Show More
| @@ -102,27 +102,14 b' def _hostsettings(ui, hostname):' | |||||
| 102 | % b' '.join(sorted(configprotocols)), |
|
102 | % b' '.join(sorted(configprotocols)), | |
| 103 | ) |
|
103 | ) | |
| 104 |
|
104 | |||
| 105 |
# We default to TLS 1.1+ |
|
105 | # We default to TLS 1.1+ because TLS 1.0 has known vulnerabilities (like | |
| 106 |
# |
|
106 | # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config | |
| 107 |
# |
|
107 | # options in case a legacy server is encountered. | |
| 108 | if supportedprotocols - {b'tls1.0'}: |
|
108 | ||
|
|
109 | # setup.py checks that either TLS 1.1 or TLS 1.2 is present, so the | |||
|
|
110 | # following assert should not fail. | |||
|
|
111 | assert supportedprotocols - {b'tls1.0'} | |||
| 109 |
|
|
112 | defaultminimumprotocol = b'tls1.1' | |
| 110 | else: |
|
|||
| 111 | # Let people know they are borderline secure. |
|
|||
| 112 | # We don't document this config option because we want people to see |
|
|||
| 113 | # the bold warnings on the web site. |
|
|||
| 114 | # internal config: hostsecurity.disabletls10warning |
|
|||
| 115 | if not ui.configbool(b'hostsecurity', b'disabletls10warning'): |
|
|||
| 116 | ui.warn( |
|
|||
| 117 | _( |
|
|||
| 118 | b'warning: connecting to %s using legacy security ' |
|
|||
| 119 | b'technology (TLS 1.0); see ' |
|
|||
| 120 | b'https://mercurial-scm.org/wiki/SecureConnections for ' |
|
|||
| 121 | b'more info\n' |
|
|||
| 122 | ) |
|
|||
| 123 | % bhostname |
|
|||
| 124 | ) |
|
|||
| 125 | defaultminimumprotocol = b'tls1.0' |
|
|||
| 126 |
|
113 | |||
| 127 | key = b'minimumprotocol' |
|
114 | key = b'minimumprotocol' | |
| 128 | minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol) |
|
115 | minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol) | |
| @@ -34,7 +34,6 b' Make server certificates:' | |||||
| 34 | cacert not found |
|
34 | cacert not found | |
| 35 |
|
35 | |||
| 36 | $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/ |
|
36 | $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/ | |
| 37 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 38 | abort: could not find web.cacerts: no-such.pem |
|
37 | abort: could not find web.cacerts: no-such.pem | |
| 39 | [255] |
|
38 | [255] | |
| 40 |
|
39 | |||
| @@ -58,7 +57,6 b' we are able to load CA certs.' | |||||
| 58 |
|
57 | |||
| 59 | #if defaultcacertsloaded |
|
58 | #if defaultcacertsloaded | |
| 60 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
59 | $ hg clone https://localhost:$HGPORT/ copy-pull | |
| 61 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 62 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
60 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
| 63 | abort: error: *certificate verify failed* (glob) |
|
61 | abort: error: *certificate verify failed* (glob) | |
| 64 | [255] |
|
62 | [255] | |
| @@ -68,7 +66,6 b' Specifying a per-host certificate file t' | |||||
| 68 | C:/path/to/msysroot will print on Windows. |
|
66 | C:/path/to/msysroot will print on Windows. | |
| 69 |
|
67 | |||
| 70 | $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/ |
|
68 | $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/ | |
| 71 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 72 | abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: */does/not/exist (glob) |
|
69 | abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: */does/not/exist (glob) | |
| 73 | [255] |
|
70 | [255] | |
| 74 |
|
71 | |||
| @@ -76,7 +73,6 b' A malformed per-host certificate file wi' | |||||
| 76 |
|
73 | |||
| 77 | $ echo baddata > badca.pem |
|
74 | $ echo baddata > badca.pem | |
| 78 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ |
|
75 | $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ | |
| 79 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 80 | abort: error loading CA file badca.pem: * (glob) |
|
76 | abort: error loading CA file badca.pem: * (glob) | |
| 81 | (file is empty or malformed?) |
|
77 | (file is empty or malformed?) | |
| 82 | [255] |
|
78 | [255] | |
| @@ -85,7 +81,6 b' A per-host certificate mismatching the s' | |||||
| 85 |
|
81 | |||
| 86 | (modern ssl is able to discern whether the loaded cert is a CA cert) |
|
82 | (modern ssl is able to discern whether the loaded cert is a CA cert) | |
| 87 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ |
|
83 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ | |
| 88 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 89 | (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
84 | (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | |
| 90 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
85 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
| 91 | abort: error: *certificate verify failed* (glob) |
|
86 | abort: error: *certificate verify failed* (glob) | |
