##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sslutil: require TLS 1.1+ when supported...
Gregory Szorc -
r29560:303e9300 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,2189 +1,2197 b''
1 1 The Mercurial system uses a set of configuration files to control
2 2 aspects of its behavior.
3 3
4 4 Troubleshooting
5 5 ===============
6 6
7 7 If you're having problems with your configuration,
8 8 :hg:`config --debug` can help you understand what is introducing
9 9 a setting into your environment.
10 10
11 11 See :hg:`help config.syntax` and :hg:`help config.files`
12 12 for information about how and where to override things.
13 13
14 14 Structure
15 15 =========
16 16
17 17 The configuration files use a simple ini-file format. A configuration
18 18 file consists of sections, led by a ``[section]`` header and followed
19 19 by ``name = value`` entries::
20 20
21 21 [ui]
22 22 username = Firstname Lastname <firstname.lastname@example.net>
23 23 verbose = True
24 24
25 25 The above entries will be referred to as ``ui.username`` and
26 26 ``ui.verbose``, respectively. See :hg:`help config.syntax`.
27 27
28 28 Files
29 29 =====
30 30
31 31 Mercurial reads configuration data from several files, if they exist.
32 32 These files do not exist by default and you will have to create the
33 33 appropriate configuration files yourself:
34 34
35 35 Local configuration is put into the per-repository ``<repo>/.hg/hgrc`` file.
36 36
37 37 Global configuration like the username setting is typically put into:
38 38
39 39 .. container:: windows
40 40
41 41 - ``%USERPROFILE%\mercurial.ini`` (on Windows)
42 42
43 43 .. container:: unix.plan9
44 44
45 45 - ``$HOME/.hgrc`` (on Unix, Plan9)
46 46
47 47 The names of these files depend on the system on which Mercurial is
48 48 installed. ``*.rc`` files from a single directory are read in
49 49 alphabetical order, later ones overriding earlier ones. Where multiple
50 50 paths are given below, settings from earlier paths override later
51 51 ones.
52 52
53 53 .. container:: verbose.unix
54 54
55 55 On Unix, the following files are consulted:
56 56
57 57 - ``<repo>/.hg/hgrc`` (per-repository)
58 58 - ``$HOME/.hgrc`` (per-user)
59 59 - ``<install-root>/etc/mercurial/hgrc`` (per-installation)
60 60 - ``<install-root>/etc/mercurial/hgrc.d/*.rc`` (per-installation)
61 61 - ``/etc/mercurial/hgrc`` (per-system)
62 62 - ``/etc/mercurial/hgrc.d/*.rc`` (per-system)
63 63 - ``<internal>/default.d/*.rc`` (defaults)
64 64
65 65 .. container:: verbose.windows
66 66
67 67 On Windows, the following files are consulted:
68 68
69 69 - ``<repo>/.hg/hgrc`` (per-repository)
70 70 - ``%USERPROFILE%\.hgrc`` (per-user)
71 71 - ``%USERPROFILE%\Mercurial.ini`` (per-user)
72 72 - ``%HOME%\.hgrc`` (per-user)
73 73 - ``%HOME%\Mercurial.ini`` (per-user)
74 74 - ``HKEY_LOCAL_MACHINE\SOFTWARE\Mercurial`` (per-installation)
75 75 - ``<install-dir>\hgrc.d\*.rc`` (per-installation)
76 76 - ``<install-dir>\Mercurial.ini`` (per-installation)
77 77 - ``<internal>/default.d/*.rc`` (defaults)
78 78
79 79 .. note::
80 80
81 81 The registry key ``HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mercurial``
82 82 is used when running 32-bit Python on 64-bit Windows.
83 83
84 84 .. container:: windows
85 85
86 86 On Windows 9x, ``%HOME%`` is replaced by ``%APPDATA%``.
87 87
88 88 .. container:: verbose.plan9
89 89
90 90 On Plan9, the following files are consulted:
91 91
92 92 - ``<repo>/.hg/hgrc`` (per-repository)
93 93 - ``$home/lib/hgrc`` (per-user)
94 94 - ``<install-root>/lib/mercurial/hgrc`` (per-installation)
95 95 - ``<install-root>/lib/mercurial/hgrc.d/*.rc`` (per-installation)
96 96 - ``/lib/mercurial/hgrc`` (per-system)
97 97 - ``/lib/mercurial/hgrc.d/*.rc`` (per-system)
98 98 - ``<internal>/default.d/*.rc`` (defaults)
99 99
100 100 Per-repository configuration options only apply in a
101 101 particular repository. This file is not version-controlled, and
102 102 will not get transferred during a "clone" operation. Options in
103 103 this file override options in all other configuration files.
104 104
105 105 .. container:: unix.plan9
106 106
107 107 On Plan 9 and Unix, most of this file will be ignored if it doesn't
108 108 belong to a trusted user or to a trusted group. See
109 109 :hg:`help config.trusted` for more details.
110 110
111 111 Per-user configuration file(s) are for the user running Mercurial. Options
112 112 in these files apply to all Mercurial commands executed by this user in any
113 113 directory. Options in these files override per-system and per-installation
114 114 options.
115 115
116 116 Per-installation configuration files are searched for in the
117 117 directory where Mercurial is installed. ``<install-root>`` is the
118 118 parent directory of the **hg** executable (or symlink) being run.
119 119
120 120 .. container:: unix.plan9
121 121
122 122 For example, if installed in ``/shared/tools/bin/hg``, Mercurial
123 123 will look in ``/shared/tools/etc/mercurial/hgrc``. Options in these
124 124 files apply to all Mercurial commands executed by any user in any
125 125 directory.
126 126
127 127 Per-installation configuration files are for the system on
128 128 which Mercurial is running. Options in these files apply to all
129 129 Mercurial commands executed by any user in any directory. Registry
130 130 keys contain PATH-like strings, every part of which must reference
131 131 a ``Mercurial.ini`` file or be a directory where ``*.rc`` files will
132 132 be read. Mercurial checks each of these locations in the specified
133 133 order until one or more configuration files are detected.
134 134
135 135 Per-system configuration files are for the system on which Mercurial
136 136 is running. Options in these files apply to all Mercurial commands
137 137 executed by any user in any directory. Options in these files
138 138 override per-installation options.
139 139
140 140 Mercurial comes with some default configuration. The default configuration
141 141 files are installed with Mercurial and will be overwritten on upgrades. Default
142 142 configuration files should never be edited by users or administrators but can
143 143 be overridden in other configuration files. So far the directory only contains
144 144 merge tool configuration but packagers can also put other default configuration
145 145 there.
146 146
147 147 Syntax
148 148 ======
149 149
150 150 A configuration file consists of sections, led by a ``[section]`` header
151 151 and followed by ``name = value`` entries (sometimes called
152 152 ``configuration keys``)::
153 153
154 154 [spam]
155 155 eggs=ham
156 156 green=
157 157 eggs
158 158
159 159 Each line contains one entry. If the lines that follow are indented,
160 160 they are treated as continuations of that entry. Leading whitespace is
161 161 removed from values. Empty lines are skipped. Lines beginning with
162 162 ``#`` or ``;`` are ignored and may be used to provide comments.
163 163
164 164 Configuration keys can be set multiple times, in which case Mercurial
165 165 will use the value that was configured last. As an example::
166 166
167 167 [spam]
168 168 eggs=large
169 169 ham=serrano
170 170 eggs=small
171 171
172 172 This would set the configuration key named ``eggs`` to ``small``.
173 173
174 174 It is also possible to define a section multiple times. A section can
175 175 be redefined on the same and/or on different configuration files. For
176 176 example::
177 177
178 178 [foo]
179 179 eggs=large
180 180 ham=serrano
181 181 eggs=small
182 182
183 183 [bar]
184 184 eggs=ham
185 185 green=
186 186 eggs
187 187
188 188 [foo]
189 189 ham=prosciutto
190 190 eggs=medium
191 191 bread=toasted
192 192
193 193 This would set the ``eggs``, ``ham``, and ``bread`` configuration keys
194 194 of the ``foo`` section to ``medium``, ``prosciutto``, and ``toasted``,
195 195 respectively. As you can see there only thing that matters is the last
196 196 value that was set for each of the configuration keys.
197 197
198 198 If a configuration key is set multiple times in different
199 199 configuration files the final value will depend on the order in which
200 200 the different configuration files are read, with settings from earlier
201 201 paths overriding later ones as described on the ``Files`` section
202 202 above.
203 203
204 204 A line of the form ``%include file`` will include ``file`` into the
205 205 current configuration file. The inclusion is recursive, which means
206 206 that included files can include other files. Filenames are relative to
207 207 the configuration file in which the ``%include`` directive is found.
208 208 Environment variables and ``~user`` constructs are expanded in
209 209 ``file``. This lets you do something like::
210 210
211 211 %include ~/.hgrc.d/$HOST.rc
212 212
213 213 to include a different configuration file on each computer you use.
214 214
215 215 A line with ``%unset name`` will remove ``name`` from the current
216 216 section, if it has been set previously.
217 217
218 218 The values are either free-form text strings, lists of text strings,
219 219 or Boolean values. Boolean values can be set to true using any of "1",
220 220 "yes", "true", or "on" and to false using "0", "no", "false", or "off"
221 221 (all case insensitive).
222 222
223 223 List values are separated by whitespace or comma, except when values are
224 224 placed in double quotation marks::
225 225
226 226 allow_read = "John Doe, PhD", brian, betty
227 227
228 228 Quotation marks can be escaped by prefixing them with a backslash. Only
229 229 quotation marks at the beginning of a word is counted as a quotation
230 230 (e.g., ``foo"bar baz`` is the list of ``foo"bar`` and ``baz``).
231 231
232 232 Sections
233 233 ========
234 234
235 235 This section describes the different sections that may appear in a
236 236 Mercurial configuration file, the purpose of each section, its possible
237 237 keys, and their possible values.
238 238
239 239 ``alias``
240 240 ---------
241 241
242 242 Defines command aliases.
243 243
244 244 Aliases allow you to define your own commands in terms of other
245 245 commands (or aliases), optionally including arguments. Positional
246 246 arguments in the form of ``$1``, ``$2``, etc. in the alias definition
247 247 are expanded by Mercurial before execution. Positional arguments not
248 248 already used by ``$N`` in the definition are put at the end of the
249 249 command to be executed.
250 250
251 251 Alias definitions consist of lines of the form::
252 252
253 253 <alias> = <command> [<argument>]...
254 254
255 255 For example, this definition::
256 256
257 257 latest = log --limit 5
258 258
259 259 creates a new command ``latest`` that shows only the five most recent
260 260 changesets. You can define subsequent aliases using earlier ones::
261 261
262 262 stable5 = latest -b stable
263 263
264 264 .. note::
265 265
266 266 It is possible to create aliases with the same names as
267 267 existing commands, which will then override the original
268 268 definitions. This is almost always a bad idea!
269 269
270 270 An alias can start with an exclamation point (``!``) to make it a
271 271 shell alias. A shell alias is executed with the shell and will let you
272 272 run arbitrary commands. As an example, ::
273 273
274 274 echo = !echo $@
275 275
276 276 will let you do ``hg echo foo`` to have ``foo`` printed in your
277 277 terminal. A better example might be::
278 278
279 279 purge = !$HG status --no-status --unknown -0 re: | xargs -0 rm
280 280
281 281 which will make ``hg purge`` delete all unknown files in the
282 282 repository in the same manner as the purge extension.
283 283
284 284 Positional arguments like ``$1``, ``$2``, etc. in the alias definition
285 285 expand to the command arguments. Unmatched arguments are
286 286 removed. ``$0`` expands to the alias name and ``$@`` expands to all
287 287 arguments separated by a space. ``"$@"`` (with quotes) expands to all
288 288 arguments quoted individually and separated by a space. These expansions
289 289 happen before the command is passed to the shell.
290 290
291 291 Shell aliases are executed in an environment where ``$HG`` expands to
292 292 the path of the Mercurial that was used to execute the alias. This is
293 293 useful when you want to call further Mercurial commands in a shell
294 294 alias, as was done above for the purge alias. In addition,
295 295 ``$HG_ARGS`` expands to the arguments given to Mercurial. In the ``hg
296 296 echo foo`` call above, ``$HG_ARGS`` would expand to ``echo foo``.
297 297
298 298 .. note::
299 299
300 300 Some global configuration options such as ``-R`` are
301 301 processed before shell aliases and will thus not be passed to
302 302 aliases.
303 303
304 304
305 305 ``annotate``
306 306 ------------
307 307
308 308 Settings used when displaying file annotations. All values are
309 309 Booleans and default to False. See :hg:`help config.diff` for
310 310 related options for the diff command.
311 311
312 312 ``ignorews``
313 313 Ignore white space when comparing lines.
314 314
315 315 ``ignorewsamount``
316 316 Ignore changes in the amount of white space.
317 317
318 318 ``ignoreblanklines``
319 319 Ignore changes whose lines are all blank.
320 320
321 321
322 322 ``auth``
323 323 --------
324 324
325 325 Authentication credentials for HTTP authentication. This section
326 326 allows you to store usernames and passwords for use when logging
327 327 *into* HTTP servers. See :hg:`help config.web` if
328 328 you want to configure *who* can login to your HTTP server.
329 329
330 330 Each line has the following format::
331 331
332 332 <name>.<argument> = <value>
333 333
334 334 where ``<name>`` is used to group arguments into authentication
335 335 entries. Example::
336 336
337 337 foo.prefix = hg.intevation.de/mercurial
338 338 foo.username = foo
339 339 foo.password = bar
340 340 foo.schemes = http https
341 341
342 342 bar.prefix = secure.example.org
343 343 bar.key = path/to/file.key
344 344 bar.cert = path/to/file.cert
345 345 bar.schemes = https
346 346
347 347 Supported arguments:
348 348
349 349 ``prefix``
350 350 Either ``*`` or a URI prefix with or without the scheme part.
351 351 The authentication entry with the longest matching prefix is used
352 352 (where ``*`` matches everything and counts as a match of length
353 353 1). If the prefix doesn't include a scheme, the match is performed
354 354 against the URI with its scheme stripped as well, and the schemes
355 355 argument, q.v., is then subsequently consulted.
356 356
357 357 ``username``
358 358 Optional. Username to authenticate with. If not given, and the
359 359 remote site requires basic or digest authentication, the user will
360 360 be prompted for it. Environment variables are expanded in the
361 361 username letting you do ``foo.username = $USER``. If the URI
362 362 includes a username, only ``[auth]`` entries with a matching
363 363 username or without a username will be considered.
364 364
365 365 ``password``
366 366 Optional. Password to authenticate with. If not given, and the
367 367 remote site requires basic or digest authentication, the user
368 368 will be prompted for it.
369 369
370 370 ``key``
371 371 Optional. PEM encoded client certificate key file. Environment
372 372 variables are expanded in the filename.
373 373
374 374 ``cert``
375 375 Optional. PEM encoded client certificate chain file. Environment
376 376 variables are expanded in the filename.
377 377
378 378 ``schemes``
379 379 Optional. Space separated list of URI schemes to use this
380 380 authentication entry with. Only used if the prefix doesn't include
381 381 a scheme. Supported schemes are http and https. They will match
382 382 static-http and static-https respectively, as well.
383 383 (default: https)
384 384
385 385 If no suitable authentication entry is found, the user is prompted
386 386 for credentials as usual if required by the remote.
387 387
388 388
389 389 ``committemplate``
390 390 ------------------
391 391
392 392 ``changeset``
393 393 String: configuration in this section is used as the template to
394 394 customize the text shown in the editor when committing.
395 395
396 396 In addition to pre-defined template keywords, commit log specific one
397 397 below can be used for customization:
398 398
399 399 ``extramsg``
400 400 String: Extra message (typically 'Leave message empty to abort
401 401 commit.'). This may be changed by some commands or extensions.
402 402
403 403 For example, the template configuration below shows as same text as
404 404 one shown by default::
405 405
406 406 [committemplate]
407 407 changeset = {desc}\n\n
408 408 HG: Enter commit message. Lines beginning with 'HG:' are removed.
409 409 HG: {extramsg}
410 410 HG: --
411 411 HG: user: {author}\n{ifeq(p2rev, "-1", "",
412 412 "HG: branch merge\n")
413 413 }HG: branch '{branch}'\n{if(activebookmark,
414 414 "HG: bookmark '{activebookmark}'\n") }{subrepos %
415 415 "HG: subrepo {subrepo}\n" }{file_adds %
416 416 "HG: added {file}\n" }{file_mods %
417 417 "HG: changed {file}\n" }{file_dels %
418 418 "HG: removed {file}\n" }{if(files, "",
419 419 "HG: no files changed\n")}
420 420
421 421 .. note::
422 422
423 423 For some problematic encodings (see :hg:`help win32mbcs` for
424 424 detail), this customization should be configured carefully, to
425 425 avoid showing broken characters.
426 426
427 427 For example, if a multibyte character ending with backslash (0x5c) is
428 428 followed by the ASCII character 'n' in the customized template,
429 429 the sequence of backslash and 'n' is treated as line-feed unexpectedly
430 430 (and the multibyte character is broken, too).
431 431
432 432 Customized template is used for commands below (``--edit`` may be
433 433 required):
434 434
435 435 - :hg:`backout`
436 436 - :hg:`commit`
437 437 - :hg:`fetch` (for merge commit only)
438 438 - :hg:`graft`
439 439 - :hg:`histedit`
440 440 - :hg:`import`
441 441 - :hg:`qfold`, :hg:`qnew` and :hg:`qrefresh`
442 442 - :hg:`rebase`
443 443 - :hg:`shelve`
444 444 - :hg:`sign`
445 445 - :hg:`tag`
446 446 - :hg:`transplant`
447 447
448 448 Configuring items below instead of ``changeset`` allows showing
449 449 customized message only for specific actions, or showing different
450 450 messages for each action.
451 451
452 452 - ``changeset.backout`` for :hg:`backout`
453 453 - ``changeset.commit.amend.merge`` for :hg:`commit --amend` on merges
454 454 - ``changeset.commit.amend.normal`` for :hg:`commit --amend` on other
455 455 - ``changeset.commit.normal.merge`` for :hg:`commit` on merges
456 456 - ``changeset.commit.normal.normal`` for :hg:`commit` on other
457 457 - ``changeset.fetch`` for :hg:`fetch` (impling merge commit)
458 458 - ``changeset.gpg.sign`` for :hg:`sign`
459 459 - ``changeset.graft`` for :hg:`graft`
460 460 - ``changeset.histedit.edit`` for ``edit`` of :hg:`histedit`
461 461 - ``changeset.histedit.fold`` for ``fold`` of :hg:`histedit`
462 462 - ``changeset.histedit.mess`` for ``mess`` of :hg:`histedit`
463 463 - ``changeset.histedit.pick`` for ``pick`` of :hg:`histedit`
464 464 - ``changeset.import.bypass`` for :hg:`import --bypass`
465 465 - ``changeset.import.normal.merge`` for :hg:`import` on merges
466 466 - ``changeset.import.normal.normal`` for :hg:`import` on other
467 467 - ``changeset.mq.qnew`` for :hg:`qnew`
468 468 - ``changeset.mq.qfold`` for :hg:`qfold`
469 469 - ``changeset.mq.qrefresh`` for :hg:`qrefresh`
470 470 - ``changeset.rebase.collapse`` for :hg:`rebase --collapse`
471 471 - ``changeset.rebase.merge`` for :hg:`rebase` on merges
472 472 - ``changeset.rebase.normal`` for :hg:`rebase` on other
473 473 - ``changeset.shelve.shelve`` for :hg:`shelve`
474 474 - ``changeset.tag.add`` for :hg:`tag` without ``--remove``
475 475 - ``changeset.tag.remove`` for :hg:`tag --remove`
476 476 - ``changeset.transplant.merge`` for :hg:`transplant` on merges
477 477 - ``changeset.transplant.normal`` for :hg:`transplant` on other
478 478
479 479 These dot-separated lists of names are treated as hierarchical ones.
480 480 For example, ``changeset.tag.remove`` customizes the commit message
481 481 only for :hg:`tag --remove`, but ``changeset.tag`` customizes the
482 482 commit message for :hg:`tag` regardless of ``--remove`` option.
483 483
484 484 When the external editor is invoked for a commit, the corresponding
485 485 dot-separated list of names without the ``changeset.`` prefix
486 486 (e.g. ``commit.normal.normal``) is in the ``HGEDITFORM`` environment
487 487 variable.
488 488
489 489 In this section, items other than ``changeset`` can be referred from
490 490 others. For example, the configuration to list committed files up
491 491 below can be referred as ``{listupfiles}``::
492 492
493 493 [committemplate]
494 494 listupfiles = {file_adds %
495 495 "HG: added {file}\n" }{file_mods %
496 496 "HG: changed {file}\n" }{file_dels %
497 497 "HG: removed {file}\n" }{if(files, "",
498 498 "HG: no files changed\n")}
499 499
500 500 ``decode/encode``
501 501 -----------------
502 502
503 503 Filters for transforming files on checkout/checkin. This would
504 504 typically be used for newline processing or other
505 505 localization/canonicalization of files.
506 506
507 507 Filters consist of a filter pattern followed by a filter command.
508 508 Filter patterns are globs by default, rooted at the repository root.
509 509 For example, to match any file ending in ``.txt`` in the root
510 510 directory only, use the pattern ``*.txt``. To match any file ending
511 511 in ``.c`` anywhere in the repository, use the pattern ``**.c``.
512 512 For each file only the first matching filter applies.
513 513
514 514 The filter command can start with a specifier, either ``pipe:`` or
515 515 ``tempfile:``. If no specifier is given, ``pipe:`` is used by default.
516 516
517 517 A ``pipe:`` command must accept data on stdin and return the transformed
518 518 data on stdout.
519 519
520 520 Pipe example::
521 521
522 522 [encode]
523 523 # uncompress gzip files on checkin to improve delta compression
524 524 # note: not necessarily a good idea, just an example
525 525 *.gz = pipe: gunzip
526 526
527 527 [decode]
528 528 # recompress gzip files when writing them to the working dir (we
529 529 # can safely omit "pipe:", because it's the default)
530 530 *.gz = gzip
531 531
532 532 A ``tempfile:`` command is a template. The string ``INFILE`` is replaced
533 533 with the name of a temporary file that contains the data to be
534 534 filtered by the command. The string ``OUTFILE`` is replaced with the name
535 535 of an empty temporary file, where the filtered data must be written by
536 536 the command.
537 537
538 538 .. container:: windows
539 539
540 540 .. note::
541 541
542 542 The tempfile mechanism is recommended for Windows systems,
543 543 where the standard shell I/O redirection operators often have
544 544 strange effects and may corrupt the contents of your files.
545 545
546 546 This filter mechanism is used internally by the ``eol`` extension to
547 547 translate line ending characters between Windows (CRLF) and Unix (LF)
548 548 format. We suggest you use the ``eol`` extension for convenience.
549 549
550 550
551 551 ``defaults``
552 552 ------------
553 553
554 554 (defaults are deprecated. Don't use them. Use aliases instead.)
555 555
556 556 Use the ``[defaults]`` section to define command defaults, i.e. the
557 557 default options/arguments to pass to the specified commands.
558 558
559 559 The following example makes :hg:`log` run in verbose mode, and
560 560 :hg:`status` show only the modified files, by default::
561 561
562 562 [defaults]
563 563 log = -v
564 564 status = -m
565 565
566 566 The actual commands, instead of their aliases, must be used when
567 567 defining command defaults. The command defaults will also be applied
568 568 to the aliases of the commands defined.
569 569
570 570
571 571 ``diff``
572 572 --------
573 573
574 574 Settings used when displaying diffs. Everything except for ``unified``
575 575 is a Boolean and defaults to False. See :hg:`help config.annotate`
576 576 for related options for the annotate command.
577 577
578 578 ``git``
579 579 Use git extended diff format.
580 580
581 581 ``nobinary``
582 582 Omit git binary patches.
583 583
584 584 ``nodates``
585 585 Don't include dates in diff headers.
586 586
587 587 ``noprefix``
588 588 Omit 'a/' and 'b/' prefixes from filenames. Ignored in plain mode.
589 589
590 590 ``showfunc``
591 591 Show which function each change is in.
592 592
593 593 ``ignorews``
594 594 Ignore white space when comparing lines.
595 595
596 596 ``ignorewsamount``
597 597 Ignore changes in the amount of white space.
598 598
599 599 ``ignoreblanklines``
600 600 Ignore changes whose lines are all blank.
601 601
602 602 ``unified``
603 603 Number of lines of context to show.
604 604
605 605 ``email``
606 606 ---------
607 607
608 608 Settings for extensions that send email messages.
609 609
610 610 ``from``
611 611 Optional. Email address to use in "From" header and SMTP envelope
612 612 of outgoing messages.
613 613
614 614 ``to``
615 615 Optional. Comma-separated list of recipients' email addresses.
616 616
617 617 ``cc``
618 618 Optional. Comma-separated list of carbon copy recipients'
619 619 email addresses.
620 620
621 621 ``bcc``
622 622 Optional. Comma-separated list of blind carbon copy recipients'
623 623 email addresses.
624 624
625 625 ``method``
626 626 Optional. Method to use to send email messages. If value is ``smtp``
627 627 (default), use SMTP (see the ``[smtp]`` section for configuration).
628 628 Otherwise, use as name of program to run that acts like sendmail
629 629 (takes ``-f`` option for sender, list of recipients on command line,
630 630 message on stdin). Normally, setting this to ``sendmail`` or
631 631 ``/usr/sbin/sendmail`` is enough to use sendmail to send messages.
632 632
633 633 ``charsets``
634 634 Optional. Comma-separated list of character sets considered
635 635 convenient for recipients. Addresses, headers, and parts not
636 636 containing patches of outgoing messages will be encoded in the
637 637 first character set to which conversion from local encoding
638 638 (``$HGENCODING``, ``ui.fallbackencoding``) succeeds. If correct
639 639 conversion fails, the text in question is sent as is.
640 640 (default: '')
641 641
642 642 Order of outgoing email character sets:
643 643
644 644 1. ``us-ascii``: always first, regardless of settings
645 645 2. ``email.charsets``: in order given by user
646 646 3. ``ui.fallbackencoding``: if not in email.charsets
647 647 4. ``$HGENCODING``: if not in email.charsets
648 648 5. ``utf-8``: always last, regardless of settings
649 649
650 650 Email example::
651 651
652 652 [email]
653 653 from = Joseph User <joe.user@example.com>
654 654 method = /usr/sbin/sendmail
655 655 # charsets for western Europeans
656 656 # us-ascii, utf-8 omitted, as they are tried first and last
657 657 charsets = iso-8859-1, iso-8859-15, windows-1252
658 658
659 659
660 660 ``extensions``
661 661 --------------
662 662
663 663 Mercurial has an extension mechanism for adding new features. To
664 664 enable an extension, create an entry for it in this section.
665 665
666 666 If you know that the extension is already in Python's search path,
667 667 you can give the name of the module, followed by ``=``, with nothing
668 668 after the ``=``.
669 669
670 670 Otherwise, give a name that you choose, followed by ``=``, followed by
671 671 the path to the ``.py`` file (including the file name extension) that
672 672 defines the extension.
673 673
674 674 To explicitly disable an extension that is enabled in an hgrc of
675 675 broader scope, prepend its path with ``!``, as in ``foo = !/ext/path``
676 676 or ``foo = !`` when path is not supplied.
677 677
678 678 Example for ``~/.hgrc``::
679 679
680 680 [extensions]
681 681 # (the color extension will get loaded from Mercurial's path)
682 682 color =
683 683 # (this extension will get loaded from the file specified)
684 684 myfeature = ~/.hgext/myfeature.py
685 685
686 686
687 687 ``format``
688 688 ----------
689 689
690 690 ``usegeneraldelta``
691 691 Enable or disable the "generaldelta" repository format which improves
692 692 repository compression by allowing "revlog" to store delta against arbitrary
693 693 revision instead of the previous stored one. This provides significant
694 694 improvement for repositories with branches.
695 695
696 696 Repositories with this on-disk format require Mercurial version 1.9.
697 697
698 698 Enabled by default.
699 699
700 700 ``dotencode``
701 701 Enable or disable the "dotencode" repository format which enhances
702 702 the "fncache" repository format (which has to be enabled to use
703 703 dotencode) to avoid issues with filenames starting with ._ on
704 704 Mac OS X and spaces on Windows.
705 705
706 706 Repositories with this on-disk format require Mercurial version 1.7.
707 707
708 708 Enabled by default.
709 709
710 710 ``usefncache``
711 711 Enable or disable the "fncache" repository format which enhances
712 712 the "store" repository format (which has to be enabled to use
713 713 fncache) to allow longer filenames and avoids using Windows
714 714 reserved names, e.g. "nul".
715 715
716 716 Repositories with this on-disk format require Mercurial version 1.1.
717 717
718 718 Enabled by default.
719 719
720 720 ``usestore``
721 721 Enable or disable the "store" repository format which improves
722 722 compatibility with systems that fold case or otherwise mangle
723 723 filenames. Disabling this option will allow you to store longer filenames
724 724 in some situations at the expense of compatibility.
725 725
726 726 Repositories with this on-disk format require Mercurial version 0.9.4.
727 727
728 728 Enabled by default.
729 729
730 730 ``graph``
731 731 ---------
732 732
733 733 Web graph view configuration. This section let you change graph
734 734 elements display properties by branches, for instance to make the
735 735 ``default`` branch stand out.
736 736
737 737 Each line has the following format::
738 738
739 739 <branch>.<argument> = <value>
740 740
741 741 where ``<branch>`` is the name of the branch being
742 742 customized. Example::
743 743
744 744 [graph]
745 745 # 2px width
746 746 default.width = 2
747 747 # red color
748 748 default.color = FF0000
749 749
750 750 Supported arguments:
751 751
752 752 ``width``
753 753 Set branch edges width in pixels.
754 754
755 755 ``color``
756 756 Set branch edges color in hexadecimal RGB notation.
757 757
758 758 ``hooks``
759 759 ---------
760 760
761 761 Commands or Python functions that get automatically executed by
762 762 various actions such as starting or finishing a commit. Multiple
763 763 hooks can be run for the same action by appending a suffix to the
764 764 action. Overriding a site-wide hook can be done by changing its
765 765 value or setting it to an empty string. Hooks can be prioritized
766 766 by adding a prefix of ``priority.`` to the hook name on a new line
767 767 and setting the priority. The default priority is 0.
768 768
769 769 Example ``.hg/hgrc``::
770 770
771 771 [hooks]
772 772 # update working directory after adding changesets
773 773 changegroup.update = hg update
774 774 # do not use the site-wide hook
775 775 incoming =
776 776 incoming.email = /my/email/hook
777 777 incoming.autobuild = /my/build/hook
778 778 # force autobuild hook to run before other incoming hooks
779 779 priority.incoming.autobuild = 1
780 780
781 781 Most hooks are run with environment variables set that give useful
782 782 additional information. For each hook below, the environment
783 783 variables it is passed are listed with names of the form ``$HG_foo``.
784 784
785 785 ``changegroup``
786 786 Run after a changegroup has been added via push, pull or unbundle. ID of the
787 787 first new changeset is in ``$HG_NODE`` and last in ``$HG_NODE_LAST``. URL
788 788 from which changes came is in ``$HG_URL``.
789 789
790 790 ``commit``
791 791 Run after a changeset has been created in the local repository. ID
792 792 of the newly created changeset is in ``$HG_NODE``. Parent changeset
793 793 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
794 794
795 795 ``incoming``
796 796 Run after a changeset has been pulled, pushed, or unbundled into
797 797 the local repository. The ID of the newly arrived changeset is in
798 798 ``$HG_NODE``. URL that was source of changes came is in ``$HG_URL``.
799 799
800 800 ``outgoing``
801 801 Run after sending changes from local repository to another. ID of
802 802 first changeset sent is in ``$HG_NODE``. Source of operation is in
803 803 ``$HG_SOURCE``; Also see :hg:`help config.hooks.preoutgoing` hook.
804 804
805 805 ``post-<command>``
806 806 Run after successful invocations of the associated command. The
807 807 contents of the command line are passed as ``$HG_ARGS`` and the result
808 808 code in ``$HG_RESULT``. Parsed command line arguments are passed as
809 809 ``$HG_PATS`` and ``$HG_OPTS``. These contain string representations of
810 810 the python data internally passed to <command>. ``$HG_OPTS`` is a
811 811 dictionary of options (with unspecified options set to their defaults).
812 812 ``$HG_PATS`` is a list of arguments. Hook failure is ignored.
813 813
814 814 ``fail-<command>``
815 815 Run after a failed invocation of an associated command. The contents
816 816 of the command line are passed as ``$HG_ARGS``. Parsed command line
817 817 arguments are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain
818 818 string representations of the python data internally passed to
819 819 <command>. ``$HG_OPTS`` is a dictionary of options (with unspecified
820 820 options set to their defaults). ``$HG_PATS`` is a list of arguments.
821 821 Hook failure is ignored.
822 822
823 823 ``pre-<command>``
824 824 Run before executing the associated command. The contents of the
825 825 command line are passed as ``$HG_ARGS``. Parsed command line arguments
826 826 are passed as ``$HG_PATS`` and ``$HG_OPTS``. These contain string
827 827 representations of the data internally passed to <command>. ``$HG_OPTS``
828 828 is a dictionary of options (with unspecified options set to their
829 829 defaults). ``$HG_PATS`` is a list of arguments. If the hook returns
830 830 failure, the command doesn't execute and Mercurial returns the failure
831 831 code.
832 832
833 833 ``prechangegroup``
834 834 Run before a changegroup is added via push, pull or unbundle. Exit
835 835 status 0 allows the changegroup to proceed. Non-zero status will
836 836 cause the push, pull or unbundle to fail. URL from which changes
837 837 will come is in ``$HG_URL``.
838 838
839 839 ``precommit``
840 840 Run before starting a local commit. Exit status 0 allows the
841 841 commit to proceed. Non-zero status will cause the commit to fail.
842 842 Parent changeset IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
843 843
844 844 ``prelistkeys``
845 845 Run before listing pushkeys (like bookmarks) in the
846 846 repository. Non-zero status will cause failure. The key namespace is
847 847 in ``$HG_NAMESPACE``.
848 848
849 849 ``preoutgoing``
850 850 Run before collecting changes to send from the local repository to
851 851 another. Non-zero status will cause failure. This lets you prevent
852 852 pull over HTTP or SSH. Also prevents against local pull, push
853 853 (outbound) or bundle commands, but not effective, since you can
854 854 just copy files instead then. Source of operation is in
855 855 ``$HG_SOURCE``. If "serve", operation is happening on behalf of remote
856 856 SSH or HTTP repository. If "push", "pull" or "bundle", operation
857 857 is happening on behalf of repository on same system.
