upstream/mercurial-mirror Commit - r45417:89f83e47

tests: remove "sslcontext" check...

Manuel Jacob -

r45417:89f83e47 default

parent child

tests/hghave.py

0 0 -14

             from __future__ import absolute_import, print_function
             import distutils.version
             import os
             import re
             import socket
             import stat
             import subprocess
             import sys
             import tempfile
             tempprefix = 'hg-hghave-'
             checks = {
                 "true": (lambda: True, "yak shaving"),
                 "false": (lambda: False, "nail clipper"),
             }
             try:
                 import msvcrt
                 msvcrt.setmode(sys.stdout.fileno(), os.O_BINARY)
                 msvcrt.setmode(sys.stderr.fileno(), os.O_BINARY)
             except ImportError:
                 pass
             stdout = getattr(sys.stdout, 'buffer', sys.stdout)
             stderr = getattr(sys.stderr, 'buffer', sys.stderr)
             if sys.version_info[0] >= 3:
                 def _sys2bytes(p):
                     if p is None:
                         return p
                     return p.encode('utf-8')
                 def _bytes2sys(p):
                     if p is None:
                         return p
                     return p.decode('utf-8')
             else:
                 def _sys2bytes(p):
                     return p
                 _bytes2sys = _sys2bytes
             def check(name, desc):
                 """Registers a check function for a feature."""
                 def decorator(func):
                     checks[name] = (func, desc)
                     return func
                 return decorator
             def checkvers(name, desc, vers):
                 """Registers a check function for each of a series of versions.
                 vers can be a list or an iterator.
                 Produces a series of feature checks that have the form <name><vers> without
                 any punctuation (even if there's punctuation in 'vers'; i.e. this produces
                 'py38', not 'py3.8' or 'py-38')."""
                 def decorator(func):
                     def funcv(v):
                         def f():
                             return func(v)
                         return f
                     for v in vers:
                         v = str(v)
                         f = funcv(v)
                         checks['%s%s' % (name, v.replace('.', ''))] = (f, desc % v)
                     return func
                 return decorator
             def checkfeatures(features):
                 result = {
                     'error': [],
                     'missing': [],
                     'skipped': [],
                 }
                 for feature in features:
                     negate = feature.startswith('no-')
                     if negate:
                         feature = feature[3:]
                     if feature not in checks:
                         result['missing'].append(feature)
                         continue
                     check, desc = checks[feature]
                     try:
                         available = check()
                     except Exception:
                         result['error'].append('hghave check failed: %s' % feature)
                         continue
                     if not negate and not available:
                         result['skipped'].append('missing feature: %s' % desc)
                     elif negate and available:
                         result['skipped'].append('system supports %s' % desc)
                 return result
             def require(features):
                 """Require that features are available, exiting if not."""
                 result = checkfeatures(features)
                 for missing in result['missing']:
                     stderr.write(
                         ('skipped: unknown feature: %s\n' % missing).encode('utf-8')
                     )
                 for msg in result['skipped']:
                     stderr.write(('skipped: %s\n' % msg).encode('utf-8'))
                 for msg in result['error']:
                     stderr.write(('%s\n' % msg).encode('utf-8'))
                 if result['missing']:
                     sys.exit(2)
                 if result['skipped'] or result['error']:
                     sys.exit(1)
             def matchoutput(cmd, regexp, ignorestatus=False):
                 """Return the match object if cmd executes successfully and its output
                 is matched by the supplied regular expression.
                 """
                 r = re.compile(regexp)
                 p = subprocess.Popen(
                     cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT
                 )
                 s = p.communicate()[0]
                 ret = p.returncode
                 return (ignorestatus or not ret) and r.search(s)
             @check("baz", "GNU Arch baz client")
             def has_baz():
                 return matchoutput('baz --version 2>&1', br'baz Bazaar version')
             @check("bzr", "Canonical's Bazaar client")
             def has_bzr():
                 try:
                     import bzrlib
                     import bzrlib.bzrdir
                     import bzrlib.errors
                     import bzrlib.revision
                     import bzrlib.revisionspec
                     bzrlib.revisionspec.RevisionSpec
                     return bzrlib.__doc__ is not None
                 except (AttributeError, ImportError):
                     return False
             @checkvers("bzr", "Canonical's Bazaar client >= %s", (1.14,))
             def has_bzr_range(v):
                 major, minor = v.split('rc')[0].split('.')[0:2]
                 try:
                     import bzrlib
                     return bzrlib.__doc__ is not None and bzrlib.version_info[:2] >= (
                         int(major),
                         int(minor),
                     )
                 except ImportError:
                     return False
             @check("chg", "running with chg")
             def has_chg():
                 return 'CHGHG' in os.environ
             @check("cvs", "cvs client/server")
             def has_cvs():
                 re = br'Concurrent Versions System.*?server'
                 return matchoutput('cvs --version 2>&1', re) and not has_msys()
             @check("cvs112", "cvs client/server 1.12.* (not cvsnt)")
             def has_cvs112():
                 re = br'Concurrent Versions System \(CVS\) 1.12.*?server'
                 return matchoutput('cvs --version 2>&1', re) and not has_msys()
             @check("cvsnt", "cvsnt client/server")
             def has_cvsnt():
                 re = br'Concurrent Versions System \(CVSNT\) (\d+).(\d+).*\(client/server\)'
                 return matchoutput('cvsnt --version 2>&1', re)
             @check("darcs", "darcs client")
             def has_darcs():
                 return matchoutput('darcs --version', br'\b2\.([2-9]|\d{2})', True)
             @check("mtn", "monotone client (>= 1.0)")
             def has_mtn():
                 return matchoutput('mtn --version', br'monotone', True) and not matchoutput(
                     'mtn --version', br'monotone 0\.', True
                 )
             @check("eol-in-paths", "end-of-lines in paths")
             def has_eol_in_paths():
                 try:
                     fd, path = tempfile.mkstemp(dir='.', prefix=tempprefix, suffix='\n\r')
                     os.close(fd)
                     os.remove(path)
                     return True
                 except (IOError, OSError):
                     return False
             @check("execbit", "executable bit")
             def has_executablebit():
                 try:
                     EXECFLAGS = stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH
                     fh, fn = tempfile.mkstemp(dir='.', prefix=tempprefix)
                     try:
                         os.close(fh)
                         m = os.stat(fn).st_mode & 0o777
                         new_file_has_exec = m & EXECFLAGS
                         os.chmod(fn, m ^ EXECFLAGS)
                         exec_flags_cannot_flip = (os.stat(fn).st_mode & 0o777) == m
                     finally:
                         os.unlink(fn)
                 except (IOError, OSError):
                     # we don't care, the user probably won't be able to commit anyway
                     return False
                 return not (new_file_has_exec or exec_flags_cannot_flip)
             @check("icasefs", "case insensitive file system")
             def has_icasefs():
                 # Stolen from mercurial.util
                 fd, path = tempfile.mkstemp(dir='.', prefix=tempprefix)
                 os.close(fd)
                 try:
                     s1 = os.stat(path)
                     d, b = os.path.split(path)
                     p2 = os.path.join(d, b.upper())
                     if path == p2:
                         p2 = os.path.join(d, b.lower())
                     try:
                         s2 = os.stat(p2)
                         return s2 == s1
                     except OSError:
                         return False