| @@ -94,7 +89,6 b' A per-host certificate mismatching the s' | |||||
| 94 | A per-host certificate matching the server's cert will be accepted |
|
89 | A per-host certificate matching the server's cert will be accepted | |
| 95 |
|
90 | |||
| 96 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1 |
|
91 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1 | |
| 97 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 98 | requesting all changes |
|
92 | requesting all changes | |
| 99 | adding changesets |
|
93 | adding changesets | |
| 100 | adding manifests |
|
94 | adding manifests | |
| @@ -106,7 +100,6 b' A per-host certificate with multiple cer' | |||||
| 106 |
|
100 | |||
| 107 | $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem |
|
101 | $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem | |
| 108 | $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2 |
|
102 | $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2 | |
| 109 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 110 | requesting all changes |
|
103 | requesting all changes | |
| 111 | adding changesets |
|
104 | adding changesets | |
| 112 | adding manifests |
|
105 | adding manifests | |
| @@ -117,7 +110,6 b' A per-host certificate with multiple cer' | |||||
| 117 | Defining both per-host certificate and a fingerprint will print a warning |
|
110 | Defining both per-host certificate and a fingerprint will print a warning | |
| 118 |
|
111 | |||
| 119 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning |
|
112 | $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning | |
| 120 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 121 | (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification) |
|
113 | (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification) | |
| 122 | requesting all changes |
|
114 | requesting all changes | |
| 123 | adding changesets |
|
115 | adding changesets | |
| @@ -131,13 +123,11 b' Defining both per-host certificate and a' | |||||
| 131 | Inability to verify peer certificate will result in abort |
|
123 | Inability to verify peer certificate will result in abort | |
| 132 |
|
124 | |||
| 133 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS |
|
125 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS | |
| 134 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 135 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect |
|
126 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | |
| 136 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) |
|
127 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) | |
| 137 | [255] |
|
128 | [255] | |
| 138 |
|
129 | |||
| 139 | $ hg clone --insecure https://localhost:$HGPORT/ copy-pull |
|
130 | $ hg clone --insecure https://localhost:$HGPORT/ copy-pull | |
| 140 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 141 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
131 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
| 142 | requesting all changes |
|
132 | requesting all changes | |
| 143 | adding changesets |
|
133 | adding changesets | |
| @@ -168,14 +158,12 b' pull without cacert' | |||||
| 168 | > EOF |
|
158 | > EOF | |
| 169 | $ hg pull $DISABLECACERTS |
|
159 | $ hg pull $DISABLECACERTS | |
| 170 | pulling from https://localhost:$HGPORT/ |
|
160 | pulling from https://localhost:$HGPORT/ | |
| 171 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 172 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect |
|
161 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | |
| 173 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) |
|
162 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) | |
| 174 | [255] |
|
163 | [255] | |
| 175 |
|
164 | |||
| 176 | $ hg pull --insecure |
|
165 | $ hg pull --insecure | |
| 177 | pulling from https://localhost:$HGPORT/ |
|
166 | pulling from https://localhost:$HGPORT/ | |
| 178 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 179 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
167 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
| 180 | searching for changes |
|
168 | searching for changes | |
| 181 | adding changesets |
|
169 | adding changesets | |
| @@ -203,7 +191,6 b' cacert configured in local repo' | |||||
| 203 | $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc |
|
191 | $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc | |
| 204 | $ hg -R copy-pull pull |
|
192 | $ hg -R copy-pull pull | |
| 205 | pulling from https://localhost:$HGPORT/ |
|
193 | pulling from https://localhost:$HGPORT/ | |
| 206 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 207 | searching for changes |
|
194 | searching for changes | |
| 208 | no changes found |
|
195 | no changes found | |
| 209 | $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc |
|
196 | $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc | |
| @@ -215,12 +202,10 b' variables in the filename' | |||||
| 215 | $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH |
|
202 | $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH | |
| 216 | $ P="$CERTSDIR" hg -R copy-pull pull |
|
203 | $ P="$CERTSDIR" hg -R copy-pull pull | |
| 217 | pulling from https://localhost:$HGPORT/ |
|
204 | pulling from https://localhost:$HGPORT/ | |
| 218 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 219 | searching for changes |
|
205 | searching for changes | |
| 220 | no changes found |
|
206 | no changes found | |
| 221 | $ P="$CERTSDIR" hg -R copy-pull pull --insecure |
|
207 | $ P="$CERTSDIR" hg -R copy-pull pull --insecure | |
| 222 | pulling from https://localhost:$HGPORT/ |
|
208 | pulling from https://localhost:$HGPORT/ | |
| 223 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 224 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
209 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
| 225 | searching for changes |
|
210 | searching for changes | |
| 226 | no changes found |
|
211 | no changes found | |
| @@ -231,7 +216,6 b' empty cacert file' | |||||
| 231 |
|
216 | |||
| 232 | $ hg --config web.cacerts=emptycafile -R copy-pull pull |
|
217 | $ hg --config web.cacerts=emptycafile -R copy-pull pull | |
| 233 | pulling from https://localhost:$HGPORT/ |
|
218 | pulling from https://localhost:$HGPORT/ | |
| 234 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 235 | abort: error loading CA file emptycafile: * (glob) |
|
219 | abort: error loading CA file emptycafile: * (glob) | |
| 236 | (file is empty or malformed?) |
|
220 | (file is empty or malformed?) | |
| 237 | [255] |
|
221 | [255] | |
| @@ -241,27 +225,23 b' cacert mismatch' | |||||
| 241 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ |
|
225 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ | |
| 242 | > https://$LOCALIP:$HGPORT/ |
|
226 | > https://$LOCALIP:$HGPORT/ | |
| 243 | pulling from https://*:$HGPORT/ (glob) |
|
227 | pulling from https://*:$HGPORT/ (glob) | |
| 244 | warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 245 | abort: $LOCALIP certificate error: certificate is for localhost (glob) |
|
228 | abort: $LOCALIP certificate error: certificate is for localhost (glob) | |
| 246 | (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) |
|
229 | (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) | |
| 247 | [255] |
|
230 | [255] | |
| 248 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ |
|
231 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ | |
| 249 | > https://$LOCALIP:$HGPORT/ --insecure |
|
232 | > https://$LOCALIP:$HGPORT/ --insecure | |
| 250 | pulling from https://*:$HGPORT/ (glob) |
|
233 | pulling from https://*:$HGPORT/ (glob) | |
| 251 | warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 252 | warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob) |
|
234 | warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob) | |
| 253 | searching for changes |
|
235 | searching for changes | |
| 254 | no changes found |
|
236 | no changes found | |
| 255 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" |
|
237 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" | |
| 256 | pulling from https://localhost:$HGPORT/ |
|
238 | pulling from https://localhost:$HGPORT/ | |
| 257 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 258 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
239 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
| 259 | abort: error: *certificate verify failed* (glob) |
|
240 | abort: error: *certificate verify failed* (glob) | |
| 260 | [255] |
|
241 | [255] | |
| 261 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \ |
|
242 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \ | |
| 262 | > --insecure |
|
243 | > --insecure | |
| 263 | pulling from https://localhost:$HGPORT/ |
|
244 | pulling from https://localhost:$HGPORT/ | |
| 264 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 265 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
245 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
| 266 | searching for changes |
|
246 | searching for changes | |
| 267 | no changes found |
|
247 | no changes found | |
| @@ -273,7 +253,6 b" Test server cert which isn't valid yet" | |||||
| 273 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \ |
|
253 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \ | |
| 274 | > https://localhost:$HGPORT1/ |
|
254 | > https://localhost:$HGPORT1/ | |
| 275 | pulling from https://localhost:$HGPORT1/ |
|
255 | pulling from https://localhost:$HGPORT1/ | |
| 276 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 277 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
256 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
| 278 | abort: error: *certificate verify failed* (glob) |
|
257 | abort: error: *certificate verify failed* (glob) | |
| 279 | [255] |
|
258 | [255] | |
| @@ -285,7 +264,6 b' Test server cert which no longer is vali' | |||||
| 285 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \ |
|
264 | $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \ | |
| 286 | > https://localhost:$HGPORT2/ |
|
265 | > https://localhost:$HGPORT2/ | |
| 287 | pulling from https://localhost:$HGPORT2/ |
|
266 | pulling from https://localhost:$HGPORT2/ | |
| 288 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 289 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
267 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
| 290 | abort: error: *certificate verify failed* (glob) |
|
268 | abort: error: *certificate verify failed* (glob) | |
| 291 | [255] |
|
269 | [255] | |
| @@ -298,13 +276,11 b' Disabling the TLS 1.0 warning works' | |||||
| 298 |
|
276 | |||
| 299 | Setting ciphers to an invalid value aborts |
|
277 | Setting ciphers to an invalid value aborts | |
| 300 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
278 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ | |
| 301 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 302 | abort: could not set ciphers: No cipher can be selected. |
|
279 | abort: could not set ciphers: No cipher can be selected. | |
| 303 | (change cipher string (invalid) in config) |
|
280 | (change cipher string (invalid) in config) | |
| 304 | [255] |
|
281 | [255] | |
| 305 |
|
282 | |||
| 306 | $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
283 | $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ | |
| 307 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 308 | abort: could not set ciphers: No cipher can be selected. |
|
284 | abort: could not set ciphers: No cipher can be selected. | |
| 309 | (change cipher string (invalid) in config) |
|
285 | (change cipher string (invalid) in config) | |
| 310 | [255] |
|
286 | [255] | |
| @@ -312,63 +288,52 b' Setting ciphers to an invalid value abor' | |||||
| 312 | Changing the cipher string works |
|
288 | Changing the cipher string works | |
| 313 |
|
289 | |||
| 314 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ |
|
290 | $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ | |
| 315 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 316 | 5fed3813f7f5 |
|
291 | 5fed3813f7f5 | |
| 317 |
|
292 | |||
| 318 | Fingerprints |
|
293 | Fingerprints | |
| 319 |
|
294 | |||
| 320 | - works without cacerts (hostfingerprints) |
|
295 | - works without cacerts (hostfingerprints) | |
| 321 | $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
296 | $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 | |
| 322 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 323 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
297 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |
| 324 | 5fed3813f7f5 |
|
298 | 5fed3813f7f5 | |
| 325 |
|
299 | |||
| 326 | - works without cacerts (hostsecurity) |
|
300 | - works without cacerts (hostsecurity) | |
| 327 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
301 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 | |
| 328 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 329 | 5fed3813f7f5 |
|
302 | 5fed3813f7f5 | |
| 330 |
|
303 | |||
| 331 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e |
|
304 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e | |
| 332 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 333 | 5fed3813f7f5 |
|
305 | 5fed3813f7f5 | |
| 334 |
|
306 | |||
| 335 | - multiple fingerprints specified and first matches |
|
307 | - multiple fingerprints specified and first matches | |
| 336 | $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
308 | $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
| 337 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 338 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
309 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |
| 339 | 5fed3813f7f5 |
|
310 | 5fed3813f7f5 | |
| 340 |
|
311 | |||
| 341 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ |
|
312 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ | |
| 342 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 343 | 5fed3813f7f5 |
|
313 | 5fed3813f7f5 | |
| 344 |
|
314 | |||
| 345 | - multiple fingerprints specified and last matches |
|
315 | - multiple fingerprints specified and last matches | |
| 346 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
316 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
| 347 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 348 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
317 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |
| 349 | 5fed3813f7f5 |
|
318 | 5fed3813f7f5 | |
| 350 |
|
319 | |||
| 351 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ |
|
320 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ | |
| 352 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 353 | 5fed3813f7f5 |
|
321 | 5fed3813f7f5 | |
| 354 |
|
322 | |||
| 355 | - multiple fingerprints specified and none match |
|
323 | - multiple fingerprints specified and none match | |
| 356 |
|
324 | |||
| 357 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
325 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
| 358 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 359 | abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
326 | abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 | |
| 360 | (check hostfingerprint configuration) |
|
327 | (check hostfingerprint configuration) | |
| 361 | [255] |
|
328 | [255] | |
| 362 |
|
329 | |||
| 363 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ |
|
330 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ | |
| 364 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 365 | abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
331 | abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 | |
| 366 | (check hostsecurity configuration) |
|
332 | (check hostsecurity configuration) | |
| 367 | [255] |
|
333 | [255] | |
| 368 |
|
334 | |||
| 369 | - fails when cert doesn't match hostname (port is ignored) |
|
335 | - fails when cert doesn't match hostname (port is ignored) | |
| 370 | $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
336 | $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 | |
| 371 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 372 | abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84 |
|
337 | abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84 | |
| 373 | (check hostfingerprint configuration) |
|
338 | (check hostfingerprint configuration) | |
| 374 | [255] |
|
339 | [255] | |
| @@ -376,7 +341,6 b' Fingerprints' | |||||
| 376 |
|
341 | |||
| 377 | - ignores that certificate doesn't match hostname |
|
342 | - ignores that certificate doesn't match hostname | |
| 378 | $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
343 | $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 | |
| 379 | warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 380 | (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
344 | (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |
| 381 | 5fed3813f7f5 |
|
345 | 5fed3813f7f5 | |
| 382 |
|
346 | |||
| @@ -500,7 +464,6 b' Test unvalidated https through proxy' | |||||
| 500 |
|
464 | |||
| 501 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure |
|
465 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure | |
| 502 | pulling from https://localhost:$HGPORT/ |
|
466 | pulling from https://localhost:$HGPORT/ | |
| 503 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 504 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering |
|
467 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
| 505 | searching for changes |
|
468 | searching for changes | |
| 506 | no changes found |
|
469 | no changes found | |
| @@ -510,12 +473,10 b' Test https with cacert and fingerprint t' | |||||
| 510 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
473 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ | |
| 511 | > --config web.cacerts="$CERTSDIR/pub.pem" |
|
474 | > --config web.cacerts="$CERTSDIR/pub.pem" | |
| 512 | pulling from https://localhost:$HGPORT/ |
|
475 | pulling from https://localhost:$HGPORT/ | |
| 513 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 514 | searching for changes |
|
476 | searching for changes | |
| 515 | no changes found |
|
477 | no changes found | |
| 516 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace |
|
478 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace | |
| 517 | pulling from https://*:$HGPORT/ (glob) |
|
479 | pulling from https://*:$HGPORT/ (glob) | |
| 518 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 519 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) |
|
480 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |
| 520 | searching for changes |
|
481 | searching for changes | |
| 521 | no changes found |
|
482 | no changes found | |
| @@ -525,14 +486,12 b' Test https with cert problems through pr' | |||||
| 525 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
486 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ | |
| 526 | > --config web.cacerts="$CERTSDIR/pub-other.pem" |
|
487 | > --config web.cacerts="$CERTSDIR/pub-other.pem" | |
| 527 | pulling from https://localhost:$HGPORT/ |
|
488 | pulling from https://localhost:$HGPORT/ | |
| 528 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 529 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
489 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
| 530 | abort: error: *certificate verify failed* (glob) |
|
490 | abort: error: *certificate verify failed* (glob) | |
| 531 | [255] |
|
491 | [255] | |
| 532 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
|
492 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ | |
| 533 | > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/ |
|
493 | > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/ | |
| 534 | pulling from https://localhost:$HGPORT2/ |
|
494 | pulling from https://localhost:$HGPORT2/ | |
| 535 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 536 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
|
495 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
| 537 | abort: error: *certificate verify failed* (glob) |
|
496 | abort: error: *certificate verify failed* (glob) | |
| 538 | [255] |
|
497 | [255] | |
| @@ -564,7 +523,6 b' Start hgweb that requires client certifi' | |||||
| 564 | without client certificate: |
|
523 | without client certificate: | |
| 565 |
|
524 | |||
| 566 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
|
525 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ | |
| 567 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 568 | abort: error: .*(\$ECONNRESET\$|certificate required|handshake failure).* (re) |
|
526 | abort: error: .*(\$ECONNRESET\$|certificate required|handshake failure).* (re) | |
| 569 | [255] |
|
527 | [255] | |
| 570 |
|
528 | |||
| @@ -579,16 +537,13 b' with client certificate:' | |||||
| 579 |
|
537 | |||
| 580 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
538 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ | |
| 581 | > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem" |
|
539 | > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem" | |
| 582 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 583 | 5fed3813f7f5 |
|
540 | 5fed3813f7f5 | |
| 584 |
|
541 | |||
| 585 | $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
542 | $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ | |
| 586 | > --config ui.interactive=True --config ui.nontty=True |
|
543 | > --config ui.interactive=True --config ui.nontty=True | |
| 587 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 588 | passphrase for */client-key.pem: 5fed3813f7f5 (glob) |
|
544 | passphrase for */client-key.pem: 5fed3813f7f5 (glob) | |
| 589 |
|
545 | |||
| 590 | $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
|
546 | $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/ | |
| 591 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 592 | abort: error: * (glob) |
|
547 | abort: error: * (glob) | |
| 593 | [255] |
|
548 | [255] | |
| 594 |
|
549 | |||
| @@ -54,7 +54,6 b' we are able to load CA certs:' | |||||
| 54 | this patch series consists of 1 patches. |
|
54 | this patch series consists of 1 patches. | |
| 55 |
|
55 | |||
| 56 |
|
56 | |||
| 57 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 58 |
|
|
57 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
| 59 | (?i)abort: .*?certificate.verify.failed.* (re) |
|
58 | (?i)abort: .*?certificate.verify.failed.* (re) | |
| 60 | [255] |
|
59 | [255] | |
| @@ -71,7 +70,6 b' Without certificates:' | |||||
| 71 |
|
70 | |||
| 72 | (using smtps) |
|
71 | (using smtps) | |
| 73 | sending mail: smtp host localhost, port * (glob) |
|
72 | sending mail: smtp host localhost, port * (glob) | |
| 74 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 75 |
|
|
73 | (verifying remote certificate) | |
| 76 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect |
|
74 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | |
| 77 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) |
|
75 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) | |
| @@ -85,7 +83,6 b' With global certificates:' | |||||
| 85 |
|
83 | |||
| 86 | (using smtps) |
|
84 | (using smtps) | |
| 87 | sending mail: smtp host localhost, port * (glob) |
|
85 | sending mail: smtp host localhost, port * (glob) | |
| 88 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 89 |
|
|
86 | (verifying remote certificate) | |
| 90 | sending [PATCH] a ... |
|
87 | sending [PATCH] a ... | |
| 91 |
|
88 | |||
| @@ -95,7 +92,6 b' With invalid certificates:' | |||||
| 95 | this patch series consists of 1 patches. |
|
92 | this patch series consists of 1 patches. | |
| 96 |
|
93 | |||
| 97 |
|
94 | |||
| 98 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
|||
| 99 |
|
|
95 | (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) | |
| 100 | (?i)abort: .*?certificate.verify.failed.* (re) |
|
96 | (?i)abort: .*?certificate.verify.failed.* (re) | |
| 101 | [255] |
|
97 | [255] | |
General Comments 0
You need to be logged in to leave comments.
Login now