfO+2nt0otUFkdM6A==
	9	-----END CERTIFICATE-----

tests/sslcerts/client-key-decrypted.pem

0 created 644 +9 0

@@ -0,0 +1,9 b''
	1	-----BEGIN RSA PRIVATE KEY-----
	2	MIIBOgIBAAJBAJs4LS3glAYU92bg5kPgRPNW84ewB0fWJfAKccCp1ACHAdZPeaKb
	3	FCinVMYKAVbVqBkyrZ/Tyr8aSfMz4xO4+KsCAwEAAQJAeKDr25+Q6jkZHEbkLRP6
	4	AfMtR+Ixhk6TJT24sbZKIC2V8KuJTDEvUhLU0CAr1nH79bDqiSsecOiVCr2HHyfT
	5	AQIhAM2C5rHbTs9R3PkywFEqq1gU3ztCnpiWglO7/cIkuGBhAiEAwVpMSAf77kop
	6	4h/1kWsgMALQTJNsXd4CEUK4BOxvJIsCIQCbarVAKBQvoT81jfX27AfscsxnKnh5
	7	+MjSvkanvdFZwQIgbbcTefwt1LV4trtz2SR0i0nNcOZmo40Kl0jIquKO3qkCIH01
	8	mJHzZr3+jQqeIFtr5P+Xqi30DJxgrnEobbJ0KFjY
	9	-----END RSA PRIVATE KEY-----

tests/sslcerts/client-key.pem

0 created 644 +12 0

@@ -0,0 +1,12 b''
	1	-----BEGIN RSA PRIVATE KEY-----
	2	Proc-Type: 4,ENCRYPTED
	3	DEK-Info: AES-128-CBC,C8B8F103A61A336FB0716D1C0F8BB2E8
	4
	5	JolMlCFjEW3q3JJjO9z99NJWeJbFgF5DpUOkfSCxH56hxxtZb9x++rBvBZkxX1bF
	6	BAIe+iI90+jdCLwxbILWuFcrJUaLC5WmO14XDKYVmr2eW9e4MiCYOlO0Q6a9rDFS
	7	jctRCfvubOXFHbBGLH8uKEMpXEkP7Lc60FiIukqjuQEivJjrQirVtZCGwyk3qUi7
	8	Eyh4Lo63IKGu8T1Bkmn2kaMvFhu7nC/CQLBjSq0YYI1tmCOkVb/3tPrz8oqgDJp2
	9	u7bLS3q0xDNZ52nVrKIoZC/UlRXGlPyzPpa70/jPIdfCbkwDaBpRVXc+62Pj2n5/
	10	CnO2xaKwfOG6pDvanBhFD72vuBOkAYlFZPiEku4sc2WlNggsSWCPCIFwzmiHjKIl
	11	bWmdoTq3nb7sNfnBbV0OCa7fS1dFwCm4R1NC7ELENu0=
	12	-----END RSA PRIVATE KEY-----

tests/sslcerts/priv.pem

0 created 644 +10 0

@@ -0,0 +1,10 b''
	1	-----BEGIN PRIVATE KEY-----
	2	MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH
	3	aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8
	4	j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc
	5	EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG
	6	MF1ACazQO7PYE8M0qfECIQDONHHP0SKZzz/ZwBZcAveC5K61f/v9hONFwbeYulzR
	7	+wIgc9SvbtgB/5Yzpp//4ZAEnR7oh5SClCvyB+KSx52K3nECICbhQphhoXmI10wy
	8	aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh
	9	HY8gUVkVRVs=
	10	-----END PRIVATE KEY-----

tests/sslcerts/pub-expired.pem

0 created 644 +10 0

@@ -0,0 +1,10 b''
	1	-----BEGIN CERTIFICATE-----
	2	MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
	3	aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx
	4	NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
	5	c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
	6	EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
	7	+ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
	8	BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt
	9	2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ=
	10	-----END CERTIFICATE-----

