upstream/mercurial-mirror Commit - r45417:89f83e47

tests: remove "sslcontext" check...

Manuel Jacob -

r45417:89f83e47 default

parent child

tests/hghave.py

0 0 -14

                     return False
-            @check("sslcontext", "python >= 2.7.9 ssl")
-            def has_sslcontext():
-                try:
-                    import ssl
-                    ssl.SSLContext
-                    return True
-                except (ImportError, AttributeError):
-                    return False
             @check("defaultcacertsloaded", "detected presence of loaded system CA certs")
             def has_defaultcacertsloaded():
                 import ssl
                 from mercurial import sslutil, ui as uimod
-                if not has_sslcontext():
-                    return False
                 ui = uimod.ui.load()
                 cafile = sslutil._defaultcacerts(ui)
                 ctx = ssl.create_default_context()

tests/test-clonebundles.t

0 +2 -18

               added 2 changesets with 2 changes to 2 files
               new changesets 53245c60e682:aaff8d2ffbbf
-            URLs requiring SNI are filtered in Python <2.7.9
+            We require a Python version that supports SNI. Therefore, URLs requiring SNI
+            are not filtered.
               $ cp full.hg sni.hg
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/full.hg
               > EOF
-            #if sslcontext
-            Python 2.7.9+ support SNI
               $ hg clone -U http://localhost:$HGPORT sni-supported
               applying clone bundle from http://localhost:$HGPORT1/sni.hg
               adding changesets
               searching for changes
               no changes found
 local changesets published
-            #else
-            Python <2.7.9 will filter SNI URLs
-              $ hg clone -U http://localhost:$HGPORT sni-unsupported
-              applying clone bundle from http://localhost:$HGPORT1/full.hg
-              adding changesets
-              adding manifests
-              adding file changes
-              added 2 changesets with 2 changes to 2 files
-              finished applying clone bundle
-              searching for changes
-              no changes found
-local changesets published
-            #endif
             Stream clone bundles are supported

tests/test-https.t

0 +2 -68

             Our test cert is not signed by a trusted CA. It should fail to verify if
             we are able to load CA certs.
-            #if sslcontext no-defaultcacertsloaded
+            #if no-defaultcacertsloaded
               $ hg clone https://localhost:$HGPORT/ copy-pull
               (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
               abort: error: *certificate verify failed* (glob)
               [255]
             #endif
-            #if no-sslcontext
-              $ hg clone https://localhost:$HGPORT/ copy-pull
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-              (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
-              abort: error: *certificate verify failed* (glob)
-              [255]
-            #endif
-            #if no-sslcontext windows
-              $ hg clone https://localhost:$HGPORT/ copy-pull
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-              (unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
-              abort: error: *certificate verify failed* (glob)
-              [255]
-            #endif
-            #if no-sslcontext osx
-              $ hg clone https://localhost:$HGPORT/ copy-pull
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-              (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
-              abort: localhost certificate error: no certificate received
-              (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
-              [255]
-            #endif
             #if defaultcacertsloaded
               $ hg clone https://localhost:$HGPORT/ copy-pull
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
             A malformed per-host certificate file will raise an error
               $ echo baddata > badca.pem
-            #if sslcontext
               $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error loading CA file badca.pem: * (glob)
               (file is empty or malformed?)
               [255]
-            #else
-              $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-              abort: error: * (glob)
-              [255]
-            #endif
             A per-host certificate mismatching the server will fail verification
             (modern ssl is able to discern whether the loaded cert is a CA cert)
-            #if sslcontext
               $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
-            #else
-              $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-              abort: error: *certificate verify failed* (glob)
-              [255]
-            #endif
             A per-host certificate matching the server's cert will be accepted
               $ touch emptycafile
-            #if sslcontext
               $ hg --config web.cacerts=emptycafile -R copy-pull pull
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error loading CA file emptycafile: * (glob)
               (file is empty or malformed?)
               [255]
-            #else
-              $ hg --config web.cacerts=emptycafile -R copy-pull pull
-              pulling from https://localhost:$HGPORT/
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-              abort: error: * (glob)
-              [255]
-            #endif
             cacert mismatch
               > --config hostsecurity.disabletls10warning=true
 fed3813f7f5
-            Error message for setting ciphers is different depending on SSLContext support
-            #if no-sslcontext
-              $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-              abort: *No cipher can be selected. (glob)
-              [255]
-              $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-fed3813f7f5
-            #endif
-            #if sslcontext
             Setting ciphers to an invalid value aborts
               $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
-            #endif
             Fingerprints
               $ killdaemons.py hg1.pid
               $ killdaemons.py hg2.pid
-            #if sslcontext tls1.2
+            #if tls1.2
             Start servers running supported TLS versions
               $ cd test
               $ killdaemons.py hg0.pid
-            #if sslcontext
               $ cd test
             Missing certificate file(s) are detected
               abort: certificate file (*/missing/key) does not exist; cannot connect to localhost (glob)
               (restore missing file or fix references in Mercurial config)
               [255]
-            #endif

tests/test-patchbomb-tls.t

0 +1 -12

             Our test cert is not signed by a trusted CA. It should fail to verify if
             we are able to load CA certs:
-            #if sslcontext no-defaultcacertsloaded
+            #if no-defaultcacertsloaded
               $ try
               this patch series consists of 1 patches.
               [255]
             #endif
-            #if no-sslcontext
-              $ try
-              this patch series consists of 1 patches.
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-              (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
-              (?i)abort: .*?certificate.verify.failed.* (re)
-              [255]
-            #endif
             #if defaultcacertsloaded
               $ try
               this patch series consists of 1 patches.

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages