##// END OF EJS Templates
sslutil: check for missing certificate and key files (issue5598)...
Gregory Szorc -
r33381:3bdbbadd default
parent child Browse files
Show More
@@ -343,6 +343,13 b' def wrapsocket(sock, keyfile, certfile, '
343 if not serverhostname:
343 if not serverhostname:
344 raise error.Abort(_('serverhostname argument is required'))
344 raise error.Abort(_('serverhostname argument is required'))
345
345
346 for f in (keyfile, certfile):
347 if f and not os.path.exists(f):
348 raise error.Abort(_('certificate file (%s) does not exist; '
349 'cannot connect to %s') % (f, serverhostname),
350 hint=_('restore missing file or fix references '
351 'in Mercurial config'))
352
346 settings = _hostsettings(ui, serverhostname)
353 settings = _hostsettings(ui, serverhostname)
347
354
348 # We can't use ssl.create_default_context() because it calls
355 # We can't use ssl.create_default_context() because it calls
@@ -499,6 +506,13 b' def wrapserversocket(sock, ui, certfile='
499
506
500 Typically ``cafile`` is only defined if ``requireclientcert`` is true.
507 Typically ``cafile`` is only defined if ``requireclientcert`` is true.
501 """
508 """
509 # This function is not used much by core Mercurial, so the error messaging
510 # doesn't have to be as detailed as for wrapsocket().
511 for f in (certfile, keyfile, cafile):
512 if f and not os.path.exists(f):
513 raise error.Abort(_('referenced certificate file (%s) does not '
514 'exist') % f)
515
502 protocol, options, _protocolui = protocolsettings('tls1.0')
516 protocol, options, _protocolui = protocolsettings('tls1.0')
503
517
504 # This config option is intended for use in tests only. It is a giant
518 # This config option is intended for use in tests only. It is a giant
@@ -592,9 +592,22 b' Test https with cert problems through pr'
592
592
593 #if sslcontext
593 #if sslcontext
594
594
595 $ cd test
596
597 Missing certificate file(s) are detected
598
599 $ hg serve -p $HGPORT --certificate=/missing/certificate \
600 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
601 abort: referenced certificate file (/missing/certificate) does not exist
602 [255]
603
604 $ hg serve -p $HGPORT --certificate=$PRIV \
605 > --config devel.servercafile=/missing/cafile --config devel.serverrequirecert=true
606 abort: referenced certificate file (/missing/cafile) does not exist
607 [255]
608
595 Start hgweb that requires client certificates:
609 Start hgweb that requires client certificates:
596
610
597 $ cd test
598 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
611 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
599 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
612 > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
600 $ cat ../hg0.pid >> $DAEMON_PIDS
613 $ cat ../hg0.pid >> $DAEMON_PIDS
@@ -631,4 +644,16 b' with client certificate:'
631 abort: error: * (glob)
644 abort: error: * (glob)
632 [255]
645 [255]
633
646
647 Missing certficate and key files result in error
648
649 $ hg id https://localhost:$HGPORT/ --config auth.l.cert=/missing/cert
650 abort: certificate file (/missing/cert) does not exist; cannot connect to localhost
651 (restore missing file or fix references in Mercurial config)
652 [255]
653
654 $ hg id https://localhost:$HGPORT/ --config auth.l.key=/missing/key
655 abort: certificate file (/missing/key) does not exist; cannot connect to localhost
656 (restore missing file or fix references in Mercurial config)
657 [255]
658
634 #endif
659 #endif
General Comments 0
You need to be logged in to leave comments. Login now