858 858
859 859 ``prepushkey``
860 860 Run before a pushkey (like a bookmark) is added to the
861 861 repository. Non-zero status will cause the key to be rejected. The
862 862 key namespace is in ``$HG_NAMESPACE``, the key is in ``$HG_KEY``,
863 863 the old value (if any) is in ``$HG_OLD``, and the new value is in
864 864 ``$HG_NEW``.
865 865
866 866 ``pretag``
867 867 Run before creating a tag. Exit status 0 allows the tag to be
868 868 created. Non-zero status will cause the tag to fail. ID of
869 869 changeset to tag is in ``$HG_NODE``. Name of tag is in ``$HG_TAG``. Tag is
870 870 local if ``$HG_LOCAL=1``, in repository if ``$HG_LOCAL=0``.
871 871
872 872 ``pretxnopen``
873 873 Run before any new repository transaction is open. The reason for the
874 874 transaction will be in ``$HG_TXNNAME`` and a unique identifier for the
875 875 transaction will be in ``HG_TXNID``. A non-zero status will prevent the
876 876 transaction from being opened.
877 877
878 878 ``pretxnclose``
879 879 Run right before the transaction is actually finalized. Any repository change
880 880 will be visible to the hook program. This lets you validate the transaction
881 881 content or change it. Exit status 0 allows the commit to proceed. Non-zero
882 882 status will cause the transaction to be rolled back. The reason for the
883 883 transaction opening will be in ``$HG_TXNNAME`` and a unique identifier for
884 884 the transaction will be in ``HG_TXNID``. The rest of the available data will
885 885 vary according the transaction type. New changesets will add ``$HG_NODE`` (id
886 886 of the first added changeset), ``$HG_NODE_LAST`` (id of the last added
887 887 changeset), ``$HG_URL`` and ``$HG_SOURCE`` variables, bookmarks and phases
888 888 changes will set ``HG_BOOKMARK_MOVED`` and ``HG_PHASES_MOVED`` to ``1``, etc.
889 889
890 890 ``txnclose``
891 891 Run after any repository transaction has been committed. At this
892 892 point, the transaction can no longer be rolled back. The hook will run
893 893 after the lock is released. See :hg:`help config.hooks.pretxnclose` docs for
894 894 details about available variables.
895 895
896 896 ``txnabort``
897 897 Run when a transaction is aborted. See :hg:`help config.hooks.pretxnclose`
898 898 docs for details about available variables.
899 899
900 900 ``pretxnchangegroup``
901 901 Run after a changegroup has been added via push, pull or unbundle, but before
902 902 the transaction has been committed. Changegroup is visible to hook program.
903 903 This lets you validate incoming changes before accepting them. Passed the ID
904 904 of the first new changeset in ``$HG_NODE`` and last in ``$HG_NODE_LAST``.
905 905 Exit status 0 allows the transaction to commit. Non-zero status will cause
906 906 the transaction to be rolled back and the push, pull or unbundle will fail.
907 907 URL that was source of changes is in ``$HG_URL``.
908 908
909 909 ``pretxncommit``
910 910 Run after a changeset has been created but the transaction not yet
911 911 committed. Changeset is visible to hook program. This lets you
912 912 validate commit message and changes. Exit status 0 allows the
913 913 commit to proceed. Non-zero status will cause the transaction to
914 914 be rolled back. ID of changeset is in ``$HG_NODE``. Parent changeset
915 915 IDs are in ``$HG_PARENT1`` and ``$HG_PARENT2``.
916 916
917 917 ``preupdate``
918 918 Run before updating the working directory. Exit status 0 allows
919 919 the update to proceed. Non-zero status will prevent the update.
920 920 Changeset ID of first new parent is in ``$HG_PARENT1``. If merge, ID
921 921 of second new parent is in ``$HG_PARENT2``.
922 922
923 923 ``listkeys``
924 924 Run after listing pushkeys (like bookmarks) in the repository. The
925 925 key namespace is in ``$HG_NAMESPACE``. ``$HG_VALUES`` is a
926 926 dictionary containing the keys and values.
927 927
928 928 ``pushkey``
929 929 Run after a pushkey (like a bookmark) is added to the
930 930 repository. The key namespace is in ``$HG_NAMESPACE``, the key is in
931 931 ``$HG_KEY``, the old value (if any) is in ``$HG_OLD``, and the new
932 932 value is in ``$HG_NEW``.
933 933
934 934 ``tag``
935 935 Run after a tag is created. ID of tagged changeset is in ``$HG_NODE``.
936 936 Name of tag is in ``$HG_TAG``. Tag is local if ``$HG_LOCAL=1``, in
937 937 repository if ``$HG_LOCAL=0``.
938 938
939 939 ``update``
940 940 Run after updating the working directory. Changeset ID of first
941 941 new parent is in ``$HG_PARENT1``. If merge, ID of second new parent is
942 942 in ``$HG_PARENT2``. If the update succeeded, ``$HG_ERROR=0``. If the
943 943 update failed (e.g. because conflicts not resolved), ``$HG_ERROR=1``.
944 944
945 945 .. note::
946 946
947 947 It is generally better to use standard hooks rather than the
948 948 generic pre- and post- command hooks as they are guaranteed to be
949 949 called in the appropriate contexts for influencing transactions.
950 950 Also, hooks like "commit" will be called in all contexts that
951 951 generate a commit (e.g. tag) and not just the commit command.
952 952
953 953 .. note::
954 954
955 955 Environment variables with empty values may not be passed to
956 956 hooks on platforms such as Windows. As an example, ``$HG_PARENT2``
957 957 will have an empty value under Unix-like platforms for non-merge
958 958 changesets, while it will not be available at all under Windows.
959 959
960 960 The syntax for Python hooks is as follows::
961 961
962 962 hookname = python:modulename.submodule.callable
963 963 hookname = python:/path/to/python/module.py:callable
964 964
965 965 Python hooks are run within the Mercurial process. Each hook is
966 966 called with at least three keyword arguments: a ui object (keyword
967 967 ``ui``), a repository object (keyword ``repo``), and a ``hooktype``
968 968 keyword that tells what kind of hook is used. Arguments listed as
969 969 environment variables above are passed as keyword arguments, with no
970 970 ``HG_`` prefix, and names in lower case.
971 971
972 972 If a Python hook returns a "true" value or raises an exception, this
973 973 is treated as a failure.
974 974
975 975
976 976 ``hostfingerprints``
977 977 --------------------
978 978
979 979 (Deprecated. Use ``[hostsecurity]``'s ``fingerprints`` options instead.)
980 980
981 981 Fingerprints of the certificates of known HTTPS servers.
982 982
983 983 A HTTPS connection to a server with a fingerprint configured here will
984 984 only succeed if the servers certificate matches the fingerprint.
985 985 This is very similar to how ssh known hosts works.
986 986
987 987 The fingerprint is the SHA-1 hash value of the DER encoded certificate.
988 988 Multiple values can be specified (separated by spaces or commas). This can
989 989 be used to define both old and new fingerprints while a host transitions
990 990 to a new certificate.
991 991
992 992 The CA chain and web.cacerts is not used for servers with a fingerprint.
993 993
994 994 For example::
995 995
996 996 [hostfingerprints]
997 997 hg.intevation.de = fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33
998 998 hg.intevation.org = fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33
999 999
1000 1000 ``hostsecurity``
1001 1001 ----------------
1002 1002
1003 1003 Used to specify global and per-host security settings for connecting to
1004 1004 other machines.
1005 1005
1006 1006 The following options control default behavior for all hosts.
1007 1007
1008 1008 ``minimumprotocol``
1009 1009 Defines the minimum channel encryption protocol to use.
1010 1010
1011 By default, the highest version of TLS - 1.0 or greater - supported by
1012 both client and server is used.
1013
1014 Allowed values are: ``tls1.0`` (the default), ``tls1.1``, ``tls1.2``.
1011 By default, the highest version of TLS supported by both client and server
1012 is used.
1013
1014 Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``.
1015
1016 When running on an old Python version, only ``tls1.0`` is allowed since
1017 old versions of Python only support up to TLS 1.0.
1018
1019 When running a Python that supports modern TLS versions, the default is
1020 ``tls1.1``. ``tls1.0`` can still be used to allow TLS 1.0. However, this
1021 weakens security and should only be used as a feature of last resort if
1022 a server does not support TLS 1.1+.
1015 1023
1016 1024 Options in the ``[hostsecurity]`` section can have the form
1017 1025 ``hostname``:``setting``. This allows multiple settings to be defined on a
1018 1026 per-host basis.
1019 1027
1020 1028 The following per-host settings can be defined.
1021 1029
1022 1030 ``fingerprints``
1023 1031 A list of hashes of the DER encoded peer/remote certificate. Values have
1024 1032 the form ``algorithm``:``fingerprint``. e.g.
1025 1033 ``sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2``.
1026 1034
1027 1035 The following algorithms/prefixes are supported: ``sha1``, ``sha256``,
1028 1036 ``sha512``.
1029 1037
1030 1038 Use of ``sha256`` or ``sha512`` is preferred.
1031 1039
1032 1040 If a fingerprint is specified, the CA chain is not validated for this
1033 1041 host and Mercurial will require the remote certificate to match one
1034 1042 of the fingerprints specified. This means if the server updates its
1035 1043 certificate, Mercurial will abort until a new fingerprint is defined.
1036 1044 This can provide stronger security than traditional CA-based validation
1037 1045 at the expense of convenience.
1038 1046
1039 1047 This option takes precedence over ``verifycertsfile``.
1040 1048
1041 1049 ``minimumprotocol``
1042 1050 This behaves like ``minimumprotocol`` as described above except it
1043 1051 only applies to the host on which it is defined.
1044 1052
1045 1053 ``verifycertsfile``
1046 1054 Path to file a containing a list of PEM encoded certificates used to
1047 1055 verify the server certificate. Environment variables and ``~user``
1048 1056 constructs are expanded in the filename.
1049 1057
1050 1058 The server certificate or the certificate's certificate authority (CA)
1051 1059 must match a certificate from this file or certificate verification
1052 1060 will fail and connections to the server will be refused.
1053 1061
1054 1062 If defined, only certificates provided by this file will be used:
1055 1063 ``web.cacerts`` and any system/default certificates will not be
1056 1064 used.
1057 1065
1058 1066 This option has no effect if the per-host ``fingerprints`` option
1059 1067 is set.
1060 1068
1061 1069 The format of the file is as follows:
1062 1070
1063 1071 -----BEGIN CERTIFICATE-----
1064 1072 ... (certificate in base64 PEM encoding) ...
1065 1073 -----END CERTIFICATE-----
1066 1074 -----BEGIN CERTIFICATE-----
1067 1075 ... (certificate in base64 PEM encoding) ...
1068 1076 -----END CERTIFICATE-----
1069 1077
1070 1078 For example::
1071 1079
1072 1080 [hostsecurity]
1073 1081 hg.example.com:fingerprints = sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2
1074 1082 hg2.example.com:fingerprints = sha1:914f1aff87249c09b6859b88b1906d30756491ca, sha1:fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33
1075 1083 foo.example.com:verifycertsfile = /etc/ssl/trusted-ca-certs.pem
1076 1084
1077 1085 To change the default minimum protocol version to TLS 1.2 but to allow TLS 1.1
1078 1086 when connecting to ``hg.example.com``::
1079 1087
1080 1088 [hostsecurity]
1081 1089 minimumprotocol = tls1.2
1082 1090 hg.example.com:minimumprotocol = tls1.1
1083 1091
1084 1092 ``http_proxy``
1085 1093 --------------
1086 1094
1087 1095 Used to access web-based Mercurial repositories through a HTTP
1088 1096 proxy.
1089 1097
1090 1098 ``host``
1091 1099 Host name and (optional) port of the proxy server, for example
1092 1100 "myproxy:8000".
1093 1101
1094 1102 ``no``
1095 1103 Optional. Comma-separated list of host names that should bypass
1096 1104 the proxy.
1097 1105
1098 1106 ``passwd``
1099 1107 Optional. Password to authenticate with at the proxy server.
1100 1108
1101 1109 ``user``
1102 1110 Optional. User name to authenticate with at the proxy server.
1103 1111
1104 1112 ``always``
1105 1113 Optional. Always use the proxy, even for localhost and any entries
1106 1114 in ``http_proxy.no``. (default: False)
1107 1115
1108 1116 ``merge``
1109 1117 ---------
1110 1118
1111 1119 This section specifies behavior during merges and updates.
1112 1120
1113 1121 ``checkignored``
1114 1122 Controls behavior when an ignored file on disk has the same name as a tracked
1115 1123 file in the changeset being merged or updated to, and has different
1116 1124 contents. Options are ``abort``, ``warn`` and ``ignore``. With ``abort``,
1117 1125 abort on such files. With ``warn``, warn on such files and back them up as
1118 1126 ``.orig``. With ``ignore``, don't print a warning and back them up as
1119 1127 ``.orig``. (default: ``abort``)
1120 1128
1121 1129 ``checkunknown``
1122 1130 Controls behavior when an unknown file that isn't ignored has the same name
1123 1131 as a tracked file in the changeset being merged or updated to, and has
1124 1132 different contents. Similar to ``merge.checkignored``, except for files that
1125 1133 are not ignored. (default: ``abort``)
1126 1134
1127 1135 ``merge-patterns``
1128 1136 ------------------
1129 1137
1130 1138 This section specifies merge tools to associate with particular file
1131 1139 patterns. Tools matched here will take precedence over the default
1132 1140 merge tool. Patterns are globs by default, rooted at the repository
1133 1141 root.
1134 1142
1135 1143 Example::
1136 1144
1137 1145 [merge-patterns]
1138 1146 **.c = kdiff3
1139 1147 **.jpg = myimgmerge
1140 1148
1141 1149 ``merge-tools``
1142 1150 ---------------
1143 1151
1144 1152 This section configures external merge tools to use for file-level
1145 1153 merges. This section has likely been preconfigured at install time.
1146 1154 Use :hg:`config merge-tools` to check the existing configuration.
1147 1155 Also see :hg:`help merge-tools` for more details.
1148 1156
1149 1157 Example ``~/.hgrc``::
1150 1158
1151 1159 [merge-tools]
1152 1160 # Override stock tool location
1153 1161 kdiff3.executable = ~/bin/kdiff3
1154 1162 # Specify command line
1155 1163 kdiff3.args = $base $local $other -o $output
1156 1164 # Give higher priority
1157 1165 kdiff3.priority = 1
1158 1166
1159 1167 # Changing the priority of preconfigured tool
1160 1168 meld.priority = 0
1161 1169
1162 1170 # Disable a preconfigured tool
1163 1171 vimdiff.disabled = yes
1164 1172
1165 1173 # Define new tool
1166 1174 myHtmlTool.args = -m $local $other $base $output
1167 1175 myHtmlTool.regkey = Software\FooSoftware\HtmlMerge
1168 1176 myHtmlTool.priority = 1
1169 1177
1170 1178 Supported arguments:
1171 1179
1172 1180 ``priority``
1173 1181 The priority in which to evaluate this tool.
1174 1182 (default: 0)
1175 1183
1176 1184 ``executable``
1177 1185 Either just the name of the executable or its pathname.
1178 1186
1179 1187 .. container:: windows
1180 1188
1181 1189 On Windows, the path can use environment variables with ${ProgramFiles}
1182 1190 syntax.
1183 1191
1184 1192 (default: the tool name)
1185 1193
1186 1194 ``args``
1187 1195 The arguments to pass to the tool executable. You can refer to the
1188 1196 files being merged as well as the output file through these
1189 1197 variables: ``$base``, ``$local``, ``$other``, ``$output``. The meaning
1190 1198 of ``$local`` and ``$other`` can vary depending on which action is being
1191 1199 performed. During and update or merge, ``$local`` represents the original
1192 1200 state of the file, while ``$other`` represents the commit you are updating
1193 1201 to or the commit you are merging with. During a rebase ``$local``
1194 1202 represents the destination of the rebase, and ``$other`` represents the
1195 1203 commit being rebased.
1196 1204 (default: ``$local $base $other``)
1197 1205
1198 1206 ``premerge``
1199 1207 Attempt to run internal non-interactive 3-way merge tool before
1200 1208 launching external tool. Options are ``true``, ``false``, ``keep`` or
1201 1209 ``keep-merge3``. The ``keep`` option will leave markers in the file if the
1202 1210 premerge fails. The ``keep-merge3`` will do the same but include information
1203 1211 about the base of the merge in the marker (see internal :merge3 in
1204 1212 :hg:`help merge-tools`).
1205 1213 (default: True)
1206 1214
1207 1215 ``binary``
1208 1216 This tool can merge binary files. (default: False, unless tool
1209 1217 was selected by file pattern match)
1210 1218
1211 1219 ``symlink``
1212 1220 This tool can merge symlinks. (default: False)
1213 1221
1214 1222 ``check``
1215 1223 A list of merge success-checking options:
1216 1224
1217 1225 ``changed``
1218 1226 Ask whether merge was successful when the merged file shows no changes.
1219 1227 ``conflicts``
1220 1228 Check whether there are conflicts even though the tool reported success.
1221 1229 ``prompt``
1222 1230 Always prompt for merge success, regardless of success reported by tool.
1223 1231
1224 1232 ``fixeol``
1225 1233 Attempt to fix up EOL changes caused by the merge tool.
1226 1234 (default: False)
1227 1235
1228 1236 ``gui``
1229 1237 This tool requires a graphical interface to run. (default: False)
1230 1238
1231 1239 .. container:: windows
1232 1240
1233 1241 ``regkey``
1234 1242 Windows registry key which describes install location of this
1235 1243 tool. Mercurial will search for this key first under
1236 1244 ``HKEY_CURRENT_USER`` and then under ``HKEY_LOCAL_MACHINE``.