                 finally:
                     os.remove(path)
             @check("fifo", "named pipes")
             def has_fifo():
                 if getattr(os, "mkfifo", None) is None:
                     return False
                 name = tempfile.mktemp(dir='.', prefix=tempprefix)
                 try:
                     os.mkfifo(name)
                     os.unlink(name)
                     return True
                 except OSError:
                     return False
             @check("killdaemons", 'killdaemons.py support')
             def has_killdaemons():
                 return True
             @check("cacheable", "cacheable filesystem")
             def has_cacheable_fs():
                 from mercurial import util
                 fd, path = tempfile.mkstemp(dir='.', prefix=tempprefix)
                 os.close(fd)
                 try:
                     return util.cachestat(path).cacheable()
                 finally:
                     os.remove(path)
             @check("lsprof", "python lsprof module")
             def has_lsprof():
                 try:
                     import _lsprof
                     _lsprof.Profiler  # silence unused import warning
                     return True
                 except ImportError:
                     return False
             def _gethgversion():
                 m = matchoutput('hg --version --quiet 2>&1', br'(\d+)\.(\d+)')
                 if not m:
                     return (0, 0)
                 return (int(m.group(1)), int(m.group(2)))
             _hgversion = None
             def gethgversion():
                 global _hgversion
                 if _hgversion is None:
                     _hgversion = _gethgversion()
                 return _hgversion
             @checkvers(
                 "hg", "Mercurial >= %s", list([(1.0 * x) / 10 for x in range(9, 99)])
             )
             def has_hg_range(v):
                 major, minor = v.split('.')[0:2]
                 return gethgversion() >= (int(major), int(minor))
             @check("rust", "Using the Rust extensions")
             def has_rust():
                 """Check is the mercurial currently running is using some rust code"""
                 cmd = 'hg debuginstall --quiet 2>&1'
                 match = br'checking module policy \(([^)]+)\)'
                 policy = matchoutput(cmd, match)
                 if not policy:
                     return False
                 return b'rust' in policy.group(1)
             @check("hg08", "Mercurial >= 0.8")
             def has_hg08():
                 if checks["hg09"][0]():
                     return True
                 return matchoutput('hg help annotate 2>&1', '--date')
             @check("hg07", "Mercurial >= 0.7")
             def has_hg07():
                 if checks["hg08"][0]():
                     return True
                 return matchoutput('hg --version --quiet 2>&1', 'Mercurial Distributed SCM')
             @check("hg06", "Mercurial >= 0.6")
             def has_hg06():
                 if checks["hg07"][0]():
                     return True
                 return matchoutput('hg --version --quiet 2>&1', 'Mercurial version')
             @check("gettext", "GNU Gettext (msgfmt)")
             def has_gettext():
                 return matchoutput('msgfmt --version', br'GNU gettext-tools')
             @check("git", "git command line client")
             def has_git():
                 return matchoutput('git --version 2>&1', br'^git version')
             def getgitversion():
                 m = matchoutput('git --version 2>&1', br'git version (\d+)\.(\d+)')
                 if not m:
                     return (0, 0)
                 return (int(m.group(1)), int(m.group(2)))
             @check("pygit2", "pygit2 Python library")
             def has_git():
                 try:
                     import pygit2
                     pygit2.Oid  # silence unused import
                     return True
                 except ImportError:
                     return False
             # https://github.com/git-lfs/lfs-test-server
             @check("lfs-test-server", "git-lfs test server")
             def has_lfsserver():
                 exe = 'lfs-test-server'
                 if has_windows():
                     exe = 'lfs-test-server.exe'
                 return any(
                     os.access(os.path.join(path, exe), os.X_OK)
                     for path in os.environ["PATH"].split(os.pathsep)
                 )
             @checkvers("git", "git client (with ext::sh support) version >= %s", (1.9,))
             def has_git_range(v):
                 major, minor = v.split('.')[0:2]
                 return getgitversion() >= (int(major), int(minor))
             @check("docutils", "Docutils text processing library")
             def has_docutils():
                 try:
                     import docutils.core
                     docutils.core.publish_cmdline  # silence unused import
                     return True
                 except ImportError:
                     return False
             def getsvnversion():
                 m = matchoutput('svn --version --quiet 2>&1', br'^(\d+)\.(\d+)')
                 if not m:
                     return (0, 0)
                 return (int(m.group(1)), int(m.group(2)))
             @checkvers("svn", "subversion client and admin tools >= %s", (1.3, 1.5))
             def has_svn_range(v):
                 major, minor = v.split('.')[0:2]
                 return getsvnversion() >= (int(major), int(minor))
             @check("svn", "subversion client and admin tools")
             def has_svn():
                 return matchoutput('svn --version 2>&1', br'^svn, version') and matchoutput(
                     'svnadmin --version 2>&1', br'^svnadmin, version'
                 )
             @check("svn-bindings", "subversion python bindings")
             def has_svn_bindings():
                 try:
                     import svn.core
                     version = svn.core.SVN_VER_MAJOR, svn.core.SVN_VER_MINOR
                     if version < (1, 4):
                         return False
                     return True
                 except ImportError:
                     return False
             @check("p4", "Perforce server and client")
             def has_p4():
                 return matchoutput('p4 -V', br'Rev\. P4/') and matchoutput(
                     'p4d -V', br'Rev\. P4D/'
                 )
             @check("symlink", "symbolic links")
             def has_symlink():
                 # mercurial.windows.checklink() is a hard 'no' at the moment
                 if os.name == 'nt' or getattr(os, "symlink", None) is None:
                     return False
                 name = tempfile.mktemp(dir='.', prefix=tempprefix)
                 try:
                     os.symlink(".", name)
                     os.unlink(name)
                     return True
                 except (OSError, AttributeError):
                     return False
             @check("hardlink", "hardlinks")
             def has_hardlink():
                 from mercurial import util
                 fh, fn = tempfile.mkstemp(dir='.', prefix=tempprefix)
                 os.close(fh)
                 name = tempfile.mktemp(dir='.', prefix=tempprefix)
                 try:
                     util.oslink(_sys2bytes(fn), _sys2bytes(name))
                     os.unlink(name)
                     return True
                 except OSError:
                     return False
                 finally:
                     os.unlink(fn)
             @check("hardlink-whitelisted", "hardlinks on whitelisted filesystems")
             def has_hardlink_whitelisted():
                 from mercurial import util
                 try:
                     fstype = util.getfstype(b'.')
                 except OSError:
                     return False
                 return fstype in util._hardlinkfswhitelist
             @check("rmcwd", "can remove current working directory")
             def has_rmcwd():
                 ocwd = os.getcwd()
                 temp = tempfile.mkdtemp(dir='.', prefix=tempprefix)
                 try:
                     os.chdir(temp)
                     # On Linux, 'rmdir .' isn't allowed, but the other names are okay.
                     # On Solaris and Windows, the cwd can't be removed by any names.
                     os.rmdir(os.getcwd())
                     return True
                 except OSError:
                     return False
                 finally:
                     os.chdir(ocwd)
                     # clean up temp dir on platforms where cwd can't be removed
                     try:
                         os.rmdir(temp)
                     except OSError:
                         pass
             @check("tla", "GNU Arch tla client")
             def has_tla():
                 return matchoutput('tla --version 2>&1', br'The GNU Arch Revision')
             @check("gpg", "gpg client")
             def has_gpg():
                 return matchoutput('gpg --version 2>&1', br'GnuPG')
             @check("gpg2", "gpg client v2")
             def has_gpg2():
                 return matchoutput('gpg --version 2>&1', br'GnuPG[^0-9]+2\.')
