##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sslutil: inform the user about how to fix an incomplete certificate chain...
Matt Harbison -
r33494:30f2715b default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -475,6 +475,12 def wrapsocket(sock, keyfile, certfile,
475 ui.warn(_(
475 ui.warn(_(
476 '(see https://mercurial-scm.org/wiki/SecureConnections '
476 '(see https://mercurial-scm.org/wiki/SecureConnections '
477 'for more info)\n'))
477 'for more info)\n'))
478
479 elif (e.reason == 'CERTIFICATE_VERIFY_FAILED' and
480 pycompat.osname == 'nt'):
481
482 ui.warn(_('(the full certificate chain may not be available '
483 'locally; see "hg help debugssl")\n'))
478 raise
484 raise
479
485
480 # check if wrap_socket failed silently because socket had been
486 # check if wrap_socket failed silently because socket had been
Show file before | Show file after | Hide comments
@@ -84,6 +84,7 we are able to load CA certs.
84 $ hg clone https://localhost:$HGPORT/ copy-pull
84 $ hg clone https://localhost:$HGPORT/ copy-pull
85 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
85 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
86 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
86 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
87 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
87 abort: error: *certificate verify failed* (glob)
88 abort: error: *certificate verify failed* (glob)
88 [255]
89 [255]
89 #endif
90 #endif
@@ -128,6 +129,7 A per-host certificate mismatching the s
128 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
129 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
129 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
130 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
130 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
131 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
132 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
131 abort: error: *certificate verify failed* (glob)
133 abort: error: *certificate verify failed* (glob)
132 [255]
134 [255]
133 #else
135 #else
@@ -295,6 +297,7 cacert mismatch
295 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
297 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
296 pulling from https://localhost:$HGPORT/
298 pulling from https://localhost:$HGPORT/
297 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
299 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
300 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
298 abort: error: *certificate verify failed* (glob)
301 abort: error: *certificate verify failed* (glob)
299 [255]
302 [255]
300 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
303 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
@@ -313,6 +316,7 Test server cert which isn't valid yet
313 > https://localhost:$HGPORT1/
316 > https://localhost:$HGPORT1/
314 pulling from https://localhost:$HGPORT1/
317 pulling from https://localhost:$HGPORT1/
315 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
318 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
319 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
316 abort: error: *certificate verify failed* (glob)
320 abort: error: *certificate verify failed* (glob)
317 [255]
321 [255]
318
322
@@ -324,6 +328,7 Test server cert which no longer is vali
324 > https://localhost:$HGPORT2/
328 > https://localhost:$HGPORT2/
325 pulling from https://localhost:$HGPORT2/
329 pulling from https://localhost:$HGPORT2/
326 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
330 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
331 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
327 abort: error: *certificate verify failed* (glob)
332 abort: error: *certificate verify failed* (glob)
328 [255]
333 [255]
329
334
@@ -578,12 +583,14 Test https with cert problems through pr
578 > --config web.cacerts="$CERTSDIR/pub-other.pem"
583 > --config web.cacerts="$CERTSDIR/pub-other.pem"
579 pulling from https://localhost:$HGPORT/
584 pulling from https://localhost:$HGPORT/
580 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
585 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
586 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
581 abort: error: *certificate verify failed* (glob)
587 abort: error: *certificate verify failed* (glob)
582 [255]
588 [255]
583 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
589 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
584 > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
590 > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
585 pulling from https://localhost:$HGPORT2/
591 pulling from https://localhost:$HGPORT2/
586 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
592 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
593 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
587 abort: error: *certificate verify failed* (glob)
594 abort: error: *certificate verify failed* (glob)
588 [255]
595 [255]
589
596
@@ -619,6 +626,7 without client certificate:
619
626
620 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
627 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
621 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
628 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
629 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
622 abort: error: *handshake failure* (glob)
630 abort: error: *handshake failure* (glob)
623 [255]
631 [255]
624
632
Show file before | Show file after | Hide comments
@@ -67,6 +67,7 we are able to load CA certs:
67
67
68 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
68 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
69 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
69 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
70 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
70 (?i)abort: .*?certificate.verify.failed.* (re)
71 (?i)abort: .*?certificate.verify.failed.* (re)
71 [255]
72 [255]
72
73
@@ -118,6 +119,7 With invalid certificates:
118
119
119
120
120 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
121 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
122 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
121 (?i)abort: .*?certificate.verify.failed.* (re)
123 (?i)abort: .*?certificate.verify.failed.* (re)
122 [255]
124 [255]
123
125
General Comments 0
You need to be logged in to leave comments. Login now