1237 1245 (default: None)
1238 1246
1239 1247 ``regkeyalt``
1240 1248 An alternate Windows registry key to try if the first key is not
1241 1249 found. The alternate key uses the same ``regname`` and ``regappend``
1242 1250 semantics of the primary key. The most common use for this key
1243 1251 is to search for 32bit applications on 64bit operating systems.
1244 1252 (default: None)
1245 1253
1246 1254 ``regname``
1247 1255 Name of value to read from specified registry key.
1248 1256 (default: the unnamed (default) value)
1249 1257
1250 1258 ``regappend``
1251 1259 String to append to the value read from the registry, typically
1252 1260 the executable name of the tool.
1253 1261 (default: None)
1254 1262
1255 1263
1256 1264 ``patch``
1257 1265 ---------
1258 1266
1259 1267 Settings used when applying patches, for instance through the 'import'
1260 1268 command or with Mercurial Queues extension.
1261 1269
1262 1270 ``eol``
1263 1271 When set to 'strict' patch content and patched files end of lines
1264 1272 are preserved. When set to ``lf`` or ``crlf``, both files end of
1265 1273 lines are ignored when patching and the result line endings are
1266 1274 normalized to either LF (Unix) or CRLF (Windows). When set to
1267 1275 ``auto``, end of lines are again ignored while patching but line
1268 1276 endings in patched files are normalized to their original setting
1269 1277 on a per-file basis. If target file does not exist or has no end
1270 1278 of line, patch line endings are preserved.
1271 1279 (default: strict)
1272 1280
1273 1281 ``fuzz``
1274 1282 The number of lines of 'fuzz' to allow when applying patches. This
1275 1283 controls how much context the patcher is allowed to ignore when
1276 1284 trying to apply a patch.
1277 1285 (default: 2)
1278 1286
1279 1287 ``paths``
1280 1288 ---------
1281 1289
1282 1290 Assigns symbolic names and behavior to repositories.
1283 1291
1284 1292 Options are symbolic names defining the URL or directory that is the
1285 1293 location of the repository. Example::
1286 1294
1287 1295 [paths]
1288 1296 my_server = https://example.com/my_repo
1289 1297 local_path = /home/me/repo
1290 1298
1291 1299 These symbolic names can be used from the command line. To pull
1292 1300 from ``my_server``: :hg:`pull my_server`. To push to ``local_path``:
1293 1301 :hg:`push local_path`.
1294 1302
1295 1303 Options containing colons (``:``) denote sub-options that can influence
1296 1304 behavior for that specific path. Example::
1297 1305
1298 1306 [paths]
1299 1307 my_server = https://example.com/my_path
1300 1308 my_server:pushurl = ssh://example.com/my_path
1301 1309
1302 1310 The following sub-options can be defined:
1303 1311
1304 1312 ``pushurl``
1305 1313 The URL to use for push operations. If not defined, the location
1306 1314 defined by the path's main entry is used.
1307 1315
1308 1316 ``pushrev``
1309 1317 A revset defining which revisions to push by default.
1310 1318
1311 1319 When :hg:`push` is executed without a ``-r`` argument, the revset
1312 1320 defined by this sub-option is evaluated to determine what to push.
1313 1321
1314 1322 For example, a value of ``.`` will push the working directory's
1315 1323 revision by default.
1316 1324
1317 1325 Revsets specifying bookmarks will not result in the bookmark being
1318 1326 pushed.
1319 1327
1320 1328 The following special named paths exist:
1321 1329
1322 1330 ``default``
1323 1331 The URL or directory to use when no source or remote is specified.
1324 1332
1325 1333 :hg:`clone` will automatically define this path to the location the
1326 1334 repository was cloned from.
1327 1335
1328 1336 ``default-push``
1329 1337 (deprecated) The URL or directory for the default :hg:`push` location.
1330 1338 ``default:pushurl`` should be used instead.
1331 1339
1332 1340 ``phases``
1333 1341 ----------
1334 1342
1335 1343 Specifies default handling of phases. See :hg:`help phases` for more
1336 1344 information about working with phases.
1337 1345
1338 1346 ``publish``
1339 1347 Controls draft phase behavior when working as a server. When true,
1340 1348 pushed changesets are set to public in both client and server and
1341 1349 pulled or cloned changesets are set to public in the client.
1342 1350 (default: True)
1343 1351
1344 1352 ``new-commit``
1345 1353 Phase of newly-created commits.
1346 1354 (default: draft)
1347 1355
1348 1356 ``checksubrepos``
1349 1357 Check the phase of the current revision of each subrepository. Allowed
1350 1358 values are "ignore", "follow" and "abort". For settings other than
1351 1359 "ignore", the phase of the current revision of each subrepository is
1352 1360 checked before committing the parent repository. If any of those phases is
1353 1361 greater than the phase of the parent repository (e.g. if a subrepo is in a
1354 1362 "secret" phase while the parent repo is in "draft" phase), the commit is
1355 1363 either aborted (if checksubrepos is set to "abort") or the higher phase is
1356 1364 used for the parent repository commit (if set to "follow").
1357 1365 (default: follow)
1358 1366
1359 1367
1360 1368 ``profiling``
1361 1369 -------------
1362 1370
1363 1371 Specifies profiling type, format, and file output. Two profilers are
1364 1372 supported: an instrumenting profiler (named ``ls``), and a sampling
1365 1373 profiler (named ``stat``).
1366 1374
1367 1375 In this section description, 'profiling data' stands for the raw data
1368 1376 collected during profiling, while 'profiling report' stands for a
1369 1377 statistical text report generated from the profiling data. The
1370 1378 profiling is done using lsprof.
1371 1379
1372 1380 ``type``
1373 1381 The type of profiler to use.
1374 1382 (default: ls)
1375 1383
1376 1384 ``ls``
1377 1385 Use Python's built-in instrumenting profiler. This profiler
1378 1386 works on all platforms, but each line number it reports is the
1379 1387 first line of a function. This restriction makes it difficult to
1380 1388 identify the expensive parts of a non-trivial function.
1381 1389 ``stat``
1382 1390 Use a third-party statistical profiler, statprof. This profiler
1383 1391 currently runs only on Unix systems, and is most useful for
1384 1392 profiling commands that run for longer than about 0.1 seconds.
1385 1393
1386 1394 ``format``
1387 1395 Profiling format. Specific to the ``ls`` instrumenting profiler.
1388 1396 (default: text)
1389 1397
1390 1398 ``text``
1391 1399 Generate a profiling report. When saving to a file, it should be
1392 1400 noted that only the report is saved, and the profiling data is
1393 1401 not kept.
1394 1402 ``kcachegrind``
1395 1403 Format profiling data for kcachegrind use: when saving to a
1396 1404 file, the generated file can directly be loaded into
1397 1405 kcachegrind.
1398 1406
1399 1407 ``frequency``
1400 1408 Sampling frequency. Specific to the ``stat`` sampling profiler.
1401 1409 (default: 1000)
1402 1410
1403 1411 ``output``
1404 1412 File path where profiling data or report should be saved. If the
1405 1413 file exists, it is replaced. (default: None, data is printed on
1406 1414 stderr)
1407 1415
1408 1416 ``sort``
1409 1417 Sort field. Specific to the ``ls`` instrumenting profiler.
1410 1418 One of ``callcount``, ``reccallcount``, ``totaltime`` and
1411 1419 ``inlinetime``.
1412 1420 (default: inlinetime)
1413 1421
1414 1422 ``limit``
1415 1423 Number of lines to show. Specific to the ``ls`` instrumenting profiler.
1416 1424 (default: 30)
1417 1425
1418 1426 ``nested``
1419 1427 Show at most this number of lines of drill-down info after each main entry.
1420 1428 This can help explain the difference between Total and Inline.
1421 1429 Specific to the ``ls`` instrumenting profiler.
1422 1430 (default: 5)
1423 1431
1424 1432 ``progress``
1425 1433 ------------
1426 1434
1427 1435 Mercurial commands can draw progress bars that are as informative as
1428 1436 possible. Some progress bars only offer indeterminate information, while others
1429 1437 have a definite end point.
1430 1438
1431 1439 ``delay``
1432 1440 Number of seconds (float) before showing the progress bar. (default: 3)
1433 1441
1434 1442 ``changedelay``
1435 1443 Minimum delay before showing a new topic. When set to less than 3 * refresh,
1436 1444 that value will be used instead. (default: 1)
1437 1445
1438 1446 ``refresh``
1439 1447 Time in seconds between refreshes of the progress bar. (default: 0.1)
1440 1448
1441 1449 ``format``
1442 1450 Format of the progress bar.
1443 1451
1444 1452 Valid entries for the format field are ``topic``, ``bar``, ``number``,
1445 1453 ``unit``, ``estimate``, ``speed``, and ``item``. ``item`` defaults to the
1446 1454 last 20 characters of the item, but this can be changed by adding either
1447 1455 ``-<num>`` which would take the last num characters, or ``+<num>`` for the
1448 1456 first num characters.
1449 1457
1450 1458 (default: topic bar number estimate)
1451 1459
1452 1460 ``width``
1453 1461 If set, the maximum width of the progress information (that is, min(width,
1454 1462 term width) will be used).
1455 1463
1456 1464 ``clear-complete``
1457 1465 Clear the progress bar after it's done. (default: True)
1458 1466
1459 1467 ``disable``
1460 1468 If true, don't show a progress bar.
1461 1469
1462 1470 ``assume-tty``
1463 1471 If true, ALWAYS show a progress bar, unless disable is given.
1464 1472
1465 1473 ``rebase``
1466 1474 ----------
1467 1475
1468 1476 ``allowdivergence``
1469 1477 Default to False, when True allow creating divergence when performing
1470 1478 rebase of obsolete changesets.
1471 1479
1472 1480 ``revsetalias``
1473 1481 ---------------
1474 1482
1475 1483 Alias definitions for revsets. See :hg:`help revsets` for details.
1476 1484
1477 1485 ``server``
1478 1486 ----------
1479 1487
1480 1488 Controls generic server settings.
1481 1489
1482 1490 ``uncompressed``
1483 1491 Whether to allow clients to clone a repository using the
1484 1492 uncompressed streaming protocol. This transfers about 40% more
1485 1493 data than a regular clone, but uses less memory and CPU on both
1486 1494 server and client. Over a LAN (100 Mbps or better) or a very fast
1487 1495 WAN, an uncompressed streaming clone is a lot faster (~10x) than a
1488 1496 regular clone. Over most WAN connections (anything slower than
1489 1497 about 6 Mbps), uncompressed streaming is slower, because of the
1490 1498 extra data transfer overhead. This mode will also temporarily hold
1491 1499 the write lock while determining what data to transfer.
1492 1500 (default: True)
1493 1501
1494 1502 ``preferuncompressed``
1495 1503 When set, clients will try to use the uncompressed streaming
1496 1504 protocol. (default: False)
1497 1505
1498 1506 ``validate``
1499 1507 Whether to validate the completeness of pushed changesets by
1500 1508 checking that all new file revisions specified in manifests are
1501 1509 present. (default: False)
1502 1510
1503 1511 ``maxhttpheaderlen``
1504 1512 Instruct HTTP clients not to send request headers longer than this
1505 1513 many bytes. (default: 1024)
1506 1514
1507 1515 ``bundle1``
1508 1516 Whether to allow clients to push and pull using the legacy bundle1
1509 1517 exchange format. (default: True)
1510 1518
1511 1519 ``bundle1gd``
1512 1520 Like ``bundle1`` but only used if the repository is using the
1513 1521 *generaldelta* storage format. (default: True)
1514 1522
1515 1523 ``bundle1.push``
1516 1524 Whether to allow clients to push using the legacy bundle1 exchange
1517 1525 format. (default: True)
1518 1526
1519 1527 ``bundle1gd.push``
1520 1528 Like ``bundle1.push`` but only used if the repository is using the
1521 1529 *generaldelta* storage format. (default: True)
1522 1530
1523 1531 ``bundle1.pull``
1524 1532 Whether to allow clients to pull using the legacy bundle1 exchange
1525 1533 format. (default: True)
1526 1534
1527 1535 ``bundle1gd.pull``
1528 1536 Like ``bundle1.pull`` but only used if the repository is using the
1529 1537 *generaldelta* storage format. (default: True)
1530 1538
1531 1539 Large repositories using the *generaldelta* storage format should
1532 1540 consider setting this option because converting *generaldelta*
1533 1541 repositories to the exchange format required by the bundle1 data
1534 1542 format can consume a lot of CPU.
1535 1543
1536 1544 ``smtp``
1537 1545 --------
1538 1546
1539 1547 Configuration for extensions that need to send email messages.
1540 1548
1541 1549 ``host``
1542 1550 Host name of mail server, e.g. "mail.example.com".
1543 1551
1544 1552 ``port``
1545 1553 Optional. Port to connect to on mail server. (default: 465 if
1546 1554 ``tls`` is smtps; 25 otherwise)
1547 1555
1548 1556 ``tls``
1549 1557 Optional. Method to enable TLS when connecting to mail server: starttls,
1550 1558 smtps or none. (default: none)
1551 1559
1552 1560 ``username``
1553 1561 Optional. User name for authenticating with the SMTP server.
1554 1562 (default: None)
1555 1563
1556 1564 ``password``
1557 1565 Optional. Password for authenticating with the SMTP server. If not
1558 1566 specified, interactive sessions will prompt the user for a
1559 1567 password; non-interactive sessions will fail. (default: None)
1560 1568
1561 1569 ``local_hostname``
1562 1570 Optional. The hostname that the sender can use to identify
1563 1571 itself to the MTA.
1564 1572
1565 1573
1566 1574 ``subpaths``
1567 1575 ------------
1568 1576
1569 1577 Subrepository source URLs can go stale if a remote server changes name
1570 1578 or becomes temporarily unavailable. This section lets you define
1571 1579 rewrite rules of the form::
1572 1580
1573 1581 <pattern> = <replacement>
1574 1582
1575 1583 where ``pattern`` is a regular expression matching a subrepository
1576 1584 source URL and ``replacement`` is the replacement string used to
1577 1585 rewrite it. Groups can be matched in ``pattern`` and referenced in
1578 1586 ``replacements``. For instance::
1579 1587
1580 1588 http://server/(.*)-hg/ = http://hg.server/\1/
1581 1589
1582 1590 rewrites ``http://server/foo-hg/`` into ``http://hg.server/foo/``.
1583 1591
1584 1592 Relative subrepository paths are first made absolute, and the
1585 1593 rewrite rules are then applied on the full (absolute) path. If ``pattern``
1586 1594 doesn't match the full path, an attempt is made to apply it on the
1587 1595 relative path alone. The rules are applied in definition order.
1588 1596
1589 1597 ``templatealias``
1590 1598 -----------------
1591 1599
1592 1600 Alias definitions for templates. See :hg:`help templates` for details.
1593 1601
1594 1602 ``trusted``
1595 1603 -----------
1596 1604
1597 1605 Mercurial will not use the settings in the
1598 1606 ``.hg/hgrc`` file from a repository if it doesn't belong to a trusted
1599 1607 user or to a trusted group, as various hgrc features allow arbitrary
1600 1608 commands to be run. This issue is often encountered when configuring
1601 1609 hooks or extensions for shared repositories or servers. However,
1602 1610 the web interface will use some safe settings from the ``[web]``
1603 1611 section.
1604 1612
1605 1613 This section specifies what users and groups are trusted. The
1606 1614 current user is always trusted. To trust everybody, list a user or a
1607 1615 group with name ``*``. These settings must be placed in an
1608 1616 *already-trusted file* to take effect, such as ``$HOME/.hgrc`` of the
1609 1617 user or service running Mercurial.
1610 1618
1611 1619 ``users``
1612 1620 Comma-separated list of trusted users.
1613 1621
1614 1622 ``groups``
1615 1623 Comma-separated list of trusted groups.
1616 1624
1617 1625
1618 1626 ``ui``
1619 1627 ------
1620 1628
1621 1629 User interface controls.
1622 1630
1623 1631 ``archivemeta``
1624 1632 Whether to include the .hg_archival.txt file containing meta data
1625 1633 (hashes for the repository base and for tip) in archives created
1626 1634 by the :hg:`archive` command or downloaded via hgweb.
1627 1635 (default: True)
1628 1636
1629 1637 ``askusername``
1630 1638 Whether to prompt for a username when committing. If True, and
1631 1639 neither ``$HGUSER`` nor ``$EMAIL`` has been specified, then the user will
1632 1640 be prompted to enter a username. If no username is entered, the
1633 1641 default ``USER@HOST`` is used instead.
1634 1642 (default: False)
1635 1643
1636 1644 ``clonebundles``
1637 1645 Whether the "clone bundles" feature is enabled.
1638 1646
1639 1647 When enabled, :hg:`clone` may download and apply a server-advertised
1640 1648 bundle file from a URL instead of using the normal exchange mechanism.
1641 1649
1642 1650 This can likely result in faster and more reliable clones.
1643 1651
1644 1652 (default: True)
1645 1653
1646 1654 ``clonebundlefallback``
1647 1655 Whether failure to apply an advertised "clone bundle" from a server
1648 1656 should result in fallback to a regular clone.
1649 1657
1650 1658 This is disabled by default because servers advertising "clone
1651 1659 bundles" often do so to reduce server load. If advertised bundles
1652 1660 start mass failing and clients automatically fall back to a regular
1653 1661 clone, this would add significant and unexpected load to the server
1654 1662 since the server is expecting clone operations to be offloaded to
1655 1663 pre-generated bundles. Failing fast (the default behavior) ensures
1656 1664 clients don't overwhelm the server when "clone bundle" application
1657 1665 fails.
