Show More
| @@ -268,7 +268,12 b' def wrapsocket(sock, keyfile, certfile, ' | |||||
| 268 | sslcontext.load_cert_chain(certfile, keyfile, password) |
|
268 | sslcontext.load_cert_chain(certfile, keyfile, password) | |
| 269 |
|
269 | |||
| 270 | if settings['cafile'] is not None: |
|
270 | if settings['cafile'] is not None: | |
| 271 | sslcontext.load_verify_locations(cafile=settings['cafile']) |
|
271 | try: | |
|
|
272 | sslcontext.load_verify_locations(cafile=settings['cafile']) | |||
|
|
273 | except ssl.SSLError as e: | |||
|
|
274 | raise error.Abort(_('error loading CA file %s: %s') % ( | |||
|
|
275 | settings['cafile'], e.args[1]), | |||
|
|
276 | hint=_('file is empty or malformed?')) | |||
| 272 | caloaded = True |
|
277 | caloaded = True | |
| 273 | elif settings['allowloaddefaultcerts']: |
|
278 | elif settings['allowloaddefaultcerts']: | |
| 274 | # This is a no-op on old Python. |
|
279 | # This is a no-op on old Python. | |
| @@ -62,9 +62,16 b' Specifying a per-host certificate file t' | |||||
| 62 | A malformed per-host certificate file will raise an error |
|
62 | A malformed per-host certificate file will raise an error | |
| 63 |
|
63 | |||
| 64 | $ echo baddata > badca.pem |
|
64 | $ echo baddata > badca.pem | |
|
|
65 | #if sslcontext | |||
|
|
66 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ | |||
|
|
67 | abort: error loading CA file badca.pem: * (glob) | |||
|
|
68 | (file is empty or malformed?) | |||
|
|
69 | [255] | |||
|
|
70 | #else | |||
| 65 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ |
|
71 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ | |
| 66 | abort: error: * (glob) |
|
72 | abort: error: * (glob) | |
| 67 | [255] |
|
73 | [255] | |
|
|
74 | #endif | |||
| 68 |
|
75 | |||
| 69 | A per-host certificate mismatching the server will fail verification |
|
76 | A per-host certificate mismatching the server will fail verification | |
| 70 |
|
77 | |||
| @@ -183,10 +190,19 b' variables in the filename' | |||||
| 183 | empty cacert file |
|
190 | empty cacert file | |
| 184 |
|
191 | |||
| 185 | $ touch emptycafile |
|
192 | $ touch emptycafile | |
|
|
193 | ||||
|
|
194 | #if sslcontext | |||
|
|
195 | $ hg --config web.cacerts=emptycafile -R copy-pull pull | |||
|
|
196 | pulling from https://localhost:$HGPORT/ | |||
|
|
197 | abort: error loading CA file emptycafile: * (glob) | |||
|
|
198 | (file is empty or malformed?) | |||
|
|
199 | [255] | |||
|
|
200 | #else | |||
| 186 | $ hg --config web.cacerts=emptycafile -R copy-pull pull |
|
201 | $ hg --config web.cacerts=emptycafile -R copy-pull pull | |
| 187 | pulling from https://localhost:$HGPORT/ |
|
202 | pulling from https://localhost:$HGPORT/ | |
| 188 | abort: error: * (glob) |
|
203 | abort: error: * (glob) | |
| 189 | [255] |
|
204 | [255] | |
|
|
205 | #endif | |||
| 190 |
|
206 | |||
| 191 | cacert mismatch |
|
207 | cacert mismatch | |
| 192 |
|
208 | |||
General Comments 0
You need to be logged in to leave comments.
Login now