tests/sslcerts/pub-not-yet.pem

0 created 644 +10 0

@@ -0,0 +1,10 b''
	1	-----BEGIN CERTIFICATE-----
	2	MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
	3	aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw
	4	NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
	5	c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
	6	EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
	7	+ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
	8	BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb
	9	/12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0=
	10	-----END CERTIFICATE-----

tests/sslcerts/pub-other.pem

0 created 644 +11 0

@@ -0,0 +1,11 b''
	1	-----BEGIN CERTIFICATE-----
	2	MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
	3	BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
	4	MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0
	5	MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
	6	ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo
	7	K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN
	8	y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw
	9	DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6
	10	bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig=
	11	-----END CERTIFICATE-----

tests/sslcerts/pub.pem

0 created 644 +11 0

@@ -0,0 +1,11 b''
	1	-----BEGIN CERTIFICATE-----
	2	MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
	3	BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
	4	MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0
	5	MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
	6	ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX
	7	6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm
	8	r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw
	9	DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl
	10	t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c=
	11	-----END CERTIFICATE-----

tests/test-https.t

0 +34 -144

@@ -2,131 +2,13 b''
2		2
3	Proper https client requires the built-in ssl from Python 2.6.	3	Proper https client requires the built-in ssl from Python 2.6.
4		4
5	Certificates created with:	5	Make server certificates:
6	printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' \| \
7	openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem
8	Can be dumped with:
9	openssl x509 -in pub.pem -text
10
11	$ cat << EOT > priv.pem
12	> -----BEGIN PRIVATE KEY-----
13	> MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH
14	> aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8
15	> j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc
16	> EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG
17	> MF1ACazQO7PYE8M0qfECIQDONHHP0SKZzz/ZwBZcAveC5K61f/v9hONFwbeYulzR
18	> +wIgc9SvbtgB/5Yzpp//4ZAEnR7oh5SClCvyB+KSx52K3nECICbhQphhoXmI10wy
19	> aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh
20	> HY8gUVkVRVs=
21	> -----END PRIVATE KEY-----
22	> EOT
23
24	$ cat << EOT > pub.pem
25	> -----BEGIN CERTIFICATE-----
26	> MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
27	> BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
28	> MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0
29	> MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
30	> ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX
31	> 6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm
32	> r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw
33	> DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl
34	> t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c=
35	> -----END CERTIFICATE-----
36	> EOT
37	$ cat priv.pem pub.pem >> server.pem
38	$ PRIV=`pwd`/server.pem
39
40	$ cat << EOT > pub-other.pem
41	> -----BEGIN CERTIFICATE-----
42	> MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
43	> BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
44	> MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0
45	> MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
46	> ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo
47	> K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN
48	> y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw
49	> DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6
50	> bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig=
51	> -----END CERTIFICATE-----
52	> EOT
53
54	pub.pem patched with other notBefore / notAfter:
55		6
56	$ cat << EOT > pub-not-yet.pem	7	$ CERTSDIR="$TESTDIR/sslcerts"
57	> -----BEGIN CERTIFICATE-----	8	$ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
58	> MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs	9	$ PRIV=`pwd`/server.pem
59	> aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw	10	$ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem
60	> NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv	11	$ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem
61	> c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
62	> EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
63	> +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
64	> BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb
65	> /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0=
66	> -----END CERTIFICATE-----
67	> EOT
68	$ cat priv.pem pub-not-yet.pem > server-not-yet.pem
69
70	$ cat << EOT > pub-expired.pem
71	> -----BEGIN CERTIFICATE-----
72	> MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
73	> aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx
74	> NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
75	> c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
76	> EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
77	> +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
78	> BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt
79	> 2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ=
80	> -----END CERTIFICATE-----
81	> EOT
82	$ cat priv.pem pub-expired.pem > server-expired.pem
83
84	Client certificates created with:
85	openssl genrsa -aes128 -passout pass:1234 -out client-key.pem 512
86	openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem
87	printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' \| \
88	openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
89	openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
90	-set_serial 01 -out client-cert.pem
91
92	$ cat << EOT > client-key.pem
93	> -----BEGIN RSA PRIVATE KEY-----
94	> Proc-Type: 4,ENCRYPTED
95	> DEK-Info: AES-128-CBC,C8B8F103A61A336FB0716D1C0F8BB2E8
96	>
97	> JolMlCFjEW3q3JJjO9z99NJWeJbFgF5DpUOkfSCxH56hxxtZb9x++rBvBZkxX1bF
98	> BAIe+iI90+jdCLwxbILWuFcrJUaLC5WmO14XDKYVmr2eW9e4MiCYOlO0Q6a9rDFS
99	> jctRCfvubOXFHbBGLH8uKEMpXEkP7Lc60FiIukqjuQEivJjrQirVtZCGwyk3qUi7
100	> Eyh4Lo63IKGu8T1Bkmn2kaMvFhu7nC/CQLBjSq0YYI1tmCOkVb/3tPrz8oqgDJp2
101	> u7bLS3q0xDNZ52nVrKIoZC/UlRXGlPyzPpa70/jPIdfCbkwDaBpRVXc+62Pj2n5/
102	> CnO2xaKwfOG6pDvanBhFD72vuBOkAYlFZPiEku4sc2WlNggsSWCPCIFwzmiHjKIl
103	> bWmdoTq3nb7sNfnBbV0OCa7fS1dFwCm4R1NC7ELENu0=
104	> -----END RSA PRIVATE KEY-----
105	> EOT
106
107	$ cat << EOT > client-key-decrypted.pem
108	> -----BEGIN RSA PRIVATE KEY-----
109	> MIIBOgIBAAJBAJs4LS3glAYU92bg5kPgRPNW84ewB0fWJfAKccCp1ACHAdZPeaKb
110	> FCinVMYKAVbVqBkyrZ/Tyr8aSfMz4xO4+KsCAwEAAQJAeKDr25+Q6jkZHEbkLRP6
111	> AfMtR+Ixhk6TJT24sbZKIC2V8KuJTDEvUhLU0CAr1nH79bDqiSsecOiVCr2HHyfT
112	> AQIhAM2C5rHbTs9R3PkywFEqq1gU3ztCnpiWglO7/cIkuGBhAiEAwVpMSAf77kop
113	> 4h/1kWsgMALQTJNsXd4CEUK4BOxvJIsCIQCbarVAKBQvoT81jfX27AfscsxnKnh5
114	> +MjSvkanvdFZwQIgbbcTefwt1LV4trtz2SR0i0nNcOZmo40Kl0jIquKO3qkCIH01
115	> mJHzZr3+jQqeIFtr5P+Xqi30DJxgrnEobbJ0KFjY
116	> -----END RSA PRIVATE KEY-----
117	> EOT
118
119	$ cat << EOT > client-cert.pem
120	> -----BEGIN CERTIFICATE-----
121	> MIIBPjCB6QIBATANBgkqhkiG9w0BAQsFADAxMRIwEAYDVQQDDAlsb2NhbGhvc3Qx
122	> GzAZBgkqhkiG9w0BCQEWDGhnQGxvY2FsaG9zdDAeFw0xNTA1MDcwNjI5NDVaFw0z
123	> OTEyMjcwNjI5NDVaMCQxIjAgBgkqhkiG9w0BCQEWE2hnLWNsaWVudEBsb2NhbGhv
124	> c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAmzgtLeCUBhT3ZuDmQ+BE81bzh7AH
125	> R9Yl8ApxwKnUAIcB1k95opsUKKdUxgoBVtWoGTKtn9PKvxpJ8zPjE7j4qwIDAQAB
126	> MA0GCSqGSIb3DQEBCwUAA0EAfBTqBG5pYhuGk+ZnyUufgS+d7Nk/sZAZjNdCAEj/
127	> NFPo5fR1jM6jlEWoWbeg298+SkjV7tfO+2nt0otUFkdM6A==
128	> -----END CERTIFICATE-----
129	> EOT
130		12
131	$ hg init test	13	$ hg init test
132	$ cd test	14	$ cd test
@@ -217,7 +99,7 b' cacert configured in local repo'
217		99
218	$ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu	100	$ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
219	$ echo "[web]" >> copy-pull/.hg/hgrc	101	$ echo "[web]" >> copy-pull/.hg/hgrc
220	$ echo "cacerts=~~`pwd`~~/pub.pem" >> copy-pull/.hg/hgrc	102	$ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc
221	$ hg -R copy-pull pull --traceback	103	$ hg -R copy-pull pull --traceback
222	pulling from https://localhost:$HGPORT/	104	pulling from https://localhost:$HGPORT/
223	searching for changes	105	searching for changes
@@ -229,11 +111,11 b' variables in the filename'
229		111
230	$ echo "[web]" >> $HGRCPATH	112	$ echo "[web]" >> $HGRCPATH
231	$ echo 'cacerts=$P/pub.pem' >> $HGRCPATH	113	$ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
232	$ P=`~~pwd~~` hg -R copy-pull pull	114	$ P="$CERTSDIR" hg -R copy-pull pull
233	pulling from https://localhost:$HGPORT/	115	pulling from https://localhost:$HGPORT/
234	searching for changes	116	searching for changes
235	no changes found	117	no changes found
236	$ P=`~~pwd~~` hg -R copy-pull pull --insecure	118	$ P="$CERTSDIR" hg -R copy-pull pull --insecure
237	pulling from https://localhost:$HGPORT/	119	pulling from https://localhost:$HGPORT/
238	warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering	120	warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
239	searching for changes	121	searching for changes
@@ -241,21 +123,24 b' variables in the filename'
241		123
242	cacert mismatch	124	cacert mismatch
243		125
244	$ hg -R copy-pull pull --config web.cacerts=pub.pem ~~https~~:~~//127.0.0.1:$HGPORT/~~	126	$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
		127	> https://127.0.0.1:$HGPORT/
245	pulling from https://127.0.0.1:$HGPORT/	128	pulling from https://127.0.0.1:$HGPORT/
246	abort: 127.0.0.1 certificate error: certificate is for localhost	129	abort: 127.0.0.1 certificate error: certificate is for localhost
247	(set hostsecurity.127.0.0.1:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)	130	(set hostsecurity.127.0.0.1:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
248	[255]	131	[255]
249	$ hg -R copy-pull pull --config web.cacerts=pub.pem ~~https~~:~~//127.0.0.1:$HGPORT/ --insecure~~	132	$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
		133	> https://127.0.0.1:$HGPORT/ --insecure
250	pulling from https://127.0.0.1:$HGPORT/	134	pulling from https://127.0.0.1:$HGPORT/
251	warning: connection security to 127.0.0.1 is disabled per current settings; communication is susceptible to eavesdropping and tampering	135	warning: connection security to 127.0.0.1 is disabled per current settings; communication is susceptible to eavesdropping and tampering
252	searching for changes	136	searching for changes
253	no changes found	137	no changes found
254	$ hg -R copy-pull pull --config web.cacerts=pub-other.pem	138	$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
255	pulling from https://localhost:$HGPORT/	139	pulling from https://localhost:$HGPORT/
256	abort: error: certificate verify failed (glob)	140	abort: error: certificate verify failed (glob)
257	[255]	141	[255]
258	$ hg -R copy-pull pull --config web.cacerts=pub-other.pem --~~insecure~~	142	$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
		143	> --insecure
259	pulling from https://localhost:$HGPORT/	144	pulling from https://localhost:$HGPORT/
260	warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering	145	warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
261	searching for changes	146	searching for changes
@@ -265,7 +150,8 b" Test server cert which isn't valid yet"
265		150
266	$ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem	151	$ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
267	$ cat hg1.pid >> $DAEMON_PIDS	152	$ cat hg1.pid >> $DAEMON_PIDS
268	$ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem ~~https://localhost:$HGPORT1/~~	153	$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \
		154	> https://localhost:$HGPORT1/
