Show More
@@ -343,6 +343,13 b' def wrapsocket(sock, keyfile, certfile, ' | |||||
343 | if not serverhostname: |
|
343 | if not serverhostname: | |
344 | raise error.Abort(_('serverhostname argument is required')) |
|
344 | raise error.Abort(_('serverhostname argument is required')) | |
345 |
|
345 | |||
|
346 | for f in (keyfile, certfile): | |||
|
347 | if f and not os.path.exists(f): | |||
|
348 | raise error.Abort(_('certificate file (%s) does not exist; ' | |||
|
349 | 'cannot connect to %s') % (f, serverhostname), | |||
|
350 | hint=_('restore missing file or fix references ' | |||
|
351 | 'in Mercurial config')) | |||
|
352 | ||||
346 | settings = _hostsettings(ui, serverhostname) |
|
353 | settings = _hostsettings(ui, serverhostname) | |
347 |
|
354 | |||
348 | # We can't use ssl.create_default_context() because it calls |
|
355 | # We can't use ssl.create_default_context() because it calls | |
@@ -499,6 +506,13 b' def wrapserversocket(sock, ui, certfile=' | |||||
499 |
|
506 | |||
500 | Typically ``cafile`` is only defined if ``requireclientcert`` is true. |
|
507 | Typically ``cafile`` is only defined if ``requireclientcert`` is true. | |
501 | """ |
|
508 | """ | |
|
509 | # This function is not used much by core Mercurial, so the error messaging | |||
|
510 | # doesn't have to be as detailed as for wrapsocket(). | |||
|
511 | for f in (certfile, keyfile, cafile): | |||
|
512 | if f and not os.path.exists(f): | |||
|
513 | raise error.Abort(_('referenced certificate file (%s) does not ' | |||
|
514 | 'exist') % f) | |||
|
515 | ||||
502 | protocol, options, _protocolui = protocolsettings('tls1.0') |
|
516 | protocol, options, _protocolui = protocolsettings('tls1.0') | |
503 |
|
517 | |||
504 | # This config option is intended for use in tests only. It is a giant |
|
518 | # This config option is intended for use in tests only. It is a giant |
@@ -592,9 +592,22 b' Test https with cert problems through pr' | |||||
592 |
|
592 | |||
593 | #if sslcontext |
|
593 | #if sslcontext | |
594 |
|
594 | |||
|
595 | $ cd test | |||
|
596 | ||||
|
597 | Missing certificate file(s) are detected | |||
|
598 | ||||
|
599 | $ hg serve -p $HGPORT --certificate=/missing/certificate \ | |||
|
600 | > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true | |||
|
601 | abort: referenced certificate file (/missing/certificate) does not exist | |||
|
602 | [255] | |||
|
603 | ||||
|
604 | $ hg serve -p $HGPORT --certificate=$PRIV \ | |||
|
605 | > --config devel.servercafile=/missing/cafile --config devel.serverrequirecert=true | |||
|
606 | abort: referenced certificate file (/missing/cafile) does not exist | |||
|
607 | [255] | |||
|
608 | ||||
595 | Start hgweb that requires client certificates: |
|
609 | Start hgweb that requires client certificates: | |
596 |
|
610 | |||
597 | $ cd test |
|
|||
598 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ |
|
611 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ | |
599 | > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true |
|
612 | > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true | |
600 | $ cat ../hg0.pid >> $DAEMON_PIDS |
|
613 | $ cat ../hg0.pid >> $DAEMON_PIDS | |
@@ -631,4 +644,16 b' with client certificate:' | |||||
631 | abort: error: * (glob) |
|
644 | abort: error: * (glob) | |
632 | [255] |
|
645 | [255] | |
633 |
|
646 | |||
|
647 | Missing certficate and key files result in error | |||
|
648 | ||||
|
649 | $ hg id https://localhost:$HGPORT/ --config auth.l.cert=/missing/cert | |||
|
650 | abort: certificate file (/missing/cert) does not exist; cannot connect to localhost | |||
|
651 | (restore missing file or fix references in Mercurial config) | |||
|
652 | [255] | |||
|
653 | ||||
|
654 | $ hg id https://localhost:$HGPORT/ --config auth.l.key=/missing/key | |||
|
655 | abort: certificate file (/missing/key) does not exist; cannot connect to localhost | |||
|
656 | (restore missing file or fix references in Mercurial config) | |||
|
657 | [255] | |||
|
658 | ||||
634 | #endif |
|
659 | #endif |
General Comments 0
You need to be logged in to leave comments.
Login now