             @check("gpg21", "gpg client v2.1+")
             def has_gpg21():
                 return matchoutput('gpg --version 2>&1', br'GnuPG[^0-9]+2\.(?!0)')
             @check("unix-permissions", "unix-style permissions")
             def has_unix_permissions():
                 d = tempfile.mkdtemp(dir='.', prefix=tempprefix)
                 try:
                     fname = os.path.join(d, 'foo')
                     for umask in (0o77, 0o07, 0o22):
                         os.umask(umask)
                         f = open(fname, 'w')
                         f.close()
                         mode = os.stat(fname).st_mode
                         os.unlink(fname)
                         if mode & 0o777 != ~umask & 0o666:
                             return False
                     return True
                 finally:
                     os.rmdir(d)
             @check("unix-socket", "AF_UNIX socket family")
             def has_unix_socket():
                 return getattr(socket, 'AF_UNIX', None) is not None
             @check("root", "root permissions")
             def has_root():
                 return getattr(os, 'geteuid', None) and os.geteuid() == 0
             @check("pyflakes", "Pyflakes python linter")
             def has_pyflakes():
                 try:
                     import pyflakes
                     pyflakes.__version__
                 except ImportError:
                     return False
                 else:
                     return True
             @check("pylint", "Pylint python linter")
             def has_pylint():
                 return matchoutput("pylint --help", br"Usage:  pylint", True)
             @check("clang-format", "clang-format C code formatter")
             def has_clang_format():
                 m = matchoutput('clang-format --version', br'clang-format version (\d)')
                 # style changed somewhere between 4.x and 6.x
                 return m and int(m.group(1)) >= 6
             @check("jshint", "JSHint static code analysis tool")
             def has_jshint():
                 return matchoutput("jshint --version 2>&1", br"jshint v")
             @check("pygments", "Pygments source highlighting library")
             def has_pygments():
                 try:
                     import pygments
                     pygments.highlight  # silence unused import warning
                     return True
                 except ImportError:
                     return False
             @check("pygments25", "Pygments version >= 2.5")
             def pygments25():
                 try:
                     import pygments
                     v = pygments.__version__
                 except ImportError:
                     return False
                 parts = v.split(".")
                 major = int(parts[0])
                 minor = int(parts[1])
                 return (major, minor) >= (2, 5)
             @check("outer-repo", "outer repo")
             def has_outer_repo():
                 # failing for other reasons than 'no repo' imply that there is a repo
                 return not matchoutput('hg root 2>&1', br'abort: no repository found', True)
             @check("ssl", "ssl module available")
             def has_ssl():
                 try:
                     import ssl
                     ssl.CERT_NONE
                     return True
                 except ImportError:
                     return False
-            @check("sslcontext", "python >= 2.7.9 ssl")
-            def has_sslcontext():
-                try:
-                    import ssl
-                    ssl.SSLContext
-                    return True
-                except (ImportError, AttributeError):
-                    return False
             @check("defaultcacertsloaded", "detected presence of loaded system CA certs")
             def has_defaultcacertsloaded():
                 import ssl
                 from mercurial import sslutil, ui as uimod
-                if not has_sslcontext():
-                    return False
                 ui = uimod.ui.load()
                 cafile = sslutil._defaultcacerts(ui)
                 ctx = ssl.create_default_context()
                 if cafile:
                     ctx.load_verify_locations(cafile=cafile)
                 else:
                     ctx.load_default_certs()
                 return len(ctx.get_ca_certs()) > 0
             @check("tls1.2", "TLS 1.2 protocol support")
             def has_tls1_2():
                 from mercurial import sslutil
                 return b'tls1.2' in sslutil.supportedprotocols
             @check("windows", "Windows")
             def has_windows():
                 return os.name == 'nt'
             @check("system-sh", "system() uses sh")
             def has_system_sh():
                 return os.name != 'nt'
             @check("serve", "platform and python can manage 'hg serve -d'")
             def has_serve():
                 return True
             @check("test-repo", "running tests from repository")
             def has_test_repo():
                 t = os.environ["TESTDIR"]
                 return os.path.isdir(os.path.join(t, "..", ".hg"))
             @check("tic", "terminfo compiler and curses module")
             def has_tic():
                 try:
                     import curses
                     curses.COLOR_BLUE
                     return matchoutput('test -x "`which tic`"', br'')
                 except (ImportError, AttributeError):
                     return False
             @check("xz", "xz compression utility")
             def has_xz():
                 # When Windows invokes a subprocess in shell mode, it uses `cmd.exe`, which
                 # only knows `where`, not `which`.  So invoke MSYS shell explicitly.
                 return matchoutput("sh -c 'test -x \"`which xz`\"'", b'')
             @check("msys", "Windows with MSYS")
             def has_msys():
                 return os.getenv('MSYSTEM')
             @check("aix", "AIX")
             def has_aix():
                 return sys.platform.startswith("aix")
             @check("osx", "OS X")
             def has_osx():
                 return sys.platform == 'darwin'
             @check("osxpackaging", "OS X packaging tools")
             def has_osxpackaging():
                 try:
                     return (
                         matchoutput('pkgbuild', br'Usage: pkgbuild ', ignorestatus=1)
                         and matchoutput(
                             'productbuild', br'Usage: productbuild ', ignorestatus=1
                         )
                         and matchoutput('lsbom', br'Usage: lsbom', ignorestatus=1)
                         and matchoutput('xar --help', br'Usage: xar', ignorestatus=1)
                     )
                 except ImportError:
                     return False
             @check('linuxormacos', 'Linux or MacOS')
             def has_linuxormacos():
                 # This isn't a perfect test for MacOS. But it is sufficient for our needs.
                 return sys.platform.startswith(('linux', 'darwin'))
             @check("docker", "docker support")
             def has_docker():
                 pat = br'A self-sufficient runtime for'
                 if matchoutput('docker --help', pat):
                     if 'linux' not in sys.platform:
                         # TODO: in theory we should be able to test docker-based
                         # package creation on non-linux using boot2docker, but in
                         # practice that requires extra coordination to make sure
                         # $TESTTEMP is going to be visible at the same path to the
                         # boot2docker VM. If we figure out how to verify that, we
                         # can use the following instead of just saying False:
                         # return 'DOCKER_HOST' in os.environ
                         return False
                     return True
                 return False
             @check("debhelper", "debian packaging tools")
             def has_debhelper():
                 # Some versions of dpkg say `dpkg', some say 'dpkg' (` vs ' on the first
                 # quote), so just accept anything in that spot.
                 dpkg = matchoutput(
                     'dpkg --version', br"Debian .dpkg' package management program"
                 )
                 dh = matchoutput(
                     'dh --help', br'dh is a part of debhelper.', ignorestatus=True
                 )
                 dh_py2 = matchoutput(
                     'dh_python2 --help', br'other supported Python versions'
                 )
                 # debuild comes from the 'devscripts' package, though you might want
                 # the 'build-debs' package instead, which has a dependency on devscripts.
                 debuild = matchoutput(
                     'debuild --help', br'to run debian/rules with given parameter'
                 )
                 return dpkg and dh and dh_py2 and debuild
             @check(
                 "debdeps", "debian build dependencies (run dpkg-checkbuilddeps in contrib/)"
             )
             def has_debdeps():
                 # just check exit status (ignoring output)
                 path = '%s/../contrib/packaging/debian/control' % os.environ['TESTDIR']
                 return matchoutput('dpkg-checkbuilddeps %s' % path, br'')
             @check("demandimport", "demandimport enabled")
             def has_demandimport():
                 # chg disables demandimport intentionally for performance wins.
                 return (not has_chg()) and os.environ.get('HGDEMANDIMPORT') != 'disable'
             # Add "py27", "py35", ... as possible feature checks. Note that there's no
             # punctuation here.
             @checkvers("py", "Python >= %s", (2.7, 3.5, 3.6, 3.7, 3.8, 3.9))
             def has_python_range(v):
                 major, minor = v.split('.')[0:2]
                 py_major, py_minor = sys.version_info.major, sys.version_info.minor
                 return (py_major, py_minor) >= (int(major), int(minor))
             @check("py3", "running with Python 3.x")
             def has_py3():
                 return 3 == sys.version_info[0]
             @check("py3exe", "a Python 3.x interpreter is available")
             def has_python3exe():
                 return matchoutput('python3 -V', br'^Python 3.(5|6|7|8|9)')
             @check("pure", "running with pure Python code")
             def has_pure():
                 return any(
                     [
                         os.environ.get("HGMODULEPOLICY") == "py",
                         os.environ.get("HGTEST_RUN_TESTS_PURE") == "--pure",
                     ]
                 )
             @check("slow", "allow slow tests (use --allow-slow-tests)")
             def has_slow():
                 return os.environ.get('HGTEST_SLOW') == 'slow'
             @check("hypothesis", "Hypothesis automated test generation")
             def has_hypothesis():
                 try:
                     import hypothesis
                     hypothesis.given
                     return True
                 except ImportError:
                     return False
             @check("unziplinks", "unzip(1) understands and extracts symlinks")
             def unzip_understands_symlinks():
                 return matchoutput('unzip --help', br'Info-ZIP')
             @check("zstd", "zstd Python module available")
             def has_zstd():
                 try:
                     import mercurial.zstd
                     mercurial.zstd.__version__
                     return True
                 except ImportError:
                     return False
             @check("devfull", "/dev/full special file")
             def has_dev_full():
                 return os.path.exists('/dev/full')
             @check("ensurepip", "ensurepip module")
             def has_ensurepip():
                 try:
                     import ensurepip
                     ensurepip.bootstrap
                     return True
                 except ImportError:
                     return False
             @check("virtualenv", "Python virtualenv support")
             def has_virtualenv():
                 try:
                     import virtualenv
                     virtualenv.ACTIVATE_SH
                     return True
                 except ImportError:
                     return False
             @check("fsmonitor", "running tests with fsmonitor")
             def has_fsmonitor():
                 return 'HGFSMONITOR_TESTS' in os.environ
             @check("fuzzywuzzy", "Fuzzy string matching library")
             def has_fuzzywuzzy():
                 try:
                     import fuzzywuzzy
                     fuzzywuzzy.__version__
                     return True
                 except ImportError:
                     return False
             @check("clang-libfuzzer", "clang new enough to include libfuzzer")
             def has_clang_libfuzzer():
                 mat = matchoutput('clang --version', br'clang version (\d)')
                 if mat:
                     # libfuzzer is new in clang 6
                     return int(mat.group(1)) > 5
                 return False
             @check("clang-6.0", "clang 6.0 with version suffix (libfuzzer included)")
             def has_clang60():
                 return matchoutput('clang-6.0 --version', br'clang version 6\.')
             @check("xdiff", "xdiff algorithm")
             def has_xdiff():
                 try:
                     from mercurial import policy
                     bdiff = policy.importmod('bdiff')
                     return bdiff.xdiffblocks(b'', b'') == [(0, 0, 0, 0)]
                 except (ImportError, AttributeError):
                     return False
             @check('extraextensions', 'whether tests are running with extra extensions')
             def has_extraextensions():
                 return 'HGTESTEXTRAEXTENSIONS' in os.environ
             def getrepofeatures():
                 """Obtain set of repository features in use.
                 HGREPOFEATURES can be used to define or remove features. It contains
                 a space-delimited list of feature strings. Strings beginning with ``-``
                 mean to remove.
                 """
                 # Default list provided by core.
                 features = {
                     'bundlerepo',
                     'revlogstore',
                     'fncache',
                 }
                 # Features that imply other features.
                 implies = {
                     'simplestore': ['-revlogstore', '-bundlerepo', '-fncache'],
                 }
                 for override in os.environ.get('HGREPOFEATURES', '').split(' '):
                     if not override:
                         continue
                     if override.startswith('-'):
                         if override[1:] in features:
                             features.remove(override[1:])
                     else:
                         features.add(override)
                         for imply in implies.get(override, []):
                             if imply.startswith('-'):
                                 if imply[1:] in features:
                                     features.remove(imply[1:])
                             else:
                                 features.add(imply)
                 return features
             @check('reporevlogstore', 'repository using the default revlog store')
             def has_reporevlogstore():
                 return 'revlogstore' in getrepofeatures()
             @check('reposimplestore', 'repository using simple storage extension')
             def has_reposimplestore():
                 return 'simplestore' in getrepofeatures()
             @check('repobundlerepo', 'whether we can open bundle files as repos')
             def has_repobundlerepo():
                 return 'bundlerepo' in getrepofeatures()
             @check('repofncache', 'repository has an fncache')
             def has_repofncache():
                 return 'fncache' in getrepofeatures()
             @check('sqlite', 'sqlite3 module is available')
             def has_sqlite():
                 try:
                     import sqlite3
                     version = sqlite3.sqlite_version_info
                 except ImportError:
                     return False
                 if version < (3, 8, 3):
                     # WITH clause not supported
                     return False
                 return matchoutput('sqlite3 -version', br'^3\.\d+')
             @check('vcr', 'vcr http mocking library')
             def has_vcr():
                 try:
                     import vcr
                     vcr.VCR
                     return True
                 except (ImportError, AttributeError):
                     pass
                 return False
             @check('emacs', 'GNU Emacs')
             def has_emacs():
                 # Our emacs lisp uses `with-eval-after-load` which is new in emacs
                 # 24.4, so we allow emacs 24.4, 24.5, and 25+ (24.5 was the last
                 # 24 release)
                 return matchoutput('emacs --version', b'GNU Emacs 2(4.4|4.5|5|6|7|8|9)')
             @check('black', 'the black formatter for python')
             def has_black():
                 blackcmd = 'black --version'
                 version_regex = b'black, version ([0-9a-b.]+)'
                 version = matchoutput(blackcmd, version_regex)
                 sv = distutils.version.StrictVersion
                 return version and sv(_bytes2sys(version.group(1))) >= sv('19.10b0')
             @check('pytype', 'the pytype type checker')
             def has_pytype():
                 pytypecmd = 'pytype --version'
                 version = matchoutput(pytypecmd, b'[0-9a-b.]+')
                 sv = distutils.version.StrictVersion
                 return version and sv(_bytes2sys(version.group(0))) >= sv('2019.10.17')
             @check("rustfmt", "rustfmt tool")
             def has_rustfmt():