1658 1666
1659 1667 (default: False)
1660 1668
1661 1669 ``clonebundleprefers``
1662 1670 Defines preferences for which "clone bundles" to use.
1663 1671
1664 1672 Servers advertising "clone bundles" may advertise multiple available
1665 1673 bundles. Each bundle may have different attributes, such as the bundle
1666 1674 type and compression format. This option is used to prefer a particular
1667 1675 bundle over another.
1668 1676
1669 1677 The following keys are defined by Mercurial:
1670 1678
1671 1679 BUNDLESPEC
1672 1680 A bundle type specifier. These are strings passed to :hg:`bundle -t`.
1673 1681 e.g. ``gzip-v2`` or ``bzip2-v1``.
1674 1682
1675 1683 COMPRESSION
1676 1684 The compression format of the bundle. e.g. ``gzip`` and ``bzip2``.
1677 1685
1678 1686 Server operators may define custom keys.
1679 1687
1680 1688 Example values: ``COMPRESSION=bzip2``,
1681 1689 ``BUNDLESPEC=gzip-v2, COMPRESSION=gzip``.
1682 1690
1683 1691 By default, the first bundle advertised by the server is used.
1684 1692
1685 1693 ``commitsubrepos``
1686 1694 Whether to commit modified subrepositories when committing the
1687 1695 parent repository. If False and one subrepository has uncommitted
1688 1696 changes, abort the commit.
1689 1697 (default: False)
1690 1698
1691 1699 ``debug``
1692 1700 Print debugging information. (default: False)
1693 1701
1694 1702 ``editor``
1695 1703 The editor to use during a commit. (default: ``$EDITOR`` or ``vi``)
1696 1704
1697 1705 ``fallbackencoding``
1698 1706 Encoding to try if it's not possible to decode the changelog using
1699 1707 UTF-8. (default: ISO-8859-1)
1700 1708
1701 1709 ``graphnodetemplate``
1702 1710 The template used to print changeset nodes in an ASCII revision graph.
1703 1711 (default: ``{graphnode}``)
1704 1712
1705 1713 ``ignore``
1706 1714 A file to read per-user ignore patterns from. This file should be
1707 1715 in the same format as a repository-wide .hgignore file. Filenames
1708 1716 are relative to the repository root. This option supports hook syntax,
1709 1717 so if you want to specify multiple ignore files, you can do so by
1710 1718 setting something like ``ignore.other = ~/.hgignore2``. For details
1711 1719 of the ignore file format, see the ``hgignore(5)`` man page.
1712 1720
1713 1721 ``interactive``
1714 1722 Allow to prompt the user. (default: True)
1715 1723
1716 1724 ``interface``
1717 1725 Select the default interface for interactive features (default: text).
1718 1726 Possible values are 'text' and 'curses'.
1719 1727
1720 1728 ``interface.chunkselector``
1721 1729 Select the interface for change recording (e.g. :hg:`commit` -i).
1722 1730 Possible values are 'text' and 'curses'.
1723 1731 This config overrides the interface specified by ui.interface.
1724 1732
1725 1733 ``logtemplate``
1726 1734 Template string for commands that print changesets.
1727 1735
1728 1736 ``merge``
1729 1737 The conflict resolution program to use during a manual merge.
1730 1738 For more information on merge tools see :hg:`help merge-tools`.
1731 1739 For configuring merge tools see the ``[merge-tools]`` section.
1732 1740
1733 1741 ``mergemarkers``
1734 1742 Sets the merge conflict marker label styling. The ``detailed``
1735 1743 style uses the ``mergemarkertemplate`` setting to style the labels.
1736 1744 The ``basic`` style just uses 'local' and 'other' as the marker label.
1737 1745 One of ``basic`` or ``detailed``.
1738 1746 (default: ``basic``)
1739 1747
1740 1748 ``mergemarkertemplate``
1741 1749 The template used to print the commit description next to each conflict
1742 1750 marker during merge conflicts. See :hg:`help templates` for the template
1743 1751 format.
1744 1752
1745 1753 Defaults to showing the hash, tags, branches, bookmarks, author, and
1746 1754 the first line of the commit description.
1747 1755
1748 1756 If you use non-ASCII characters in names for tags, branches, bookmarks,
1749 1757 authors, and/or commit descriptions, you must pay attention to encodings of
1750 1758 managed files. At template expansion, non-ASCII characters use the encoding
1751 1759 specified by the ``--encoding`` global option, ``HGENCODING`` or other
1752 1760 environment variables that govern your locale. If the encoding of the merge
1753 1761 markers is different from the encoding of the merged files,
1754 1762 serious problems may occur.
1755 1763
1756 1764 ``origbackuppath``
1757 1765 The path to a directory used to store generated .orig files. If the path is
1758 1766 not a directory, one will be created.
1759 1767
1760 1768 ``patch``
1761 1769 An optional external tool that ``hg import`` and some extensions
1762 1770 will use for applying patches. By default Mercurial uses an
1763 1771 internal patch utility. The external tool must work as the common
1764 1772 Unix ``patch`` program. In particular, it must accept a ``-p``
1765 1773 argument to strip patch headers, a ``-d`` argument to specify the
1766 1774 current directory, a file name to patch, and a patch file to take
1767 1775 from stdin.
1768 1776
1769 1777 It is possible to specify a patch tool together with extra
1770 1778 arguments. For example, setting this option to ``patch --merge``
1771 1779 will use the ``patch`` program with its 2-way merge option.
1772 1780
1773 1781 ``portablefilenames``
1774 1782 Check for portable filenames. Can be ``warn``, ``ignore`` or ``abort``.
1775 1783 (default: ``warn``)
1776 1784
1777 1785 ``warn``
1778 1786 Print a warning message on POSIX platforms, if a file with a non-portable
1779 1787 filename is added (e.g. a file with a name that can't be created on
1780 1788 Windows because it contains reserved parts like ``AUX``, reserved
1781 1789 characters like ``:``, or would cause a case collision with an existing
1782 1790 file).
1783 1791
1784 1792 ``ignore``
1785 1793 Don't print a warning.
1786 1794
1787 1795 ``abort``
1788 1796 The command is aborted.
1789 1797
1790 1798 ``true``
1791 1799 Alias for ``warn``.
1792 1800
1793 1801 ``false``
1794 1802 Alias for ``ignore``.
1795 1803
1796 1804 .. container:: windows
1797 1805
1798 1806 On Windows, this configuration option is ignored and the command aborted.
1799 1807
1800 1808 ``quiet``
1801 1809 Reduce the amount of output printed.
1802 1810 (default: False)
1803 1811
1804 1812 ``remotecmd``
1805 1813 Remote command to use for clone/push/pull operations.
1806 1814 (default: ``hg``)
1807 1815
1808 1816 ``report_untrusted``
1809 1817 Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a
1810 1818 trusted user or group.
1811 1819 (default: True)
1812 1820
1813 1821 ``slash``
1814 1822 Display paths using a slash (``/``) as the path separator. This
1815 1823 only makes a difference on systems where the default path
1816 1824 separator is not the slash character (e.g. Windows uses the
1817 1825 backslash character (``\``)).
1818 1826 (default: False)
1819 1827
1820 1828 ``statuscopies``
1821 1829 Display copies in the status command.
1822 1830
1823 1831 ``ssh``
1824 1832 Command to use for SSH connections. (default: ``ssh``)
1825 1833
1826 1834 ``strict``
1827 1835 Require exact command names, instead of allowing unambiguous
1828 1836 abbreviations. (default: False)
1829 1837
1830 1838 ``style``
1831 1839 Name of style to use for command output.
1832 1840
1833 1841 ``supportcontact``
1834 1842 A URL where users should report a Mercurial traceback. Use this if you are a
1835 1843 large organisation with its own Mercurial deployment process and crash
1836 1844 reports should be addressed to your internal support.
1837 1845
1838 1846 ``textwidth``
1839 1847 Maximum width of help text. A longer line generated by ``hg help`` or
1840 1848 ``hg subcommand --help`` will be broken after white space to get this
1841 1849 width or the terminal width, whichever comes first.
1842 1850 A non-positive value will disable this and the terminal width will be
1843 1851 used. (default: 78)
1844 1852
1845 1853 ``timeout``
1846 1854 The timeout used when a lock is held (in seconds), a negative value
1847 1855 means no timeout. (default: 600)
1848 1856
1849 1857 ``traceback``
1850 1858 Mercurial always prints a traceback when an unknown exception
1851 1859 occurs. Setting this to True will make Mercurial print a traceback
1852 1860 on all exceptions, even those recognized by Mercurial (such as
1853 1861 IOError or MemoryError). (default: False)
1854 1862
1855 1863 ``username``
1856 1864 The committer of a changeset created when running "commit".
1857 1865 Typically a person's name and email address, e.g. ``Fred Widget
1858 1866 <fred@example.com>``. Environment variables in the
1859 1867 username are expanded.
1860 1868
1861 1869 (default: ``$EMAIL`` or ``username@hostname``. If the username in
1862 1870 hgrc is empty, e.g. if the system admin set ``username =`` in the
1863 1871 system hgrc, it has to be specified manually or in a different
1864 1872 hgrc file)
1865 1873
1866 1874 ``verbose``
1867 1875 Increase the amount of output printed. (default: False)
1868 1876
1869 1877
1870 1878 ``web``
1871 1879 -------
1872 1880
1873 1881 Web interface configuration. The settings in this section apply to
1874 1882 both the builtin webserver (started by :hg:`serve`) and the script you
1875 1883 run through a webserver (``hgweb.cgi`` and the derivatives for FastCGI
1876 1884 and WSGI).
1877 1885
1878 1886 The Mercurial webserver does no authentication (it does not prompt for
1879 1887 usernames and passwords to validate *who* users are), but it does do
1880 1888 authorization (it grants or denies access for *authenticated users*
1881 1889 based on settings in this section). You must either configure your
1882 1890 webserver to do authentication for you, or disable the authorization
1883 1891 checks.
1884 1892
1885 1893 For a quick setup in a trusted environment, e.g., a private LAN, where
1886 1894 you want it to accept pushes from anybody, you can use the following
1887 1895 command line::
1888 1896
1889 1897 $ hg --config web.allow_push=* --config web.push_ssl=False serve
1890 1898
1891 1899 Note that this will allow anybody to push anything to the server and
1892 1900 that this should not be used for public servers.
1893 1901
1894 1902 The full set of options is:
1895 1903
1896 1904 ``accesslog``
1897 1905 Where to output the access log. (default: stdout)
1898 1906
1899 1907 ``address``
1900 1908 Interface address to bind to. (default: all)
1901 1909
1902 1910 ``allow_archive``
1903 1911 List of archive format (bz2, gz, zip) allowed for downloading.
1904 1912 (default: empty)
1905 1913
1906 1914 ``allowbz2``
1907 1915 (DEPRECATED) Whether to allow .tar.bz2 downloading of repository
1908 1916 revisions.
1909 1917 (default: False)
1910 1918
1911 1919 ``allowgz``
1912 1920 (DEPRECATED) Whether to allow .tar.gz downloading of repository
1913 1921 revisions.
1914 1922 (default: False)
1915 1923
1916 1924 ``allowpull``
1917 1925 Whether to allow pulling from the repository. (default: True)
1918 1926
1919 1927 ``allow_push``
1920 1928 Whether to allow pushing to the repository. If empty or not set,
1921 1929 pushing is not allowed. If the special value ``*``, any remote
1922 1930 user can push, including unauthenticated users. Otherwise, the
1923 1931 remote user must have been authenticated, and the authenticated
1924 1932 user name must be present in this list. The contents of the
1925 1933 allow_push list are examined after the deny_push list.
1926 1934
1927 1935 ``allow_read``
1928 1936 If the user has not already been denied repository access due to
1929 1937 the contents of deny_read, this list determines whether to grant
1930 1938 repository access to the user. If this list is not empty, and the
1931 1939 user is unauthenticated or not present in the list, then access is
1932 1940 denied for the user. If the list is empty or not set, then access
1933 1941 is permitted to all users by default. Setting allow_read to the
1934 1942 special value ``*`` is equivalent to it not being set (i.e. access
1935 1943 is permitted to all users). The contents of the allow_read list are
1936 1944 examined after the deny_read list.
1937 1945
1938 1946 ``allowzip``
1939 1947 (DEPRECATED) Whether to allow .zip downloading of repository
1940 1948 revisions. This feature creates temporary files.
1941 1949 (default: False)
1942 1950
1943 1951 ``archivesubrepos``
1944 1952 Whether to recurse into subrepositories when archiving.
1945 1953 (default: False)
1946 1954
1947 1955 ``baseurl``
1948 1956 Base URL to use when publishing URLs in other locations, so
1949 1957 third-party tools like email notification hooks can construct
1950 1958 URLs. Example: ``http://hgserver/repos/``.
1951 1959
1952 1960 ``cacerts``
1953 1961 Path to file containing a list of PEM encoded certificate
1954 1962 authority certificates. Environment variables and ``~user``
1955 1963 constructs are expanded in the filename. If specified on the
1956 1964 client, then it will verify the identity of remote HTTPS servers
1957 1965 with these certificates.
1958 1966
1959 1967 To disable SSL verification temporarily, specify ``--insecure`` from
1960 1968 command line.
1961 1969
1962 1970 You can use OpenSSL's CA certificate file if your platform has
1963 1971 one. On most Linux systems this will be
1964 1972 ``/etc/ssl/certs/ca-certificates.crt``. Otherwise you will have to
1965 1973 generate this file manually. The form must be as follows::
1966 1974
1967 1975 -----BEGIN CERTIFICATE-----
1968 1976 ... (certificate in base64 PEM encoding) ...
1969 1977 -----END CERTIFICATE-----
1970 1978 -----BEGIN CERTIFICATE-----
1971 1979 ... (certificate in base64 PEM encoding) ...
1972 1980 -----END CERTIFICATE-----
1973 1981
1974 1982 ``cache``
1975 1983 Whether to support caching in hgweb. (default: True)
1976 1984
1977 1985 ``certificate``
1978 1986 Certificate to use when running :hg:`serve`.
1979 1987
1980 1988 ``collapse``
1981 1989 With ``descend`` enabled, repositories in subdirectories are shown at
1982 1990 a single level alongside repositories in the current path. With
1983 1991 ``collapse`` also enabled, repositories residing at a deeper level than
1984 1992 the current path are grouped behind navigable directory entries that
1985 1993 lead to the locations of these repositories. In effect, this setting
1986 1994 collapses each collection of repositories found within a subdirectory
1987 1995 into a single entry for that subdirectory. (default: False)
1988 1996
1989 1997 ``comparisoncontext``
1990 1998 Number of lines of context to show in side-by-side file comparison. If
1991 1999 negative or the value ``full``, whole files are shown. (default: 5)
1992 2000
1993 2001 This setting can be overridden by a ``context`` request parameter to the
1994 2002 ``comparison`` command, taking the same values.
1995 2003
1996 2004 ``contact``
1997 2005 Name or email address of the person in charge of the repository.
1998 2006 (default: ui.username or ``$EMAIL`` or "unknown" if unset or empty)
1999 2007
2000 2008 ``deny_push``
2001 2009 Whether to deny pushing to the repository. If empty or not set,
2002 2010 push is not denied. If the special value ``*``, all remote users are
2003 2011 denied push. Otherwise, unauthenticated users are all denied, and
2004 2012 any authenticated user name present in this list is also denied. The
2005 2013 contents of the deny_push list are examined before the allow_push list.
2006 2014
2007 2015 ``deny_read``
2008 2016 Whether to deny reading/viewing of the repository. If this list is
2009 2017 not empty, unauthenticated users are all denied, and any
2010 2018 authenticated user name present in this list is also denied access to
2011 2019 the repository. If set to the special value ``*``, all remote users
2012 2020 are denied access (rarely needed ;). If deny_read is empty or not set,
2013 2021 the determination of repository access depends on the presence and
2014 2022 content of the allow_read list (see description). If both
2015 2023 deny_read and allow_read are empty or not set, then access is
2016 2024 permitted to all users by default. If the repository is being
2017 2025 served via hgwebdir, denied users will not be able to see it in
2018 2026 the list of repositories. The contents of the deny_read list have
2019 2027 priority over (are examined before) the contents of the allow_read
2020 2028 list.
2021 2029
2022 2030 ``descend``
2023 2031 hgwebdir indexes will not descend into subdirectories. Only repositories
2024 2032 directly in the current path will be shown (other repositories are still
2025 2033 available from the index corresponding to their containing path).
2026 2034
2027 2035 ``description``
2028 2036 Textual description of the repository's purpose or contents.
2029 2037 (default: "unknown")
2030 2038
2031 2039 ``encoding``
2032 2040 Character encoding name. (default: the current locale charset)
2033 2041 Example: "UTF-8".
2034 2042
2035 2043 ``errorlog``
2036 2044 Where to output the error log. (default: stderr)
2037 2045
2038 2046 ``guessmime``
2039 2047 Control MIME types for raw download of file content.
2040 2048 Set to True to let hgweb guess the content type from the file
2041 2049 extension. This will serve HTML files as ``text/html`` and might
2042 2050 allow cross-site scripting attacks when serving untrusted
2043 2051 repositories. (default: False)
2044 2052
2045 2053 ``hidden``
2046 2054 Whether to hide the repository in the hgwebdir index.
2047 2055 (default: False)
2048 2056
2049 2057 ``ipv6``
2050 2058 Whether to use IPv6. (default: False)
2051 2059
2052 2060 ``labels``
2053 2061 List of string *labels* associated with the repository.
2054 2062
2055 2063 Labels are exposed as a template keyword and can be used to customize
2056 2064 output. e.g. the ``index`` template can group or filter repositories
2057 2065 by labels and the ``summary`` template can display additional content
2058 2066 if a specific label is present.
2059 2067
2060 2068 ``logoimg``
2061 2069 File name of the logo image that some templates display on each page.
2062 2070 The file name is relative to ``staticurl``. That is, the full path to
2063 2071 the logo image is "staticurl/logoimg".
2064 2072 If unset, ``hglogo.png`` will be used.
2065 2073
2066 2074 ``logourl``
2067 2075 Base URL to use for logos. If unset, ``https://mercurial-scm.org/``
2068 2076 will be used.
2069 2077
2070 2078 ``maxchanges``
2071 2079 Maximum number of changes to list on the changelog. (default: 10)
2072 2080
2073 2081 ``maxfiles``
2074 2082 Maximum number of files to list per changeset. (default: 10)
2075 2083
2076 2084 ``maxshortchanges``
2077 2085 Maximum number of changes to list on the shortlog, graph or filelog
2078 2086 pages. (default: 60)
2079 2087
2080 2088 ``name``
2081 2089 Repository name to use in the web interface.
2082 2090 (default: current working directory)
2083 2091
2084 2092 ``port``
2085 2093 Port to listen on. (default: 8000)
2086 2094
2087 2095 ``prefix``
2088 2096 Prefix path to serve from. (default: '' (server root))
2089 2097
2090 2098 ``push_ssl``
2091 2099 Whether to require that inbound pushes be transported over SSL to
2092 2100 prevent password sniffing. (default: True)
2093 2101
2094 2102 ``refreshinterval``
2095 2103 How frequently directory listings re-scan the filesystem for new
2096 2104 repositories, in seconds. This is relevant when wildcards are used
2097 2105 to define paths. Depending on how much filesystem traversal is
2098 2106 required, refreshing may negatively impact performance.
2099 2107
2100 2108 Values less than or equal to 0 always refresh.
2101 2109 (default: 20)
2102 2110
2103 2111 ``staticurl``
2104 2112 Base URL to use for static files. If unset, static files (e.g. the
2105 2113 hgicon.png favicon) will be served by the CGI script itself. Use
2106 2114 this setting to serve them directly with the HTTP server.
2107 2115 Example: ``http://hgserver/static/``.
2108 2116
2109 2117 ``stripes``
2110 2118 How many lines a "zebra stripe" should span in multi-line output.
2111 2119 Set to 0 to disable. (default: 1)
2112 2120
2113 2121 ``style``
2114 2122 Which template map style to use. The available options are the names of
2115 2123 subdirectories in the HTML templates path. (default: ``paper``)
2116 2124 Example: ``monoblue``.
2117 2125
2118 2126 ``templates``
2119 2127 Where to find the HTML templates. The default path to the HTML templates
2120 2128 can be obtained from ``hg debuginstall``.
2121 2129
2122 2130 ``websub``
2123 2131 ----------
2124 2132
2125 2133 Web substitution filter definition. You can use this section to
2126 2134 define a set of regular expression substitution patterns which
2127 2135 let you automatically modify the hgweb server output.
2128 2136
2129 2137 The default hgweb templates only apply these substitution patterns
2130 2138 on the revision description fields. You can apply them anywhere
2131 2139 you want when you create your own templates by adding calls to the
2132 2140 "websub" filter (usually after calling the "escape" filter).
2133 2141
2134 2142 This can be used, for example, to convert issue references to links
2135 2143 to your issue tracker, or to convert "markdown-like" syntax into
2136 2144 HTML (see the examples below).
2137 2145
2138 2146 Each entry in this section names a substitution filter.
2139 2147 The value of each entry defines the substitution expression itself.
2140 2148 The websub expressions follow the old interhg extension syntax,
2141 2149 which in turn imitates the Unix sed replacement syntax::
2142 2150
2143 2151 patternname = s/SEARCH_REGEX/REPLACE_EXPRESSION/[i]
2144 2152
2145 2153 You can use any separator other than "/". The final "i" is optional
2146 2154 and indicates that the search must be case insensitive.
2147 2155
2148 2156 Examples::
2149 2157
2150 2158 [websub]
2151 2159 issues = s|issue(\d+)|<a href="http://bts.example.org/issue\1">issue\1</a>|i
2152 2160 italic = s/\b_(\S+)_\b/<i>\1<\/i>/
2153 2161 bold = s/\*\b(\S+)\b\*/<b>\1<\/b>/
2154 2162
2155 2163 ``worker``
2156 2164 ----------
2157 2165
2158 2166 Parallel master/worker configuration. We currently perform working
2159 2167 directory updates in parallel on Unix-like systems, which greatly
2160 2168 helps performance.
2161 2169
2162 2170 ``numcpus``
2163 2171 Number of CPUs to use for parallel operations. A zero or
2164 2172 negative value is treated as ``use the default``.
2165 2173 (default: 4 or the number of CPUs on the system, whichever is larger)
2166 2174
2167 2175 ``backgroundclose``
2168 2176 Whether to enable closing file handles on background threads during certain
2169 2177 operations. Some platforms aren't very efficient at closing file
2170 2178 handles that have been written or appended to. By performing file closing
2171 2179 on background threads, file write rate can increase substantially.
2172 2180 (default: true on Windows, false elsewhere)
2173 2181
2174 2182 ``backgroundcloseminfilecount``
2175 2183 Minimum number of files required to trigger background file closing.
2176 2184 Operations not writing this many files won't start background close
2177 2185 threads.
2178 2186 (default: 2048)
2179 2187
2180 2188 ``backgroundclosemaxqueue``
2181 2189 The maximum number of opened file handles waiting to be closed in the
2182 2190 background. This option only has an effect if ``backgroundclose`` is
2183 2191 enabled.
2184 2192 (default: 384)
2185 2193
2186 2194 ``backgroundclosethreadcount``
2187 2195 Number of threads to process background file closes. Only relevant if
2188 2196 ``backgroundclose`` is enabled.
2189 2197 (default: 4)
Show file before | Show file after | Hide comments
@@ -1,733 +1,741 b''
1 1 # sslutil.py - SSL handling for mercurial
2 2 #
3 3 # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
4 4 # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
5 5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
6 6 #
7 7 # This software may be used and distributed according to the terms of the
8 8 # GNU General Public License version 2 or any later version.
9 9
10 10 from __future__ import absolute_import
11 11
12 12 import hashlib
13 13 import os
14 14 import re
15 15 import ssl
16 16 import sys
17 17
18 18 from .i18n import _
19 19 from . import (
20 20 error,
21 21 util,
22 22 )
23 23
24 24 # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added
25 25 # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are
26 26 # all exposed via the "ssl" module.
27 27 #
28 28 # Depending on the version of Python being used, SSL/TLS support is either
29 29 # modern/secure or legacy/insecure. Many operations in this module have
30 30 # separate code paths depending on support in Python.
31 31
32 32 configprotocols = set([
33 33 'tls1.0',
34 34 'tls1.1',
35 35 'tls1.2',
36 36 ])
37 37
38 38 hassni = getattr(ssl, 'HAS_SNI', False)
39 39
40 40 try:
41 41 # ssl.SSLContext was added in 2.7.9 and presence indicates modern
42 42 # SSL/TLS features are available.
43 43 SSLContext = ssl.SSLContext
44 44 modernssl = True
45 45 _canloaddefaultcerts = util.safehasattr(SSLContext, 'load_default_certs')
46 46 except AttributeError:
47 47 modernssl = False
48 48 _canloaddefaultcerts = False
49 49
50 50 # We implement SSLContext using the interface from the standard library.
51 51 class SSLContext(object):
52 52 # ssl.wrap_socket gained the "ciphers" named argument in 2.7.
53 53 _supportsciphers = sys.version_info >= (2, 7)
54 54
55 55 def __init__(self, protocol):
56 56 # From the public interface of SSLContext
57 57 self.protocol = protocol
58 58 self.check_hostname = False
59 59 self.options = 0
60 60 self.verify_mode = ssl.CERT_NONE
61 61
62 62 # Used by our implementation.
63 63 self._certfile = None
64 64 self._keyfile = None
65 65 self._certpassword = None
66 66 self._cacerts = None
67 67 self._ciphers = None
68 68
69 69 def load_cert_chain(self, certfile, keyfile=None, password=None):
70 70 self._certfile = certfile
71 71 self._keyfile = keyfile
72 72 self._certpassword = password
73 73
74 74 def load_default_certs(self, purpose=None):
75 75 pass
76 76
77 77 def load_verify_locations(self, cafile=None, capath=None, cadata=None):
78 78 if capath:
79 79 raise error.Abort(_('capath not supported'))
80 80 if cadata:
81 81 raise error.Abort(_('cadata not supported'))
82 82
83 83 self._cacerts = cafile
84 84
85 85 def set_ciphers(self, ciphers):
86 86 if not self._supportsciphers:
87 87 raise error.Abort(_('setting ciphers not supported'))
88 88
89 89 self._ciphers = ciphers
90 90
91 91 def wrap_socket(self, socket, server_hostname=None, server_side=False):
92 92 # server_hostname is unique to SSLContext.wrap_socket and is used
93 93 # for SNI in that context. So there's nothing for us to do with it
94 94 # in this legacy code since we don't support SNI.
95 95
96 96 args = {
97 97 'keyfile': self._keyfile,
98 98 'certfile': self._certfile,
99 99 'server_side': server_side,
100 100 'cert_reqs': self.verify_mode,
101 101 'ssl_version': self.protocol,
102 102 'ca_certs': self._cacerts,
103 103 }
104 104
105 105 if self._supportsciphers:
106 106 args['ciphers'] = self._ciphers
107 107
108 108 return ssl.wrap_socket(socket, **args)
109 109
110 110 def _hostsettings(ui, hostname):
111 111 """Obtain security settings for a hostname.
112 112
113 113 Returns a dict of settings relevant to that hostname.
114 114 """
115 115 s = {
116 116 # Whether we should attempt to load default/available CA certs
117 117 # if an explicit ``cafile`` is not defined.
118 118 'allowloaddefaultcerts': True,
119 119 # List of 2-tuple of (hash algorithm, hash).
120 120 'certfingerprints': [],
121 121 # Path to file containing concatenated CA certs. Used by
122 122 # SSLContext.load_verify_locations().
123 123 'cafile': None,
124 124 # Whether certificate verification should be disabled.
125 125 'disablecertverification': False,
126 126 # Whether the legacy [hostfingerprints] section has data for this host.
127 127 'legacyfingerprint': False,
128 128 # PROTOCOL_* constant to use for SSLContext.__init__.
129 129 'protocol': None,
130 130 # ssl.CERT_* constant used by SSLContext.verify_mode.
131 131 'verifymode': None,
132 132 # Defines extra ssl.OP* bitwise options to set.
133 133 'ctxoptions': None,
134 134 }
135 135
136 136 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
137 137 # that both ends support, including TLS protocols. On legacy stacks,
138 138 # the highest it likely goes is TLS 1.0. On modern stacks, it can
139 139 # support TLS 1.2.
140 140 #
141 141 # The PROTOCOL_TLSv* constants select a specific TLS version
142 142 # only (as opposed to multiple versions). So the method for
143 143 # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and
144 144 # disable protocols via SSLContext.options and OP_NO_* constants.
145 145 # However, SSLContext.options doesn't work unless we have the
146 146 # full/real SSLContext available to us.
147 147
148 148 # Allow minimum TLS protocol to be specified in the config.
149 149 def validateprotocol(protocol, key):
150 150 if protocol not in configprotocols:
151 151 raise error.Abort(
152 152 _('unsupported protocol from hostsecurity.%s: %s') %
153 153 (key, protocol),
154 154 hint=_('valid protocols: %s') %
155 155 ' '.join(sorted(configprotocols)))
156 156
157 # Legacy Python can only do TLS 1.0. We default to TLS 1.1+ where we
158 # can because TLS 1.0 has known vulnerabilities (like BEAST and POODLE).
159 # We allow users to downgrade to TLS 1.0+ via config options in case a
160 # legacy server is encountered.
161 if modernssl:
162 defaultprotocol = 'tls1.1'
163 else:
164 defaultprotocol = 'tls1.0'
165
157 166 key = 'minimumprotocol'
158 # Default to TLS 1.0+ as that is what browsers are currently doing.
159 protocol = ui.config('hostsecurity', key, 'tls1.0')
167 protocol = ui.config('hostsecurity', key, defaultprotocol)
160 168 validateprotocol(protocol, key)
161 169
162 170 key = '%s:minimumprotocol' % hostname
163 171 protocol = ui.config('hostsecurity', key, protocol)
164 172 validateprotocol(protocol, key)
165 173
166 174 s['protocol'], s['ctxoptions'] = protocolsettings(protocol)
167 175
168 176 # Look for fingerprints in [hostsecurity] section. Value is a list
169 177 # of <alg>:<fingerprint> strings.
170 178 fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname,
171 179 [])
172 180 for fingerprint in fingerprints:
173 181 if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))):
174 182 raise error.Abort(_('invalid fingerprint for %s: %s') % (
175 183 hostname, fingerprint),
176 184 hint=_('must begin with "sha1:", "sha256:", '
177 185 'or "sha512:"'))
178 186
179 187 alg, fingerprint = fingerprint.split(':', 1)
180 188 fingerprint = fingerprint.replace(':', '').lower()
181 189 s['certfingerprints'].append((alg, fingerprint))
182 190
183 191 # Fingerprints from [hostfingerprints] are always SHA-1.
184 192 for fingerprint in ui.configlist('hostfingerprints', hostname, []):
185 193 fingerprint = fingerprint.replace(':', '').lower()
186 194 s['certfingerprints'].append(('sha1', fingerprint))
187 195 s['legacyfingerprint'] = True
188 196
189 197 # If a host cert fingerprint is defined, it is the only thing that
190 198 # matters. No need to validate CA certs.
191 199 if s['certfingerprints']:
192 200 s['verifymode'] = ssl.CERT_NONE
193 201 s['allowloaddefaultcerts'] = False
194 202
195 203 # If --insecure is used, don't take CAs into consideration.
196 204 elif ui.insecureconnections:
197 205 s['disablecertverification'] = True
198 206 s['verifymode'] = ssl.CERT_NONE
199 207 s['allowloaddefaultcerts'] = False
200 208
201 209 if ui.configbool('devel', 'disableloaddefaultcerts'):
202 210 s['allowloaddefaultcerts'] = False
203 211
204 212 # If both fingerprints and a per-host ca file are specified, issue a warning
205 213 # because users should not be surprised about what security is or isn't
206 214 # being performed.
207 215 cafile = ui.config('hostsecurity', '%s:verifycertsfile' % hostname)
208 216 if s['certfingerprints'] and cafile:
209 217 ui.warn(_('(hostsecurity.%s:verifycertsfile ignored when host '
210 218 'fingerprints defined; using host fingerprints for '
211 219 'verification)\n') % hostname)
212 220
213 221 # Try to hook up CA certificate validation unless something above
214 222 # makes it not necessary.
215 223 if s['verifymode'] is None:
216 224 # Look at per-host ca file first.
217 225 if cafile:
218 226 cafile = util.expandpath(cafile)
219 227 if not os.path.exists(cafile):
220 228 raise error.Abort(_('path specified by %s does not exist: %s') %
221 229 ('hostsecurity.%s:verifycertsfile' % hostname,
222 230 cafile))
223 231 s['cafile'] = cafile
224 232 else:
225 233 # Find global certificates file in config.
226 234 cafile = ui.config('web', 'cacerts')
227 235
228 236 if cafile:
229 237 cafile = util.expandpath(cafile)
230 238 if not os.path.exists(cafile):
231 239 raise error.Abort(_('could not find web.cacerts: %s') %
232 240 cafile)
233 241 elif s['allowloaddefaultcerts']:
234 242 # CAs not defined in config. Try to find system bundles.
235 243 cafile = _defaultcacerts(ui)
236 244 if cafile:
237 245 ui.debug('using %s for CA file\n' % cafile)
238 246
239 247 s['cafile'] = cafile
240 248
241 249 # Require certificate validation if CA certs are being loaded and
242 250 # verification hasn't been disabled above.
243 251 if cafile or (_canloaddefaultcerts and s['allowloaddefaultcerts']):
244 252 s['verifymode'] = ssl.CERT_REQUIRED
245 253 else:
246 254 # At this point we don't have a fingerprint, aren't being
247 255 # explicitly insecure, and can't load CA certs. Connecting
248 256 # is insecure. We allow the connection and abort during
249 257 # validation (once we have the fingerprint to print to the
250 258 # user).
251 259 s['verifymode'] = ssl.CERT_NONE
252 260
253 261 assert s['protocol'] is not None
254 262 assert s['ctxoptions'] is not None
255 263 assert s['verifymode'] is not None
256 264
257 265 return s
258 266
259 267 def protocolsettings(protocol):
260 268 """Resolve the protocol and context options for a config value."""
261 269 if protocol not in configprotocols:
262 270 raise ValueError('protocol value not supported: %s' % protocol)
263 271
264 272 # Legacy ssl module only supports up to TLS 1.0. Ideally we'd use
265 273 # PROTOCOL_SSLv23 and options to disable SSLv2 and SSLv3. However,
266 274 # SSLContext.options doesn't work in our implementation since we use
267 275 # a fake SSLContext on these Python versions.
268 276 if not modernssl:
269 277 if protocol != 'tls1.0':
270 278 raise error.Abort(_('current Python does not support protocol '
271 279 'setting %s') % protocol,
272 280 hint=_('upgrade Python or disable setting since '
273 281 'only TLS 1.0 is supported'))
274 282
275 283 return ssl.PROTOCOL_TLSv1, 0
276 284
277 285 # WARNING: returned options don't work unless the modern ssl module
278 286 # is available. Be careful when adding options here.
279 287
280 288 # SSLv2 and SSLv3 are broken. We ban them outright.
281 289 options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
282 290
283 291 if protocol == 'tls1.0':
284 292 # Defaults above are to use TLS 1.0+
285 293 pass
286 294 elif protocol == 'tls1.1':
287 295 options |= ssl.OP_NO_TLSv1
288 296 elif protocol == 'tls1.2':
289 297 options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
290 298 else:
291 299 raise error.Abort(_('this should not happen'))
292 300
293 301 # Prevent CRIME.
294 302 # There is no guarantee this attribute is defined on the module.
295 303 options |= getattr(ssl, 'OP_NO_COMPRESSION', 0)
296 304
297 305 return ssl.PROTOCOL_SSLv23, options
298 306
299 307 def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None):
300 308 """Add SSL/TLS to a socket.
301 309
302 310 This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane
303 311 choices based on what security options are available.
304 312
305 313 In addition to the arguments supported by ``ssl.wrap_socket``, we allow
306 314 the following additional arguments:
307 315
308 316 * serverhostname - The expected hostname of the remote server. If the
309 317 server (and client) support SNI, this tells the server which certificate
310 318 to use.
311 319 """
312 320 if not serverhostname:
313 321 raise error.Abort(_('serverhostname argument is required'))
314 322
315 323 settings = _hostsettings(ui, serverhostname)
316 324
317 325 # We can't use ssl.create_default_context() because it calls
318 326 # load_default_certs() unless CA arguments are passed to it. We want to
319 327 # have explicit control over CA loading because implicitly loading
320 328 # CAs may undermine the user's intent. For example, a user may define a CA
321 329 # bundle with a specific CA cert removed. If the system/default CA bundle
322 330 # is loaded and contains that removed CA, you've just undone the user's
323 331 # choice.
324 332 sslcontext = SSLContext(settings['protocol'])
325 333
326 334 # This is a no-op unless using modern ssl.
327 335 sslcontext.options |= settings['ctxoptions']
328 336
329 337 # This still works on our fake SSLContext.
330 338 sslcontext.verify_mode = settings['verifymode']
331 339
332 340 if certfile is not None:
333 341 def password():
334 342 f = keyfile or certfile
335 343 return ui.getpass(_('passphrase for %s: ') % f, '')
336 344 sslcontext.load_cert_chain(certfile, keyfile, password)
337 345
338 346 if settings['cafile'] is not None:
339 347 try:
340 348 sslcontext.load_verify_locations(cafile=settings['cafile'])
341 349 except ssl.SSLError as e:
342 350 raise error.Abort(_('error loading CA file %s: %s') % (
343 351 settings['cafile'], e.args[1]),
344 352 hint=_('file is empty or malformed?'))
345 353 caloaded = True
346 354 elif settings['allowloaddefaultcerts']:
347 355 # This is a no-op on old Python.
348 356 sslcontext.load_default_certs()
349 357 caloaded = True
350 358 else:
351 359 caloaded = False
352 360
353 361 try:
354 362 sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)
355 363 except ssl.SSLError as e:
356 364 # If we're doing certificate verification and no CA certs are loaded,
357 365 # that is almost certainly the reason why verification failed. Provide
358 366 # a hint to the user.
359 367 # Only modern ssl module exposes SSLContext.get_ca_certs() so we can
360 368 # only show this warning if modern ssl is available.
361 369 if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and
362 370 modernssl and not sslcontext.get_ca_certs()):
363 371 ui.warn(_('(an attempt was made to load CA certificates but none '
364 372 'were loaded; see '
365 373 'https://mercurial-scm.org/wiki/SecureConnections for '
366 374 'how to configure Mercurial to avoid this error)\n'))
367 375 # Try to print more helpful error messages for known failures.
368 376 if util.safehasattr(e, 'reason'):
369 377 if e.reason == 'UNSUPPORTED_PROTOCOL':
370 378 ui.warn(_('(could not negotiate a common protocol; see '
371 379 'https://mercurial-scm.org/wiki/SecureConnections '
372 380 'for how to configure Mercurial to avoid this '
373 381 'error)\n'))
374 382 raise
375 383
376 384 # check if wrap_socket failed silently because socket had been
377 385 # closed
378 386 # - see http://bugs.python.org/issue13721
379 387 if not sslsocket.cipher():
380 388 raise error.Abort(_('ssl connection failed'))
381 389
382 390 sslsocket._hgstate = {
383 391 'caloaded': caloaded,
384 392 'hostname': serverhostname,
385 393 'settings': settings,
386 394 'ui': ui,
387 395 }
388 396
389 397 return sslsocket
390 398
391 399 def wrapserversocket(sock, ui, certfile=None, keyfile=None, cafile=None,
392 400 requireclientcert=False):
393 401 """Wrap a socket for use by servers.
394 402
395 403 ``certfile`` and ``keyfile`` specify the files containing the certificate's
396 404 public and private keys, respectively. Both keys can be defined in the same
397 405 file via ``certfile`` (the private key must come first in the file).
398 406
399 407 ``cafile`` defines the path to certificate authorities.
400 408
401 409 ``requireclientcert`` specifies whether to require client certificates.
402 410
403 411 Typically ``cafile`` is only defined if ``requireclientcert`` is true.
404 412 """
405 413 protocol, options = protocolsettings('tls1.0')
406 414
407 415 # This config option is intended for use in tests only. It is a giant
408 416 # footgun to kill security. Don't define it.
409 417 exactprotocol = ui.config('devel', 'serverexactprotocol')
410 418 if exactprotocol == 'tls1.0':
411 419 protocol = ssl.PROTOCOL_TLSv1
412 420 elif exactprotocol == 'tls1.1':
413 421 protocol = ssl.PROTOCOL_TLSv1_1
414 422 elif exactprotocol == 'tls1.2':
415 423 protocol = ssl.PROTOCOL_TLSv1_2
416 424 elif exactprotocol:
417 425 raise error.Abort(_('invalid value for serverexactprotocol: %s') %
418 426 exactprotocol)
419 427
420 428 if modernssl:
421 429 # We /could/ use create_default_context() here since it doesn't load
422 430 # CAs when configured for client auth. However, it is hard-coded to
423 431 # use ssl.PROTOCOL_SSLv23 which may not be appropriate here.
424 432 sslcontext = SSLContext(protocol)
425 433 sslcontext.options |= options
426 434
427 435 # Improve forward secrecy.
428 436 sslcontext.options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0)
429 437 sslcontext.options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0)
430 438
431 439 # Use the list of more secure ciphers if found in the ssl module.
432 440 if util.safehasattr(ssl, '_RESTRICTED_SERVER_CIPHERS'):
433 441 sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0)
434 442 sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS)
435 443 else:
436 444 sslcontext = SSLContext(ssl.PROTOCOL_TLSv1)
437 445
438 446 if requireclientcert:
439 447 sslcontext.verify_mode = ssl.CERT_REQUIRED
440 448 else:
441 449 sslcontext.verify_mode = ssl.CERT_NONE
442 450
443 451 if certfile or keyfile:
444 452 sslcontext.load_cert_chain(certfile=certfile, keyfile=keyfile)
445 453
446 454 if cafile:
447 455 sslcontext.load_verify_locations(cafile=cafile)
448 456
449 457 return sslcontext.wrap_socket(sock, server_side=True)
450 458
451 459 class wildcarderror(Exception):
452 460 """Represents an error parsing wildcards in DNS name."""
453 461
454 462 def _dnsnamematch(dn, hostname, maxwildcards=1):
455 463 """Match DNS names according RFC 6125 section 6.4.3.
456 464
457 465 This code is effectively copied from CPython's ssl._dnsname_match.
458 466
459 467 Returns a bool indicating whether the expected hostname matches
460 468 the value in ``dn``.
461 469 """
462 470 pats = []
463 471 if not dn:
464 472 return False
465 473
466 474 pieces = dn.split(r'.')
467 475 leftmost = pieces[0]
468 476 remainder = pieces[1:]
469 477 wildcards = leftmost.count('*')
470 478 if wildcards > maxwildcards:
471 479 raise wildcarderror(
472 480 _('too many wildcards in certificate DNS name: %s') % dn)
473 481
474 482 # speed up common case w/o wildcards
475 483 if not wildcards:
476 484 return dn.lower() == hostname.lower()
477 485
478 486 # RFC 6125, section 6.4.3, subitem 1.
479 487 # The client SHOULD NOT attempt to match a presented identifier in which
480 488 # the wildcard character comprises a label other than the left-most label.
481 489 if leftmost == '*':
482 490 # When '*' is a fragment by itself, it matches a non-empty dotless
483 491 # fragment.
484 492 pats.append('[^.]+')
485 493 elif leftmost.startswith('xn--') or hostname.startswith('xn--'):
486 494 # RFC 6125, section 6.4.3, subitem 3.
487 495 # The client SHOULD NOT attempt to match a presented identifier
488 496 # where the wildcard character is embedded within an A-label or
489 497 # U-label of an internationalized domain name.
490 498 pats.append(re.escape(leftmost))
491 499 else:
492 500 # Otherwise, '*' matches any dotless string, e.g. www*
493 501 pats.append(re.escape(leftmost).replace(r'\*', '[^.]*'))
494 502
495 503 # add the remaining fragments, ignore any wildcards
496 504 for frag in remainder:
497 505 pats.append(re.escape(frag))
498 506
499 507 pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE)
500 508 return pat.match(hostname) is not None
501 509
502 510 def _verifycert(cert, hostname):
503 511 '''Verify that cert (in socket.getpeercert() format) matches hostname.
504 512 CRLs is not handled.
505 513
506 514 Returns error message if any problems are found and None on success.
507 515 '''
508 516 if not cert:
509 517 return _('no certificate received')
510 518
511 519 dnsnames = []
512 520 san = cert.get('subjectAltName', [])
513 521 for key, value in san:
514 522 if key == 'DNS':
515 523 try:
516 524 if _dnsnamematch(value, hostname):
517 525 return
518 526 except wildcarderror as e:
519 527 return e.args[0]
520 528
521 529 dnsnames.append(value)
522 530
523 531 if not dnsnames:
524 532 # The subject is only checked when there is no DNS in subjectAltName.
525 533 for sub in cert.get('subject', []):
526 534 for key, value in sub:
527 535 # According to RFC 2818 the most specific Common Name must
528 536 # be used.
529 537 if key == 'commonName':
530 538 # 'subject' entries are unicide.
531 539 try:
532 540 value = value.encode('ascii')
533 541 except UnicodeEncodeError:
534 542 return _('IDN in certificate not supported')
535 543
536 544 try:
537 545 if _dnsnamematch(value, hostname):
538 546 return
539 547 except wildcarderror as e:
540 548 return e.args[0]
541 549
542 550 dnsnames.append(value)
543 551
544 552 if len(dnsnames) > 1:
545 553 return _('certificate is for %s') % ', '.join(dnsnames)
546 554 elif len(dnsnames) == 1:
547 555 return _('certificate is for %s') % dnsnames[0]
548 556 else:
549 557 return _('no commonName or subjectAltName found in certificate')
550 558
551 559 def _plainapplepython():
552 560 """return true if this seems to be a pure Apple Python that
553 561 * is unfrozen and presumably has the whole mercurial module in the file
554 562 system
555 563 * presumably is an Apple Python that uses Apple OpenSSL which has patches
556 564 for using system certificate store CAs in addition to the provided
557 565 cacerts file
558 566 """
559 567 if sys.platform != 'darwin' or util.mainfrozen() or not sys.executable:
560 568 return False
561 569 exe = os.path.realpath(sys.executable).lower()
562 570 return (exe.startswith('/usr/bin/python') or
563 571 exe.startswith('/system/library/frameworks/python.framework/'))
564 572
565 573 _systemcacertpaths = [
566 574 # RHEL, CentOS, and Fedora
567 575 '/etc/pki/tls/certs/ca-bundle.trust.crt',
568 576 # Debian, Ubuntu, Gentoo
569 577 '/etc/ssl/certs/ca-certificates.crt',
570 578 ]
571 579
572 580 def _defaultcacerts(ui):
573 581 """return path to default CA certificates or None.
574 582
575 583 It is assumed this function is called when the returned certificates
576 584 file will actually be used to validate connections. Therefore this
577 585 function may print warnings or debug messages assuming this usage.
578 586
579 587 We don't print a message when the Python is able to load default
580 588 CA certs because this scenario is detected at socket connect time.
581 589 """
582 590 # The "certifi" Python package provides certificates. If it is installed,
583 591 # assume the user intends it to be used and use it.
584 592 try:
585 593 import certifi
586 594 certs = certifi.where()
587 595 ui.debug('using ca certificates from certifi\n')
588 596 return certs
589 597 except ImportError:
590 598 pass
591 599
592 600 # On Windows, only the modern ssl module is capable of loading the system
593 601 # CA certificates. If we're not capable of doing that, emit a warning
594 602 # because we'll get a certificate verification error later and the lack
595 603 # of loaded CA certificates will be the reason why.
596 604 # Assertion: this code is only called if certificates are being verified.
597 605 if os.name == 'nt':
598 606 if not _canloaddefaultcerts:
599 607 ui.warn(_('(unable to load Windows CA certificates; see '
600 608 'https://mercurial-scm.org/wiki/SecureConnections for '
601 609 'how to configure Mercurial to avoid this message)\n'))
602 610
603 611 return None
604 612
605 613 # Apple's OpenSSL has patches that allow a specially constructed certificate
606 614 # to load the system CA store. If we're running on Apple Python, use this
607 615 # trick.
608 616 if _plainapplepython():
609 617 dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
610 618 if os.path.exists(dummycert):
611 619 return dummycert
612 620
613 621 # The Apple OpenSSL trick isn't available to us. If Python isn't able to
614 622 # load system certs, we're out of luck.
615 623 if sys.platform == 'darwin':
616 624 # FUTURE Consider looking for Homebrew or MacPorts installed certs
617 625 # files. Also consider exporting the keychain certs to a file during
618 626 # Mercurial install.
619 627 if not _canloaddefaultcerts:
620 628 ui.warn(_('(unable to load CA certificates; see '
621 629 'https://mercurial-scm.org/wiki/SecureConnections for '
622 630 'how to configure Mercurial to avoid this message)\n'))
623 631 return None
624 632
625 633 # / is writable on Windows. Out of an abundance of caution make sure
626 634 # we're not on Windows because paths from _systemcacerts could be installed
627 635 # by non-admin users.
628 636 assert os.name != 'nt'
629 637
630 638 # Try to find CA certificates in well-known locations. We print a warning
631 639 # when using a found file because we don't want too much silent magic
632 640 # for security settings. The expectation is that proper Mercurial
633 641 # installs will have the CA certs path defined at install time and the
634 642 # installer/packager will make an appropriate decision on the user's
635 643 # behalf. We only get here and perform this setting as a feature of
636 644 # last resort.
637 645 if not _canloaddefaultcerts:
638 646 for path in _systemcacertpaths:
639 647 if os.path.isfile(path):
640 648 ui.warn(_('(using CA certificates from %s; if you see this '
641 649 'message, your Mercurial install is not properly '
642 650 'configured; see '
643 651 'https://mercurial-scm.org/wiki/SecureConnections '
644 652 'for how to configure Mercurial to avoid this '
645 653 'message)\n') % path)
646 654 return path
647 655
648 656 ui.warn(_('(unable to load CA certificates; see '
649 657 'https://mercurial-scm.org/wiki/SecureConnections for '
650 658 'how to configure Mercurial to avoid this message)\n'))
651 659
652 660 return None
653 661
654 662 def validatesocket(sock):
655 663 """Validate a socket meets security requiremnets.
656 664
657 665 The passed socket must have been created with ``wrapsocket()``.
658 666 """
659 667 host = sock._hgstate['hostname']
660 668 ui = sock._hgstate['ui']
661 669 settings = sock._hgstate['settings']
662 670
663 671 try:
664 672 peercert = sock.getpeercert(True)
665 673 peercert2 = sock.getpeercert()
666 674 except AttributeError:
667 675 raise error.Abort(_('%s ssl connection error') % host)
668 676
669 677 if not peercert:
670 678 raise error.Abort(_('%s certificate error: '
671 679 'no certificate received') % host)
672 680
673 681 if settings['disablecertverification']:
674 682 # We don't print the certificate fingerprint because it shouldn't
675 683 # be necessary: if the user requested certificate verification be
676 684 # disabled, they presumably already saw a message about the inability
677 685 # to verify the certificate and this message would have printed the
678 686 # fingerprint. So printing the fingerprint here adds little to no
679 687 # value.
680 688 ui.warn(_('warning: connection security to %s is disabled per current '
681 689 'settings; communication is susceptible to eavesdropping '
682 690 'and tampering\n') % host)
683 691 return
684 692
685 693 # If a certificate fingerprint is pinned, use it and only it to
686 694 # validate the remote cert.
687 695 peerfingerprints = {
688 696 'sha1': hashlib.sha1(peercert).hexdigest(),
689 697 'sha256': hashlib.sha256(peercert).hexdigest(),
690 698 'sha512': hashlib.sha512(peercert).hexdigest(),
691 699 }
692 700
693 701 def fmtfingerprint(s):
694 702 return ':'.join([s[x:x + 2] for x in range(0, len(s), 2)])
695 703
696 704 nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256'])
697 705
698 706 if settings['certfingerprints']:
699 707 for hash, fingerprint in settings['certfingerprints']:
700 708 if peerfingerprints[hash].lower() == fingerprint:
701 709 ui.debug('%s certificate matched fingerprint %s:%s\n' %
702 710 (host, hash, fmtfingerprint(fingerprint)))
703 711 return
704 712
705 713 # Pinned fingerprint didn't match. This is a fatal error.
706 714 if settings['legacyfingerprint']:
707 715 section = 'hostfingerprint'
708 716 nice = fmtfingerprint(peerfingerprints['sha1'])
709 717 else:
710 718 section = 'hostsecurity'
711 719 nice = '%s:%s' % (hash, fmtfingerprint(peerfingerprints[hash]))
712 720 raise error.Abort(_('certificate for %s has unexpected '
713 721 'fingerprint %s') % (host, nice),
714 722 hint=_('check %s configuration') % section)
715 723
716 724 # Security is enabled but no CAs are loaded. We can't establish trust
717 725 # for the cert so abort.
718 726 if not sock._hgstate['caloaded']:
719 727 raise error.Abort(
720 728 _('unable to verify security of %s (no loaded CA certificates); '
721 729 'refusing to connect') % host,
722 730 hint=_('see https://mercurial-scm.org/wiki/SecureConnections for '
723 731 'how to configure Mercurial to avoid this error or set '
724 732 'hostsecurity.%s:fingerprints=%s to trust this server') %
725 733 (host, nicefingerprint))
726 734
727 735 msg = _verifycert(peercert2, host)
728 736 if msg:
729 737 raise error.Abort(_('%s certificate error: %s') % (host, msg),
730 738 hint=_('set hostsecurity.%s:certfingerprints=%s '
731 739 'config setting or use --insecure to connect '
732 740 'insecurely') %
733 741 (host, nicefingerprint))
Show file before | Show file after | Hide comments
@@ -1,503 +1,508 b''
1 1 #require serve ssl
2 2
3 3 Proper https client requires the built-in ssl from Python 2.6.
4 4
5 5 Make server certificates:
6 6
7 7 $ CERTSDIR="$TESTDIR/sslcerts"
8 8 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
9 9 $ PRIV=`pwd`/server.pem
10 10 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem
11 11 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem
12 12
13 13 $ hg init test
14 14 $ cd test
15 15 $ echo foo>foo
16 16 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
17 17 $ echo foo>foo.d/foo
18 18 $ echo bar>foo.d/bAr.hg.d/BaR
19 19 $ echo bar>foo.d/baR.d.hg/bAR
20 20 $ hg commit -A -m 1
21 21 adding foo
22 22 adding foo.d/bAr.hg.d/BaR
23 23 adding foo.d/baR.d.hg/bAR
24 24 adding foo.d/foo
25 25 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
26 26 $ cat ../hg0.pid >> $DAEMON_PIDS
27 27
28 28 cacert not found
29 29
30 30 $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
31 31 abort: could not find web.cacerts: no-such.pem
32 32 [255]
33 33
34 34 Test server address cannot be reused
35 35
36 36 #if windows
37 37 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
38 38 abort: cannot start server at ':$HGPORT':
39 39 [255]
40 40 #else
41 41 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
42 42 abort: cannot start server at ':$HGPORT': Address already in use
43 43 [255]
44 44 #endif
45 45 $ cd ..
46 46
47 47 Our test cert is not signed by a trusted CA. It should fail to verify if
48 48 we are able to load CA certs.
49 49
50 50 #if sslcontext defaultcacerts no-defaultcacertsloaded
51 51 $ hg clone https://localhost:$HGPORT/ copy-pull
52 52 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
53 53 abort: error: *certificate verify failed* (glob)
54 54 [255]
55 55 #endif
56 56
57 57 #if no-sslcontext defaultcacerts
58 58 $ hg clone https://localhost:$HGPORT/ copy-pull
59 59 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
60 60 abort: error: *certificate verify failed* (glob)
61 61 [255]
62 62 #endif
63 63
64 64 #if no-sslcontext windows
65 65 $ hg clone https://localhost:$HGPORT/ copy-pull
66 66 (unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
67 67 abort: error: *certificate verify failed* (glob)
68 68 [255]
69 69 #endif
70 70
71 71 #if no-sslcontext osx
72 72 $ hg clone https://localhost:$HGPORT/ copy-pull
73 73 (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
74 74 abort: localhost certificate error: no certificate received
75 75 (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
76 76 [255]
77 77 #endif
78 78
79 79 #if defaultcacertsloaded
80 80 $ hg clone https://localhost:$HGPORT/ copy-pull
81 81 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
82 82 abort: error: *certificate verify failed* (glob)
83 83 [255]
84 84 #endif
85 85
86 86 #if no-defaultcacerts
87 87 $ hg clone https://localhost:$HGPORT/ copy-pull
88 88 (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
89 89 abort: localhost certificate error: no certificate received
90 90 (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
91 91 [255]
92 92 #endif
93 93
94 94 Specifying a per-host certificate file that doesn't exist will abort
95 95
96 96 $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/
97 97 abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: /does/not/exist
98 98 [255]
99 99
100 100 A malformed per-host certificate file will raise an error
101 101
102 102 $ echo baddata > badca.pem
103 103 #if sslcontext
104 104 $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
105 105 abort: error loading CA file badca.pem: * (glob)
106 106 (file is empty or malformed?)
107 107 [255]
108 108 #else
109 109 $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
110 110 abort: error: * (glob)
111 111 [255]
112 112 #endif
113 113
114 114 A per-host certificate mismatching the server will fail verification
115 115
116 116 (modern ssl is able to discern whether the loaded cert is a CA cert)
117 117 #if sslcontext
118 118 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
119 119 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
120 120 abort: error: *certificate verify failed* (glob)
121 121 [255]
122 122 #else
123 123 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
124 124 abort: error: *certificate verify failed* (glob)
125 125 [255]
126 126 #endif
127 127
128 128 A per-host certificate matching the server's cert will be accepted
129 129
130 130 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1
131 131 requesting all changes
132 132 adding changesets
133 133 adding manifests
134 134 adding file changes
135 135 added 1 changesets with 4 changes to 4 files
136 136
137 137 A per-host certificate with multiple certs and one matching will be accepted
138 138
139 139 $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem
140 140 $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2
141 141 requesting all changes
142 142 adding changesets
143 143 adding manifests
144 144 adding file changes
145 145 added 1 changesets with 4 changes to 4 files
146 146
147 147 Defining both per-host certificate and a fingerprint will print a warning
148 148
149 149 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning
150 150 (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification)
151 151 requesting all changes
152 152 adding changesets
153 153 adding manifests
154 154 adding file changes
155 155 added 1 changesets with 4 changes to 4 files
156 156
157 157 $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
158 158
159 159 Inability to verify peer certificate will result in abort
160 160
161 161 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
162 162 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
163 163 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
164 164 [255]
165 165
166 166 $ hg clone --insecure https://localhost:$HGPORT/ copy-pull
167 167 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
168 168 requesting all changes
169 169 adding changesets
170 170 adding manifests
171 171 adding file changes
172 172 added 1 changesets with 4 changes to 4 files
173 173 updating to branch default
174 174 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
175 175 $ hg verify -R copy-pull
176 176 checking changesets
177 177 checking manifests
178 178 crosschecking files in changesets and manifests
179 179 checking files
180 180 4 files, 1 changesets, 4 total revisions
181 181 $ cd test
182 182 $ echo bar > bar
183 183 $ hg commit -A -d '1 0' -m 2
184 184 adding bar
185 185 $ cd ..
186 186
187 187 pull without cacert
188 188
189 189 $ cd copy-pull
190 190 $ echo '[hooks]' >> .hg/hgrc
191 191 $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc
192 192 $ hg pull $DISABLECACERTS
193 193 pulling from https://localhost:$HGPORT/
194 194 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
195 195 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
196 196 [255]
197 197
198 198 $ hg pull --insecure
199 199 pulling from https://localhost:$HGPORT/
200 200 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
201 201 searching for changes
202 202 adding changesets
203 203 adding manifests
204 204 adding file changes
205 205 added 1 changesets with 1 changes to 1 files
206 206 changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:* HG_URL=https://localhost:$HGPORT/ (glob)
207 207 (run 'hg update' to get a working copy)
208 208 $ cd ..
209 209
210 210 cacert configured in local repo
211 211
212 212 $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
213 213 $ echo "[web]" >> copy-pull/.hg/hgrc
214 214 $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc
215 215 $ hg -R copy-pull pull --traceback
216 216 pulling from https://localhost:$HGPORT/
217 217 searching for changes
218 218 no changes found
219 219 $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
220 220
221 221 cacert configured globally, also testing expansion of environment
222 222 variables in the filename
223 223
224 224 $ echo "[web]" >> $HGRCPATH
225 225 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
226 226 $ P="$CERTSDIR" hg -R copy-pull pull
227 227 pulling from https://localhost:$HGPORT/
228 228 searching for changes
229 229 no changes found
230 230 $ P="$CERTSDIR" hg -R copy-pull pull --insecure
231 231 pulling from https://localhost:$HGPORT/
232 232 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
233 233 searching for changes
234 234 no changes found
235 235
236 236 empty cacert file
237 237
238 238 $ touch emptycafile
239 239
240 240 #if sslcontext
241 241 $ hg --config web.cacerts=emptycafile -R copy-pull pull
242 242 pulling from https://localhost:$HGPORT/
243 243 abort: error loading CA file emptycafile: * (glob)
244 244 (file is empty or malformed?)
245 245 [255]
246 246 #else
247 247 $ hg --config web.cacerts=emptycafile -R copy-pull pull
248 248 pulling from https://localhost:$HGPORT/
249 249 abort: error: * (glob)
250 250 [255]
251 251 #endif
252 252
253 253 cacert mismatch
254 254
255 255 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
256 256 > https://127.0.0.1:$HGPORT/
257 257 pulling from https://127.0.0.1:$HGPORT/ (glob)
258 258 abort: 127.0.0.1 certificate error: certificate is for localhost (glob)
259 259 (set hostsecurity.127.0.0.1:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) (glob)
260 260 [255]
261 261 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
262 262 > https://127.0.0.1:$HGPORT/ --insecure
263 263 pulling from https://127.0.0.1:$HGPORT/ (glob)
264 264 warning: connection security to 127.0.0.1 is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob)
265 265 searching for changes
266 266 no changes found
267 267 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
268 268 pulling from https://localhost:$HGPORT/
269 269 abort: error: *certificate verify failed* (glob)
270 270 [255]
271 271 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
272 272 > --insecure
273 273 pulling from https://localhost:$HGPORT/
274 274 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
275 275 searching for changes
276 276 no changes found
277 277
278 278 Test server cert which isn't valid yet
279 279
280 280 $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
281 281 $ cat hg1.pid >> $DAEMON_PIDS
282 282 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \
283 283 > https://localhost:$HGPORT1/
284 284 pulling from https://localhost:$HGPORT1/
285 285 abort: error: *certificate verify failed* (glob)
286 286 [255]
287 287
288 288 Test server cert which no longer is valid
289 289
290 290 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
291 291 $ cat hg2.pid >> $DAEMON_PIDS
292 292 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \
293 293 > https://localhost:$HGPORT2/
294 294 pulling from https://localhost:$HGPORT2/
295 295 abort: error: *certificate verify failed* (glob)
296 296 [255]
297 297
298 298 Fingerprints
299 299
300 300 - works without cacerts (hostkeyfingerprints)
301 301 $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
302 302 5fed3813f7f5
303 303
304 304 - works without cacerts (hostsecurity)
305 305 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
306 306 5fed3813f7f5
307 307
308 308 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
309 309 5fed3813f7f5
310 310
311 311 - multiple fingerprints specified and first matches
312 312 $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
313 313 5fed3813f7f5
314 314
315 315 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
316 316 5fed3813f7f5
317 317
318 318 - multiple fingerprints specified and last matches
319 319 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure
320 320 5fed3813f7f5
321 321
322 322 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/
323 323 5fed3813f7f5
324 324
325 325 - multiple fingerprints specified and none match
326 326
327 327 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
328 328 abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
329 329 (check hostfingerprint configuration)
330 330 [255]
331 331
332 332 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
333 333 abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
334 334 (check hostsecurity configuration)
335 335 [255]
336 336
337 337 - fails when cert doesn't match hostname (port is ignored)
338 338 $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
339 339 abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84
340 340 (check hostfingerprint configuration)
341 341 [255]
342 342
343 343
344 344 - ignores that certificate doesn't match hostname
345 345 $ hg -R copy-pull id https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
346 346 5fed3813f7f5
347 347
348 348 Ports used by next test. Kill servers.
349 349
350 350 $ killdaemons.py hg0.pid
351 351 $ killdaemons.py hg1.pid
352 352 $ killdaemons.py hg2.pid
353 353
354 354 #if sslcontext
355 355 Start servers running supported TLS versions
356 356
357 357 $ cd test
358 358 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
359 359 > --config devel.serverexactprotocol=tls1.0
360 360 $ cat ../hg0.pid >> $DAEMON_PIDS
361 361 $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
362 362 > --config devel.serverexactprotocol=tls1.1
363 363 $ cat ../hg1.pid >> $DAEMON_PIDS
364 364 $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
365 365 > --config devel.serverexactprotocol=tls1.2
366 366 $ cat ../hg2.pid >> $DAEMON_PIDS
367 367 $ cd ..
368 368
369 369 Clients talking same TLS versions work
370 370
371 371 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/
372 372 5fed3813f7f5
373 373 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/
374 374 5fed3813f7f5
375 375 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
376 376 5fed3813f7f5
377 377
378 378 Clients requiring newer TLS version than what server supports fail
379 379
380 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
381 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
382 abort: error: *unsupported protocol* (glob)
383 [255]
384
380 385 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/
381 386 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
382 387 abort: error: *unsupported protocol* (glob)
383 388 [255]
384 389 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/
385 390 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
386 391 abort: error: *unsupported protocol* (glob)
387 392 [255]
388 393 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/
389 394 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
390 395 abort: error: *unsupported protocol* (glob)
391 396 [255]
392 397
393 398 The per-host config option overrides the default
394 399
395 400 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
396 401 > --config hostsecurity.minimumprotocol=tls1.2 \
397 402 > --config hostsecurity.localhost:minimumprotocol=tls1.0
398 403 5fed3813f7f5
399 404
400 405 The per-host config option by itself works
401 406
402 407 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
403 408 > --config hostsecurity.localhost:minimumprotocol=tls1.2
404 409 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
405 410 abort: error: *unsupported protocol* (glob)
406 411 [255]
407 412
408 413 $ killdaemons.py hg0.pid
409 414 $ killdaemons.py hg1.pid
410 415 $ killdaemons.py hg2.pid
411 416 #endif
412 417
413 418 Prepare for connecting through proxy
414 419
415 420 $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV
416 421 $ cat hg0.pid >> $DAEMON_PIDS
417 422 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
418 423 $ cat hg2.pid >> $DAEMON_PIDS
419 424 tinyproxy.py doesn't fully detach, so killing it may result in extra output
420 425 from the shell. So don't kill it.
421 426 $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
422 427 $ while [ ! -f proxy.pid ]; do sleep 0; done
423 428 $ cat proxy.pid >> $DAEMON_PIDS
424 429
425 430 $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
426 431 $ echo "always=True" >> copy-pull/.hg/hgrc
427 432 $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
428 433 $ echo "localhost =" >> copy-pull/.hg/hgrc
429 434
430 435 Test unvalidated https through proxy
431 436
432 437 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure --traceback
433 438 pulling from https://localhost:$HGPORT/
434 439 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
435 440 searching for changes
436 441 no changes found
437 442
438 443 Test https with cacert and fingerprint through proxy
439 444
440 445 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
441 446 > --config web.cacerts="$CERTSDIR/pub.pem"
442 447 pulling from https://localhost:$HGPORT/
443 448 searching for changes
444 449 no changes found
445 450 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
446 451 pulling from https://127.0.0.1:$HGPORT/ (glob)
447 452 searching for changes
448 453 no changes found
449 454
450 455 Test https with cert problems through proxy
451 456
452 457 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
453 458 > --config web.cacerts="$CERTSDIR/pub-other.pem"
454 459 pulling from https://localhost:$HGPORT/
455 460 abort: error: *certificate verify failed* (glob)
456 461 [255]
457 462 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
458 463 > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
459 464 pulling from https://localhost:$HGPORT2/
460 465 abort: error: *certificate verify failed* (glob)
461 466 [255]
462 467
463 468
464 469 $ killdaemons.py hg0.pid
465 470
466 471 #if sslcontext
467 472
468 473 Start hgweb that requires client certificates:
469 474
470 475 $ cd test
471 476 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
472 477 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
473 478 $ cat ../hg0.pid >> $DAEMON_PIDS
474 479 $ cd ..
475 480
476 481 without client certificate:
477 482
478 483 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
479 484 abort: error: *handshake failure* (glob)
480 485 [255]
481 486
482 487 with client certificate:
483 488
484 489 $ cat << EOT >> $HGRCPATH
485 490 > [auth]
486 491 > l.prefix = localhost
487 492 > l.cert = $CERTSDIR/client-cert.pem
488 493 > l.key = $CERTSDIR/client-key.pem
489 494 > EOT
490 495
491 496 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
492 497 > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem"
493 498 5fed3813f7f5
494 499
495 500 $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
496 501 > --config ui.interactive=True --config ui.nontty=True
497 502 passphrase for */client-key.pem: 5fed3813f7f5 (glob)
498 503
499 504 $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/
500 505 abort: error: * (glob)
501 506 [255]
502 507
503 508 #endif
General Comments 0
You need to be logged in to leave comments. Login now