269	pulling from https://localhost:$HGPORT1/	155	pulling from https://localhost:$HGPORT1/
270	abort: error: certificate verify failed (glob)	156	abort: error: certificate verify failed (glob)
271	[255]	157	[255]
@@ -274,7 +160,8 b' Test server cert which no longer is vali'
274		160
275	$ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem	161	$ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
276	$ cat hg2.pid >> $DAEMON_PIDS	162	$ cat hg2.pid >> $DAEMON_PIDS
277	$ hg -R copy-pull pull --config web.cacerts=pub-expired.pem ~~https://localhost:$HGPORT2/~~	163	$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \
		164	> https://localhost:$HGPORT2/
278	pulling from https://localhost:$HGPORT2/	165	pulling from https://localhost:$HGPORT2/
279	abort: error: certificate verify failed (glob)	166	abort: error: certificate verify failed (glob)
280	[255]	167	[255]
@@ -353,7 +240,8 b' Test unvalidated https through proxy'
353		240
354	Test https with cacert and fingerprint through proxy	241	Test https with cacert and fingerprint through proxy
355		242
356	$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull ~~--config web.cacerts=pub.pem~~	243	$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
		244	> --config web.cacerts="$CERTSDIR/pub.pem"
357	pulling from https://localhost:$HGPORT/	245	pulling from https://localhost:$HGPORT/
358	searching for changes	246	searching for changes
359	no changes found	247	no changes found
@@ -364,11 +252,13 b' Test https with cacert and fingerprint t'
364		252
365	Test https with cert problems through proxy	253	Test https with cert problems through proxy
366		254
367	$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull ~~--config web.cacerts=pub-other.pem~~	255	$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
		256	> --config web.cacerts="$CERTSDIR/pub-other.pem"
368	pulling from https://localhost:$HGPORT/	257	pulling from https://localhost:$HGPORT/
369	abort: error: certificate verify failed (glob)	258	abort: error: certificate verify failed (glob)
370	[255]	259	[255]
371	$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull ~~--config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/~~	260	$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
		261	> --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
372	pulling from https://localhost:$HGPORT2/	262	pulling from https://localhost:$HGPORT2/
373	abort: error: certificate verify failed (glob)	263	abort: error: certificate verify failed (glob)
374	[255]	264	[255]
@@ -403,7 +293,7 b' Start patched hgweb that requires client'
403		293
404	without client certificate:	294	without client certificate:
405		295
406	$ P=`~~pwd~~` hg id https://localhost:$HGPORT/	296	$ P="$CERTSDIR" hg id https://localhost:$HGPORT/
407	abort: error: handshake failure (glob)	297	abort: error: handshake failure (glob)
408	[255]	298	[255]
409		299
@@ -412,19 +302,19 b' with client certificate:'
412	$ cat << EOT >> $HGRCPATH	302	$ cat << EOT >> $HGRCPATH
413	> [auth]	303	> [auth]
414	> l.prefix = localhost	304	> l.prefix = localhost
415	> l.cert = client-cert.pem	305	> l.cert = $CERTSDIR/client-cert.pem
416	> l.key = client-key.pem	306	> l.key = $CERTSDIR/client-key.pem
417	> EOT	307	> EOT
418		308
419	$ P=~~`pwd`~~ hg id https://localhost:$HGPORT/ \	309	$ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
420	> --config auth.l.key=client-key-decrypted.pem	310	> --config auth.l.key="$CERTSDIR/client-key-decrypted.pem"
421	5fed3813f7f5	311	5fed3813f7f5
422		312
423	$ printf '1234\n' \| env P=~~`pwd`~~ hg id https://localhost:$HGPORT/ \	313	$ printf '1234\n' \| env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
424	> --config ui.interactive=True --config ui.nontty=True	314	> --config ui.interactive=True --config ui.nontty=True
425	passphrase for client-key.pem: 5fed3813f7f5	315	passphrase for */client-key.pem: 5fed3813f7f5 (glob)
426		316
427	$ env P=~~`pwd`~~ hg id https://localhost:$HGPORT/	317	$ env P="$CERTSDIR" hg id https://localhost:$HGPORT/
428	abort: error: * (glob)	318	abort: error: * (glob)
429	[255]	319	[255]
430		320

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages