Show More
@@ -102,27 +102,14 b' def _hostsettings(ui, hostname):' | |||||
102 | % b' '.join(sorted(configprotocols)), |
|
102 | % b' '.join(sorted(configprotocols)), | |
103 | ) |
|
103 | ) | |
104 |
|
104 | |||
105 |
# We default to TLS 1.1+ |
|
105 | # We default to TLS 1.1+ because TLS 1.0 has known vulnerabilities (like | |
106 |
# |
|
106 | # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config | |
107 |
# |
|
107 | # options in case a legacy server is encountered. | |
108 | if supportedprotocols - {b'tls1.0'}: |
|
108 | ||
109 | defaultminimumprotocol = b'tls1.1' |
|
109 | # setup.py checks that either TLS 1.1 or TLS 1.2 is present, so the | |
110 | else: |
|
110 | # following assert should not fail. | |
111 | # Let people know they are borderline secure. |
|
111 | assert supportedprotocols - {b'tls1.0'} | |
112 | # We don't document this config option because we want people to see |
|
112 | defaultminimumprotocol = b'tls1.1' | |
113 | # the bold warnings on the web site. |
|
|||
114 | # internal config: hostsecurity.disabletls10warning |
|
|||
115 | if not ui.configbool(b'hostsecurity', b'disabletls10warning'): |
|
|||
116 | ui.warn( |
|
|||
117 | _( |
|
|||
118 | b'warning: connecting to %s using legacy security ' |
|
|||
119 | b'technology (TLS 1.0); see ' |
|
|||
120 | b'https://mercurial-scm.org/wiki/SecureConnections for ' |
|
|||
121 | b'more info\n' |
|
|||
122 | ) |
|
|||
123 | % bhostname |
|
|||
124 | ) |
|
|||
125 | defaultminimumprotocol = b'tls1.0' |
|
|||
126 |
|
113 | |||
127 | key = b'minimumprotocol' |
|
114 | key = b'minimumprotocol' | |
128 | minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol) |
|
115 | minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol) |
@@ -34,7 +34,6 b' Make server certificates:' | |||||
34 | cacert not found |
|
34 | cacert not found | |
35 |
|
35 | |||
36 | $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/ |
|
36 | $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/ | |
37 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
38 | abort: could not find web.cacerts: no-such.pem |
|
37 | abort: could not find web.cacerts: no-such.pem | |
39 | [255] |
|
38 | [255] | |
40 |
|
39 | |||
@@ -58,7 +57,6 b' we are able to load CA certs.' | |||||
58 |
|
57 | |||
59 | #if defaultcacertsloaded |
|
58 | #if defaultcacertsloaded | |
60 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
59 | $ hg clone https://localhost:$HGPORT/ copy-pull | |
61 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
62 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
60 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
63 | abort: error: *certificate verify failed* (glob) |
|
61 | abort: error: *certificate verify failed* (glob) | |
64 | [255] |
|
62 | [255] | |
@@ -68,7 +66,6 b' Specifying a per-host certificate file t' | |||||
68 | C:/path/to/msysroot will print on Windows. |
|
66 | C:/path/to/msysroot will print on Windows. | |
69 |
|
67 | |||
70 | $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/ |
|
68 | $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/ | |
71 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
72 | abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: */does/not/exist (glob) |
|
69 | abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: */does/not/exist (glob) | |
73 | [255] |
|
70 | [255] | |
74 |
|
71 | |||
@@ -76,7 +73,6 b' A malformed per-host certificate file wi' | |||||
76 |
|
73 | |||
77 | $ echo baddata > badca.pem |
|
74 | $ echo baddata > badca.pem | |
78 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ |
|
75 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ | |
79 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
80 | abort: error loading CA file badca.pem: * (glob) |
|
76 | abort: error loading CA file badca.pem: * (glob) | |
81 | (file is empty or malformed?) |
|
77 | (file is empty or malformed?) | |
82 | [255] |
|
78 | [255] | |
@@ -85,7 +81,6 b' A per-host certificate mismatching the s' | |||||
85 |
|
81 | |||
86 | (modern ssl is able to discern whether the loaded cert is a CA cert) |
|
82 | (modern ssl is able to discern whether the loaded cert is a CA cert) | |
87 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ |
|
83 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ | |
88 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
89 | (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
84 | (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | |
90 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
85 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
91 | abort: error: *certificate verify failed* (glob) |
|
86 | abort: error: *certificate verify failed* (glob) | |
@@ -94,7 +89,6 b' A per-host certificate mismatching the s' | |||||
94 | A per-host certificate matching the server's cert will be accepted |
|
89 | A per-host certificate matching the server's cert will be accepted | |
95 |
|
90 | |||
96 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1 |
|
91 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1 | |
97 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
98 | requesting all changes |
|
92 | requesting all changes | |
99 | adding changesets |
|
93 | adding changesets | |
100 | adding manifests |
|
94 | adding manifests | |
@@ -106,7 +100,6 b' A per-host certificate with multiple cer' | |||||
106 |
|
100 | |||
107 | $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem |
|
101 | $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem | |
108 | $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2 |
|
102 | $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2 | |
109 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
110 | requesting all changes |
|
103 | requesting all changes | |
111 | adding changesets |
|
104 | adding changesets | |
112 | adding manifests |
|
105 | adding manifests | |
@@ -117,7 +110,6 b' A per-host certificate with multiple cer' | |||||
117 | Defining both per-host certificate and a fingerprint will print a warning |
|
110 | Defining both per-host certificate and a fingerprint will print a warning | |
118 |
|
111 | |||
119 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning |
|
112 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning | |
120 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
121 | (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification) |
|
113 | (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification) | |
122 | requesting all changes |
|
114 | requesting all changes | |
123 | adding changesets |
|
115 | adding changesets | |
@@ -131,13 +123,11 b' Defining both per-host certificate and a' | |||||
131 | Inability to verify peer certificate will result in abort |
|
123 | Inability to verify peer certificate will result in abort | |
132 |
|
124 | |||
133 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS |
|
125 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS | |
134 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
135 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect |
|
126 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | |
136 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) |
|
127 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) | |
137 | [255] |
|
128 | [255] | |
138 |
|
129 | |||
139 | $ hg clone --insecure https://localhost:$HGPORT/ copy-pull |
|
130 | $ hg clone --insecure https://localhost:$HGPORT/ copy-pull | |
140 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
141 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
131 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
142 | requesting all changes |
|
132 | requesting all changes | |
143 | adding changesets |
|
133 | adding changesets | |
@@ -168,14 +158,12 b' pull without cacert' | |||||
168 | > EOF |
|
158 | > EOF | |
169 | $ hg pull $DISABLECACERTS |
|
159 | $ hg pull $DISABLECACERTS | |
170 | pulling from https://localhost:$HGPORT/ |
|
160 | pulling from https://localhost:$HGPORT/ | |
171 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
172 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect |
|
161 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | |
173 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) |
|
162 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) | |
174 | [255] |
|
163 | [255] | |
175 |
|
164 | |||
176 | $ hg pull --insecure |
|
165 | $ hg pull --insecure | |
177 | pulling from https://localhost:$HGPORT/ |
|
166 | pulling from https://localhost:$HGPORT/ | |
178 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
179 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
167 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
180 | searching for changes |
|
168 | searching for changes | |
181 | adding changesets |
|
169 | adding changesets | |
@@ -203,7 +191,6 b' cacert configured in local repo' | |||||
203 | $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc |
|
191 | $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc | |
204 | $ hg -R copy-pull pull |
|
192 | $ hg -R copy-pull pull | |
205 | pulling from https://localhost:$HGPORT/ |
|
193 | pulling from https://localhost:$HGPORT/ | |
206 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
207 | searching for changes |
|
194 | searching for changes | |
208 | no changes found |
|
195 | no changes found | |
209 | $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc |
|
196 | $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc | |
@@ -215,12 +202,10 b' variables in the filename' | |||||
215 | $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH |
|
202 | $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH | |
216 | $ P="$CERTSDIR" hg -R copy-pull pull |
|
203 | $ P="$CERTSDIR" hg -R copy-pull pull | |
217 | pulling from https://localhost:$HGPORT/ |
|
204 | pulling from https://localhost:$HGPORT/ | |
218 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
219 | searching for changes |
|
205 | searching for changes | |
220 | no changes found |
|
206 | no changes found | |
221 | $ P="$CERTSDIR" hg -R copy-pull pull --insecure |
|
207 | $ P="$CERTSDIR" hg -R copy-pull pull --insecure | |
222 | pulling from https://localhost:$HGPORT/ |
|
208 | pulling from https://localhost:$HGPORT/ | |
223 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
224 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
209 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
225 | searching for changes |
|
210 | searching for changes | |
226 | no changes found |
|
211 | no changes found | |
@@ -231,7 +216,6 b' empty cacert file' | |||||
231 |
|
216 | |||
232 | $ hg --config web.cacerts=emptycafile -R copy-pull pull |
|
217 | $ hg --config web.cacerts=emptycafile -R copy-pull pull | |
233 | pulling from https://localhost:$HGPORT/ |
|
218 | pulling from https://localhost:$HGPORT/ | |
234 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
235 | abort: error loading CA file emptycafile: * (glob) |
|
219 | abort: error loading CA file emptycafile: * (glob) | |
236 | (file is empty or malformed?) |
|
220 | (file is empty or malformed?) | |
237 | [255] |
|
221 | [255] | |
@@ -241,27 +225,23 b' cacert mismatch' | |||||
241 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ |
|
225 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ | |
242 | > https://$LOCALIP:$HGPORT/ |
|
226 | > https://$LOCALIP:$HGPORT/ | |
243 | pulling from https://*:$HGPORT/ (glob) |
|
227 | pulling from https://*:$HGPORT/ (glob) | |
244 | warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
245 | abort: $LOCALIP certificate error: certificate is for localhost (glob) |
|
228 | abort: $LOCALIP certificate error: certificate is for localhost (glob) | |
246 | (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) |
|
229 | (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) | |
247 | [255] |
|
230 | [255] | |
248 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ |
|
231 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ | |
249 | > https://$LOCALIP:$HGPORT/ --insecure |
|
232 | > https://$LOCALIP:$HGPORT/ --insecure | |
250 | pulling from https://*:$HGPORT/ (glob) |
|
233 | pulling from https://*:$HGPORT/ (glob) | |
251 | warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
252 | warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob) |
|
234 | warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob) | |
253 | searching for changes |
|
235 | searching for changes | |
254 | no changes found |
|
236 | no changes found | |
255 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" |
|
237 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" | |
256 | pulling from https://localhost:$HGPORT/ |
|
238 | pulling from https://localhost:$HGPORT/ | |
257 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
258 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
239 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
259 | abort: error: *certificate verify failed* (glob) |
|
240 | abort: error: *certificate verify failed* (glob) | |
260 | [255] |
|
241 | [255] | |
261 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \ |
|
242 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \ | |
262 | > --insecure |
|
243 | > --insecure | |
263 | pulling from https://localhost:$HGPORT/ |
|
244 | pulling from https://localhost:$HGPORT/ | |
264 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
265 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
245 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
266 | searching for changes |
|
246 | searching for changes | |
267 | no changes found |
|
247 | no changes found | |
@@ -273,7 +253,6 b" Test server cert which isn't valid yet" | |||||
273 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \ |
|
253 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \ | |
274 | > https://localhost:$HGPORT1/ |
|
254 | > https://localhost:$HGPORT1/ | |
275 | pulling from https://localhost:$HGPORT1/ |
|
255 | pulling from https://localhost:$HGPORT1/ | |
276 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
277 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
256 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
278 | abort: error: *certificate verify failed* (glob) |
|
257 | abort: error: *certificate verify failed* (glob) | |
279 | [255] |
|
258 | [255] | |
@@ -285,7 +264,6 b' Test server cert which no longer is vali' | |||||
285 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \ |
|
264 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \ | |
286 | > https://localhost:$HGPORT2/ |
|
265 | > https://localhost:$HGPORT2/ | |
287 | pulling from https://localhost:$HGPORT2/ |
|
266 | pulling from https://localhost:$HGPORT2/ | |
288 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
289 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
267 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
290 | abort: error: *certificate verify failed* (glob) |
|
268 | abort: error: *certificate verify failed* (glob) | |
291 | [255] |
|
269 | [255] | |
@@ -298,13 +276,11 b' Disabling the TLS 1.0 warning works' | |||||
298 |
|
276 | |||
299 | Setting ciphers to an invalid value aborts |
|
277 | Setting ciphers to an invalid value aborts | |
300 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
278 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ | |
301 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
302 | abort: could not set ciphers: No cipher can be selected. |
|
279 | abort: could not set ciphers: No cipher can be selected. | |
303 | (change cipher string (invalid) in config) |
|
280 | (change cipher string (invalid) in config) | |
304 | [255] |
|
281 | [255] | |
305 |
|
282 | |||
306 | $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
283 | $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ | |
307 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
308 | abort: could not set ciphers: No cipher can be selected. |
|
284 | abort: could not set ciphers: No cipher can be selected. | |
309 | (change cipher string (invalid) in config) |
|
285 | (change cipher string (invalid) in config) | |
310 | [255] |
|
286 | [255] | |
@@ -312,63 +288,52 b' Setting ciphers to an invalid value abor' | |||||
312 | Changing the cipher string works |
|
288 | Changing the cipher string works | |
313 |
|
289 | |||
314 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ |
|
290 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ | |
315 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
316 | 5fed3813f7f5 |
|
291 | 5fed3813f7f5 | |
317 |
|
292 | |||
318 | Fingerprints |
|
293 | Fingerprints | |
319 |
|
294 | |||
320 | - works without cacerts (hostfingerprints) |
|
295 | - works without cacerts (hostfingerprints) | |
321 | $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
296 | $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 | |
322 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
323 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
297 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |
324 | 5fed3813f7f5 |
|
298 | 5fed3813f7f5 | |
325 |
|
299 | |||
326 | - works without cacerts (hostsecurity) |
|
300 | - works without cacerts (hostsecurity) | |
327 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
301 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 | |
328 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
329 | 5fed3813f7f5 |
|
302 | 5fed3813f7f5 | |
330 |
|
303 | |||
331 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e |
|
304 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e | |
332 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
333 | 5fed3813f7f5 |
|
305 | 5fed3813f7f5 | |
334 |
|
306 | |||
335 | - multiple fingerprints specified and first matches |
|
307 | - multiple fingerprints specified and first matches | |
336 | $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
308 | $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
337 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
338 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
309 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |
339 | 5fed3813f7f5 |
|
310 | 5fed3813f7f5 | |
340 |
|
311 | |||
341 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ |
|
312 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ | |
342 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
343 | 5fed3813f7f5 |
|
313 | 5fed3813f7f5 | |
344 |
|
314 | |||
345 | - multiple fingerprints specified and last matches |
|
315 | - multiple fingerprints specified and last matches | |
346 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
316 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
347 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
348 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
317 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |
349 | 5fed3813f7f5 |
|
318 | 5fed3813f7f5 | |
350 |
|
319 | |||
351 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ |
|
320 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ | |
352 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
353 | 5fed3813f7f5 |
|
321 | 5fed3813f7f5 | |
354 |
|
322 | |||
355 | - multiple fingerprints specified and none match |
|
323 | - multiple fingerprints specified and none match | |
356 |
|
324 | |||
357 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
325 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
358 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
359 | abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
326 | abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 | |
360 | (check hostfingerprint configuration) |
|
327 | (check hostfingerprint configuration) | |
361 | [255] |
|
328 | [255] | |
362 |
|
329 | |||
363 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ |
|
330 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ | |
364 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
365 | abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
331 | abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 | |
366 | (check hostsecurity configuration) |
|
332 | (check hostsecurity configuration) | |
367 | [255] |
|
333 | [255] | |
368 |
|
334 | |||
369 | - fails when cert doesn't match hostname (port is ignored) |
|
335 | - fails when cert doesn't match hostname (port is ignored) | |
370 | $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
336 | $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 | |
371 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
372 | abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84 |
|
337 | abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84 | |
373 | (check hostfingerprint configuration) |
|
338 | (check hostfingerprint configuration) | |
374 | [255] |
|
339 | [255] | |
@@ -376,7 +341,6 b' Fingerprints' | |||||
376 |
|
341 | |||
377 | - ignores that certificate doesn't match hostname |
|
342 | - ignores that certificate doesn't match hostname | |
378 | $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
343 | $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 | |
379 | warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
380 | (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
344 | (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |
381 | 5fed3813f7f5 |
|
345 | 5fed3813f7f5 | |
382 |
|
346 | |||
@@ -500,7 +464,6 b' Test unvalidated https through proxy' | |||||
500 |
|
464 | |||
501 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure |
|
465 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure | |
502 | pulling from https://localhost:$HGPORT/ |
|
466 | pulling from https://localhost:$HGPORT/ | |
503 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
504 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
467 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
505 | searching for changes |
|
468 | searching for changes | |
506 | no changes found |
|
469 | no changes found | |
@@ -510,12 +473,10 b' Test https with cacert and fingerprint t' | |||||
510 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
473 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ | |
511 | > --config web.cacerts="$CERTSDIR/pub.pem" |
|
474 | > --config web.cacerts="$CERTSDIR/pub.pem" | |
512 | pulling from https://localhost:$HGPORT/ |
|
475 | pulling from https://localhost:$HGPORT/ | |
513 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
514 | searching for changes |
|
476 | searching for changes | |
515 | no changes found |
|
477 | no changes found | |
516 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace |
|
478 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace | |
517 | pulling from https://*:$HGPORT/ (glob) |
|
479 | pulling from https://*:$HGPORT/ (glob) | |
518 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
519 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
480 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |
520 | searching for changes |
|
481 | searching for changes | |
521 | no changes found |
|
482 | no changes found | |
@@ -525,14 +486,12 b' Test https with cert problems through pr' | |||||
525 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
486 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ | |
526 | > --config web.cacerts="$CERTSDIR/pub-other.pem" |
|
487 | > --config web.cacerts="$CERTSDIR/pub-other.pem" | |
527 | pulling from https://localhost:$HGPORT/ |
|
488 | pulling from https://localhost:$HGPORT/ | |
528 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
529 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
489 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
530 | abort: error: *certificate verify failed* (glob) |
|
490 | abort: error: *certificate verify failed* (glob) | |
531 | [255] |
|
491 | [255] | |
532 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
492 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ | |
533 | > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/ |
|
493 | > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/ | |
534 | pulling from https://localhost:$HGPORT2/ |
|
494 | pulling from https://localhost:$HGPORT2/ | |
535 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
536 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
495 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
537 | abort: error: *certificate verify failed* (glob) |
|
496 | abort: error: *certificate verify failed* (glob) | |
538 | [255] |
|
497 | [255] | |
@@ -564,7 +523,6 b' Start hgweb that requires client certifi' | |||||
564 | without client certificate: |
|
523 | without client certificate: | |
565 |
|
524 | |||
566 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
|
525 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ | |
567 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
568 | abort: error: .*(\$ECONNRESET\$|certificate required|handshake failure).* (re) |
|
526 | abort: error: .*(\$ECONNRESET\$|certificate required|handshake failure).* (re) | |
569 | [255] |
|
527 | [255] | |
570 |
|
528 | |||
@@ -579,16 +537,13 b' with client certificate:' | |||||
579 |
|
537 | |||
580 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
538 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ | |
581 | > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem" |
|
539 | > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem" | |
582 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
583 | 5fed3813f7f5 |
|
540 | 5fed3813f7f5 | |
584 |
|
541 | |||
585 | $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
542 | $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ | |
586 | > --config ui.interactive=True --config ui.nontty=True |
|
543 | > --config ui.interactive=True --config ui.nontty=True | |
587 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
588 | passphrase for */client-key.pem: 5fed3813f7f5 (glob) |
|
544 | passphrase for */client-key.pem: 5fed3813f7f5 (glob) | |
589 |
|
545 | |||
590 | $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
|
546 | $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/ | |
591 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
592 | abort: error: * (glob) |
|
547 | abort: error: * (glob) | |
593 | [255] |
|
548 | [255] | |
594 |
|
549 |
@@ -54,7 +54,6 b' we are able to load CA certs:' | |||||
54 | this patch series consists of 1 patches. |
|
54 | this patch series consists of 1 patches. | |
55 |
|
55 | |||
56 |
|
56 | |||
57 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
58 |
|
|
57 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
59 | (?i)abort: .*?certificate.verify.failed.* (re) |
|
58 | (?i)abort: .*?certificate.verify.failed.* (re) | |
60 | [255] |
|
59 | [255] | |
@@ -71,7 +70,6 b' Without certificates:' | |||||
71 |
|
70 | |||
72 | (using smtps) |
|
71 | (using smtps) | |
73 | sending mail: smtp host localhost, port * (glob) |
|
72 | sending mail: smtp host localhost, port * (glob) | |
74 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
75 |
|
|
73 | (verifying remote certificate) | |
76 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect |
|
74 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | |
77 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) |
|
75 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) | |
@@ -85,7 +83,6 b' With global certificates:' | |||||
85 |
|
83 | |||
86 | (using smtps) |
|
84 | (using smtps) | |
87 | sending mail: smtp host localhost, port * (glob) |
|
85 | sending mail: smtp host localhost, port * (glob) | |
88 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
89 |
|
|
86 | (verifying remote certificate) | |
90 | sending [PATCH] a ... |
|
87 | sending [PATCH] a ... | |
91 |
|
88 | |||
@@ -95,7 +92,6 b' With invalid certificates:' | |||||
95 | this patch series consists of 1 patches. |
|
92 | this patch series consists of 1 patches. | |
96 |
|
93 | |||
97 |
|
94 | |||
98 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
99 |
|
|
95 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
100 | (?i)abort: .*?certificate.verify.failed.* (re) |
|
96 | (?i)abort: .*?certificate.verify.failed.* (re) | |
101 | [255] |
|
97 | [255] |
General Comments 0
You need to be logged in to leave comments.
Login now