                 # We use Nightly's rustfmt due to current unstable config options.
                 return matchoutput(
                     '`rustup which --toolchain nightly rustfmt` --version', b'rustfmt'
                 )

tests/test-clonebundles.t

0 +2 -18

             #require no-reposimplestore no-chg
             Set up a server
               $ hg init server
               $ cd server
               $ cat >> .hg/hgrc << EOF
               > [extensions]
               > clonebundles =
               > EOF
               $ touch foo
               $ hg -q commit -A -m 'add foo'
               $ touch bar
               $ hg -q commit -A -m 'add bar'
               $ hg serve -d -p $HGPORT --pid-file hg.pid --accesslog access.log
               $ cat hg.pid >> $DAEMON_PIDS
               $ cd ..
             Missing manifest should not result in server lookup
               $ hg --verbose clone -U http://localhost:$HGPORT no-manifest
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               new changesets 53245c60e682:aaff8d2ffbbf
               (sent 3 HTTP requests and * bytes; received * bytes in responses) (glob)
               $ cat server/access.log
               * - - [*] "GET /?cmd=capabilities HTTP/1.1" 200 - (glob)
               $LOCALIP - - [$LOGDATE$] "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ partial-pull (glob)
               $LOCALIP - - [$LOGDATE$] "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:bookmarks=1&$USUAL_BUNDLE_CAPS$&cg=1&common=0000000000000000000000000000000000000000&heads=aaff8d2ffbbf07a46dd1f05d8ae7877e3f56e2a2&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ partial-pull (glob)
             Empty manifest file results in retrieval
             (the extension only checks if the manifest file exists)
               $ touch server/.hg/clonebundles.manifest
               $ hg --verbose clone -U http://localhost:$HGPORT empty-manifest
               no clone bundles available on remote; falling back to regular clone
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               new changesets 53245c60e682:aaff8d2ffbbf
               (sent 4 HTTP requests and * bytes; received * bytes in responses) (glob)
             Manifest file with invalid URL aborts
               $ echo 'http://does.not.exist/bundle.hg' > server/.hg/clonebundles.manifest
               $ hg clone http://localhost:$HGPORT 404-url
               applying clone bundle from http://does.not.exist/bundle.hg
               error fetching bundle: (.* not known|(\[Errno -?\d+] )?([Nn]o address associated with (host)?name|Temporary failure in name resolution|Name does not resolve)) (re) (no-windows !)
               error fetching bundle: [Errno 1100*] getaddrinfo failed (glob) (windows !)
               abort: error applying bundle
               (if this error persists, consider contacting the server operator or disable clone bundles via "--config ui.clonebundles=false")
               [255]
             Server is not running aborts
               $ echo "http://localhost:$HGPORT1/bundle.hg" > server/.hg/clonebundles.manifest
               $ hg clone http://localhost:$HGPORT server-not-runner
               applying clone bundle from http://localhost:$HGPORT1/bundle.hg
               error fetching bundle: (.* refused.*|Protocol not supported|(.* )?\$EADDRNOTAVAIL\$|.* No route to host) (re)
               abort: error applying bundle
               (if this error persists, consider contacting the server operator or disable clone bundles via "--config ui.clonebundles=false")
               [255]
             Server returns 404
               $ "$PYTHON" $TESTDIR/dumbhttp.py -p $HGPORT1 --pid http.pid
               $ cat http.pid >> $DAEMON_PIDS
               $ hg clone http://localhost:$HGPORT running-404
               applying clone bundle from http://localhost:$HGPORT1/bundle.hg
               HTTP error fetching bundle: HTTP Error 404: File not found
               abort: error applying bundle
               (if this error persists, consider contacting the server operator or disable clone bundles via "--config ui.clonebundles=false")
               [255]
             We can override failure to fall back to regular clone
               $ hg --config ui.clonebundlefallback=true clone -U http://localhost:$HGPORT 404-fallback
               applying clone bundle from http://localhost:$HGPORT1/bundle.hg
               HTTP error fetching bundle: HTTP Error 404: File not found
               falling back to normal clone
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               new changesets 53245c60e682:aaff8d2ffbbf
             Bundle with partial content works
               $ hg -R server bundle --type gzip-v1 --base null -r 53245c60e682 partial.hg
 changesets found
             We verify exact bundle content as an extra check against accidental future
             changes. If this output changes, we could break old clients.
               $ f --size --hexdump partial.hg
               partial.hg: size=207
 : 48 47 31 30 47 5a 78 9c 63 60 60 98 17 ac 12 93 |HG10GZx.c``.....|
 : f0 ac a9 23 45 70 cb bf 0d 5f 59 4e 4a 7f 79 21 |...#Ep..._YNJ.y!|
 : 9b cc 40 24 20 a0 d7 ce 2c d1 38 25 cd 24 25 d5 |..@$ ...,.8%.$%.|
 : d8 c2 22 cd 38 d9 24 cd 22 d5 c8 22 cd 24 cd 32 |..".8.$."..".$.2|
 : d1 c2 d0 c4 c8 d2 32 d1 38 39 29 c9 34 cd d4 80 |......2.89).4...|
 : ab 24 b5 b8 84 cb 40 c1 80 2b 2d 3f 9f 8b 2b 31 |.$....@..+-?..+1|
 : 25 45 01 c8 80 9a d2 9b 65 fb e5 9e 45 bf 8d 7f |%E......e...E...|
 : 9f c6 97 9f 2b 44 34 67 d9 ec 8e 0f a0 92 0b 75 |....+D4g.......u|
 : 41 d6 24 59 18 a4 a4 9a a6 18 1a 5b 98 9b 5a 98 |A.$Y.......[..Z.|
 : 9a 18 26 9b a6 19 98 1a 99 99 26 a6 18 9a 98 24 |..&.......&....$|
 a0: 26 59 a6 25 5a 98 a5 18 a6 24 71 41 35 b1 43 dc |&Y.%Z....$qA5.C.|
 b0: 16 b2 83 f7 e9 45 8b d2 56 c7 a3 1f 82 52 d7 8a |.....E..V....R..|
 c0: 78 ed fc d5 76 f1 36 35 dc 05 00 36 ed 5e c7    |x...v.65...6.^.|
               $ echo "http://localhost:$HGPORT1/partial.hg" > server/.hg/clonebundles.manifest
               $ hg clone -U http://localhost:$HGPORT partial-bundle
               applying clone bundle from http://localhost:$HGPORT1/partial.hg
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 1 changes to 1 files
               finished applying clone bundle
               searching for changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 1 changes to 1 files
               new changesets aaff8d2ffbbf
 local changesets published
             Incremental pull doesn't fetch bundle
               $ hg clone -r 53245c60e682 -U http://localhost:$HGPORT partial-clone
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 1 changes to 1 files
               new changesets 53245c60e682
               $ cd partial-clone
               $ hg pull
               pulling from http://localhost:$HGPORT/
               searching for changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 1 changes to 1 files
               new changesets aaff8d2ffbbf
               (run 'hg update' to get a working copy)
               $ cd ..
             Bundle with full content works
               $ hg -R server bundle --type gzip-v2 --base null -r tip full.hg
 changesets found
             Again, we perform an extra check against bundle content changes. If this content
             changes, clone bundles produced by new Mercurial versions may not be readable
             by old clients.
               $ f --size --hexdump full.hg
               full.hg: size=442
 : 48 47 32 30 00 00 00 0e 43 6f 6d 70 72 65 73 73 |HG20....Compress|
 : 69 6f 6e 3d 47 5a 78 9c 63 60 60 d0 e4 76 f6 70 |ion=GZx.c``..v.p|
 : f4 73 77 75 0f f2 0f 0d 60 00 02 46 46 76 26 4e |.swu....`..FFv&N|
 : c6 b2 d4 a2 e2 cc fc 3c 03 a3 bc a4 e4 8c c4 bc |.......<........|
 : f4 d4 62 23 06 06 e6 19 40 f9 4d c1 2a 31 09 cf |..b#....@.M.*1..|
 : 9a 3a 52 04 b7 fc db f0 95 e5 a4 f4 97 17 b2 c9 |.:R.............|
 : 0c 14 00 02 e6 d9 99 25 1a a7 a4 99 a4 a4 1a 5b |.......%.......[|
 : 58 a4 19 27 9b a4 59 a4 1a 59 a4 99 a4 59 26 5a |X..'..Y..Y...Y&Z|
 : 18 9a 18 59 5a 26 1a 27 27 25 99 a6 99 1a 70 95 |...YZ&.''%....p.|
 : a4 16 97 70 19 28 18 70 a5 e5 e7 73 71 25 a6 a4 |...p.(.p...sq%..|
 a0: 28 00 19 20 17 af fa df ab ff 7b 3f fb 92 dc 8b |(.. ......{?....|
 b0: 1f 62 bb 9e b7 d7 d9 87 3d 5a 44 89 2f b0 99 87 |.b......=ZD./...|
 c0: ec e2 54 63 43 e3 b4 64 43 73 23 33 43 53 0b 63 |..TcC..dCs#3CS.c|
 d0: d3 14 23 03 a0 fb 2c 2c 0c d3 80 1e 30 49 49 b1 |..#...,,....0II.|
 e0: 4c 4a 32 48 33 30 b0 34 42 b8 38 29 b1 08 e2 62 |LJ2H30.4B.8)...b|
 f0: 20 03 6a ca c2 2c db 2f f7 2c fa 6d fc fb 34 be | .j..,./.,.m..4.|
 : fc 5c 21 a2 39 cb 66 77 7c 00 0d c3 59 17 14 58 |.\!.9.fw|...Y..X|
 : 49 16 06 29 a9 a6 29 86 c6 16 e6 a6 16 a6 26 86 |I..)..).......&.|
 : c9 a6 69 06 a6 46 66 a6 89 29 86 26 26 89 49 96 |..i..Ff..).&&.I.|
 : 69 89 16 66 29 86 29 49 5c 20 07 3e 16 fe 23 ae |i..f).)I\ .>..#.|
 : 26 da 1c ab 10 1f d1 f8 e3 b3 ef cd dd fc 0c 93 |&...............|
 : 88 75 34 36 75 04 82 55 17 14 36 a4 38 10 04 d8 |.u46u..U..6.8...|
 : 21 01 9a b1 83 f7 e9 45 8b d2 56 c7 a3 1f 82 52 |!......E..V....R|
 : d7 8a 78 ed fc d5 76 f1 36 25 81 89 c7 ad ec 90 |..x...v.6%......|
 : 54 47 75 2b 89 48 b1 b2 62 c9 89 c9 19 a9 56 45 |TGu+.H..b.....VE|
 : a9 65 ba 49 45 89 79 c9 19 ba 60 01 a0 14 23 58 |.e.IE.y...`...#X|
 a0: 81 35 c8 7d 40 cc 04 e2 a4 a4 a6 25 96 e6 94 60 |.5.}@......%...`|
 b0: 33 17 5f 54 00 00 d3 1b 0d 4c                   |3._T.....L|
               $ echo "http://localhost:$HGPORT1/full.hg" > server/.hg/clonebundles.manifest
               $ hg clone -U http://localhost:$HGPORT full-bundle
               applying clone bundle from http://localhost:$HGPORT1/full.hg
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               finished applying clone bundle
               searching for changes
               no changes found
 local changesets published
             Feature works over SSH
               $ hg clone -U -e "\"$PYTHON\" \"$TESTDIR/dummyssh\"" ssh://user@dummy/server ssh-full-clone
               applying clone bundle from http://localhost:$HGPORT1/full.hg
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               finished applying clone bundle
               searching for changes
               no changes found
 local changesets published
             Entry with unknown BUNDLESPEC is filtered and not used
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://bad.entry1 BUNDLESPEC=UNKNOWN
               > http://bad.entry2 BUNDLESPEC=xz-v1
               > http://bad.entry3 BUNDLESPEC=none-v100
               > http://localhost:$HGPORT1/full.hg BUNDLESPEC=gzip-v2
               > EOF
               $ hg clone -U http://localhost:$HGPORT filter-unknown-type
               applying clone bundle from http://localhost:$HGPORT1/full.hg
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               finished applying clone bundle
               searching for changes
               no changes found
 local changesets published
             Automatic fallback when all entries are filtered
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://bad.entry BUNDLESPEC=UNKNOWN
               > EOF
               $ hg clone -U http://localhost:$HGPORT filter-all
               no compatible clone bundles available on server; falling back to regular clone
               (you may want to report this to the server operator)
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               new changesets 53245c60e682:aaff8d2ffbbf
-            URLs requiring SNI are filtered in Python <2.7.9
+            We require a Python version that supports SNI. Therefore, URLs requiring SNI
+            are not filtered.
               $ cp full.hg sni.hg
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/sni.hg REQUIRESNI=true
               > http://localhost:$HGPORT1/full.hg
               > EOF
-            #if sslcontext
-            Python 2.7.9+ support SNI
               $ hg clone -U http://localhost:$HGPORT sni-supported
               applying clone bundle from http://localhost:$HGPORT1/sni.hg
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               finished applying clone bundle
               searching for changes
               no changes found
 local changesets published
-            #else
-            Python <2.7.9 will filter SNI URLs
-              $ hg clone -U http://localhost:$HGPORT sni-unsupported
-              applying clone bundle from http://localhost:$HGPORT1/full.hg
-              adding changesets
-              adding manifests
-              adding file changes
-              added 2 changesets with 2 changes to 2 files
-              finished applying clone bundle
-              searching for changes
-              no changes found
-local changesets published
-            #endif
             Stream clone bundles are supported
               $ hg -R server debugcreatestreamclonebundle packed.hg
               writing 613 bytes for 4 files
               bundle requirements: generaldelta, revlogv1, sparserevlog
             No bundle spec should work
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/packed.hg
               > EOF
               $ hg clone -U http://localhost:$HGPORT stream-clone-no-spec
               applying clone bundle from http://localhost:$HGPORT1/packed.hg
 files to transfer, 613 bytes of data
               transferred 613 bytes in *.* seconds (*) (glob)
               finished applying clone bundle
               searching for changes
               no changes found
             Bundle spec without parameters should work
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/packed.hg BUNDLESPEC=none-packed1
               > EOF
               $ hg clone -U http://localhost:$HGPORT stream-clone-vanilla-spec
               applying clone bundle from http://localhost:$HGPORT1/packed.hg
 files to transfer, 613 bytes of data
               transferred 613 bytes in *.* seconds (*) (glob)
               finished applying clone bundle
               searching for changes
               no changes found
             Bundle spec with format requirements should work
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/packed.hg BUNDLESPEC=none-packed1;requirements%3Drevlogv1
               > EOF
               $ hg clone -U http://localhost:$HGPORT stream-clone-supported-requirements
               applying clone bundle from http://localhost:$HGPORT1/packed.hg
 files to transfer, 613 bytes of data
               transferred 613 bytes in *.* seconds (*) (glob)
               finished applying clone bundle
               searching for changes
               no changes found
             Stream bundle spec with unknown requirements should be filtered out
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/packed.hg BUNDLESPEC=none-packed1;requirements%3Drevlogv42
               > EOF
               $ hg clone -U http://localhost:$HGPORT stream-clone-unsupported-requirements
               no compatible clone bundles available on server; falling back to regular clone
               (you may want to report this to the server operator)
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               new changesets 53245c60e682:aaff8d2ffbbf
             Set up manifest for testing preferences
             (Remember, the TYPE does not have to match reality - the URL is
             important)
               $ cp full.hg gz-a.hg
               $ cp full.hg gz-b.hg
               $ cp full.hg bz2-a.hg
               $ cp full.hg bz2-b.hg
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/gz-a.hg BUNDLESPEC=gzip-v2 extra=a
               > http://localhost:$HGPORT1/bz2-a.hg BUNDLESPEC=bzip2-v2 extra=a
               > http://localhost:$HGPORT1/gz-b.hg BUNDLESPEC=gzip-v2 extra=b
               > http://localhost:$HGPORT1/bz2-b.hg BUNDLESPEC=bzip2-v2 extra=b
               > EOF
             Preferring an undefined attribute will take first entry
               $ hg --config ui.clonebundleprefers=foo=bar clone -U http://localhost:$HGPORT prefer-foo
               applying clone bundle from http://localhost:$HGPORT1/gz-a.hg
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               finished applying clone bundle
               searching for changes
               no changes found
 local changesets published
             Preferring bz2 type will download first entry of that type
               $ hg --config ui.clonebundleprefers=COMPRESSION=bzip2 clone -U http://localhost:$HGPORT prefer-bz
               applying clone bundle from http://localhost:$HGPORT1/bz2-a.hg
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               finished applying clone bundle
               searching for changes
               no changes found
 local changesets published
             Preferring multiple values of an option works
               $ hg --config ui.clonebundleprefers=COMPRESSION=unknown,COMPRESSION=bzip2 clone -U http://localhost:$HGPORT prefer-multiple-bz
               applying clone bundle from http://localhost:$HGPORT1/bz2-a.hg
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               finished applying clone bundle
               searching for changes
               no changes found
 local changesets published
             Sorting multiple values should get us back to original first entry
               $ hg --config ui.clonebundleprefers=BUNDLESPEC=unknown,BUNDLESPEC=gzip-v2,BUNDLESPEC=bzip2-v2 clone -U http://localhost:$HGPORT prefer-multiple-gz
               applying clone bundle from http://localhost:$HGPORT1/gz-a.hg
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               finished applying clone bundle
               searching for changes
               no changes found
 local changesets published
             Preferring multiple attributes has correct order
               $ hg --config ui.clonebundleprefers=extra=b,BUNDLESPEC=bzip2-v2 clone -U http://localhost:$HGPORT prefer-separate-attributes
               applying clone bundle from http://localhost:$HGPORT1/bz2-b.hg
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               finished applying clone bundle
               searching for changes
               no changes found
 local changesets published
             Test where attribute is missing from some entries
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/gz-a.hg BUNDLESPEC=gzip-v2
               > http://localhost:$HGPORT1/bz2-a.hg BUNDLESPEC=bzip2-v2
               > http://localhost:$HGPORT1/gz-b.hg BUNDLESPEC=gzip-v2 extra=b
               > http://localhost:$HGPORT1/bz2-b.hg BUNDLESPEC=bzip2-v2 extra=b
               > EOF
               $ hg --config ui.clonebundleprefers=extra=b clone -U http://localhost:$HGPORT prefer-partially-defined-attribute
               applying clone bundle from http://localhost:$HGPORT1/gz-b.hg
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               finished applying clone bundle
               searching for changes
               no changes found
 local changesets published
             Test a bad attribute list
               $ hg --config ui.clonebundleprefers=bad clone -U http://localhost:$HGPORT bad-input
               abort: invalid ui.clonebundleprefers item: bad
               (each comma separated item should be key=value pairs)
               [255]
               $ hg --config ui.clonebundleprefers=key=val,bad,key2=val2 clone \
               >    -U http://localhost:$HGPORT bad-input
               abort: invalid ui.clonebundleprefers item: bad
               (each comma separated item should be key=value pairs)
               [255]
             Test interaction between clone bundles and --stream
             A manifest with just a gzip bundle
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/gz-a.hg BUNDLESPEC=gzip-v2
               > EOF
               $ hg clone -U --stream http://localhost:$HGPORT uncompressed-gzip
               no compatible clone bundles available on server; falling back to regular clone
               (you may want to report this to the server operator)
               streaming all changes
 files to transfer, 816 bytes of data
               transferred 816 bytes in * seconds (*) (glob)
             A manifest with a stream clone but no BUNDLESPEC
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/packed.hg
               > EOF
               $ hg clone -U --stream http://localhost:$HGPORT uncompressed-no-bundlespec
               no compatible clone bundles available on server; falling back to regular clone
               (you may want to report this to the server operator)
               streaming all changes
 files to transfer, 816 bytes of data
               transferred 816 bytes in * seconds (*) (glob)
             A manifest with a gzip bundle and a stream clone
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/gz-a.hg BUNDLESPEC=gzip-v2
               > http://localhost:$HGPORT1/packed.hg BUNDLESPEC=none-packed1
               > EOF
               $ hg clone -U --stream http://localhost:$HGPORT uncompressed-gzip-packed
               applying clone bundle from http://localhost:$HGPORT1/packed.hg
 files to transfer, 613 bytes of data
               transferred 613 bytes in * seconds (*) (glob)
               finished applying clone bundle
               searching for changes
               no changes found
             A manifest with a gzip bundle and stream clone with supported requirements
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/gz-a.hg BUNDLESPEC=gzip-v2
               > http://localhost:$HGPORT1/packed.hg BUNDLESPEC=none-packed1;requirements%3Drevlogv1
               > EOF
               $ hg clone -U --stream http://localhost:$HGPORT uncompressed-gzip-packed-requirements
               applying clone bundle from http://localhost:$HGPORT1/packed.hg
 files to transfer, 613 bytes of data
               transferred 613 bytes in * seconds (*) (glob)
               finished applying clone bundle
               searching for changes
               no changes found
             A manifest with a gzip bundle and a stream clone with unsupported requirements
               $ cat > server/.hg/clonebundles.manifest << EOF
               > http://localhost:$HGPORT1/gz-a.hg BUNDLESPEC=gzip-v2
               > http://localhost:$HGPORT1/packed.hg BUNDLESPEC=none-packed1;requirements%3Drevlogv42
               > EOF
               $ hg clone -U --stream http://localhost:$HGPORT uncompressed-gzip-packed-unsupported-requirements
               no compatible clone bundles available on server; falling back to regular clone
               (you may want to report this to the server operator)
               streaming all changes
 files to transfer, 816 bytes of data
               transferred 816 bytes in * seconds (*) (glob)
             Test clone bundle retrieved through bundle2
               $ cat << EOF >> $HGRCPATH
               > [extensions]
               > largefiles=
               > EOF
               $ killdaemons.py
               $ hg -R server serve -d -p $HGPORT --pid-file hg.pid --accesslog access.log
               $ cat hg.pid >> $DAEMON_PIDS
               $ hg -R server debuglfput gz-a.hg
 f74b3d08286b9b3a16fb3fa185dd29219cbc6ae
               $ cat > server/.hg/clonebundles.manifest << EOF
               > largefile://1f74b3d08286b9b3a16fb3fa185dd29219cbc6ae BUNDLESPEC=gzip-v2
               > EOF
               $ hg clone -U http://localhost:$HGPORT largefile-provided --traceback
               applying clone bundle from largefile://1f74b3d08286b9b3a16fb3fa185dd29219cbc6ae
               adding changesets
               adding manifests
               adding file changes
               added 2 changesets with 2 changes to 2 files
               finished applying clone bundle
               searching for changes
               no changes found
 local changesets published

tests/test-https.t

0 +2 -68

             #require serve ssl
             Proper https client requires the built-in ssl from Python 2.6.
             Disable the system configuration which may set stricter TLS requirements.
             This test expects that legacy TLS versions are supported.
               $ OPENSSL_CONF=
               $ export OPENSSL_CONF
             Make server certificates:
               $ CERTSDIR="$TESTDIR/sslcerts"
               $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
               $ PRIV=`pwd`/server.pem
               $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem
               $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem
               $ hg init test
               $ cd test
               $ echo foo>foo
               $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
               $ echo foo>foo.d/foo
               $ echo bar>foo.d/bAr.hg.d/BaR
               $ echo bar>foo.d/baR.d.hg/bAR
               $ hg commit -A -m 1
               adding foo
               adding foo.d/bAr.hg.d/BaR
               adding foo.d/baR.d.hg/bAR
               adding foo.d/foo
               $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
               $ cat ../hg0.pid >> $DAEMON_PIDS
             cacert not found
               $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: could not find web.cacerts: no-such.pem
               [255]
             Test server address cannot be reused
               $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
               abort: cannot start server at 'localhost:$HGPORT': $EADDRINUSE$
               [255]
               $ cd ..
             Our test cert is not signed by a trusted CA. It should fail to verify if
             we are able to load CA certs.
-            #if sslcontext no-defaultcacertsloaded
+            #if no-defaultcacertsloaded
               $ hg clone https://localhost:$HGPORT/ copy-pull
               (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
               abort: error: *certificate verify failed* (glob)
               [255]
             #endif
-            #if no-sslcontext
-              $ hg clone https://localhost:$HGPORT/ copy-pull
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-              (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
-              abort: error: *certificate verify failed* (glob)
-              [255]
-            #endif
-            #if no-sslcontext windows
-              $ hg clone https://localhost:$HGPORT/ copy-pull
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-              (unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
-              abort: error: *certificate verify failed* (glob)
-              [255]
-            #endif
-            #if no-sslcontext osx
-              $ hg clone https://localhost:$HGPORT/ copy-pull
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-              (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
-              abort: localhost certificate error: no certificate received
-              (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
-              [255]
-            #endif
             #if defaultcacertsloaded
               $ hg clone https://localhost:$HGPORT/ copy-pull
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
             #endif
             Specifying a per-host certificate file that doesn't exist will abort.  The full
             C:/path/to/msysroot will print on Windows.
               $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: */does/not/exist (glob)
               [255]
             A malformed per-host certificate file will raise an error
               $ echo baddata > badca.pem
-            #if sslcontext
               $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error loading CA file badca.pem: * (glob)
               (file is empty or malformed?)
               [255]
-            #else
-              $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-              abort: error: * (glob)
-              [255]
-            #endif
             A per-host certificate mismatching the server will fail verification
             (modern ssl is able to discern whether the loaded cert is a CA cert)
-            #if sslcontext
               $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
-            #else
-              $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-              abort: error: *certificate verify failed* (glob)
-              [255]
-            #endif
             A per-host certificate matching the server's cert will be accepted
               $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
             A per-host certificate with multiple certs and one matching will be accepted
               $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem
               $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
             Defining both per-host certificate and a fingerprint will print a warning
               $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification)
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
             Inability to verify peer certificate will result in abort
               $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
               (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
               [255]
               $ hg clone --insecure https://localhost:$HGPORT/ copy-pull
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
               requesting all changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 4 changes to 4 files
               new changesets 8b6053c928fe
               updating to branch default
 files updated, 0 files merged, 0 files removed, 0 files unresolved
               $ hg verify -R copy-pull
               checking changesets
               checking manifests
               crosschecking files in changesets and manifests
               checking files
               checked 1 changesets with 4 changes to 4 files
               $ cd test
               $ echo bar > bar
               $ hg commit -A -d '1 0' -m 2
               adding bar
               $ cd ..
             pull without cacert
               $ cd copy-pull
               $ cat >> .hg/hgrc <<EOF
               > [hooks]
               > changegroup = sh -c "printenv.py --line changegroup"
               > EOF
               $ hg pull $DISABLECACERTS
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
               (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
               [255]
               $ hg pull --insecure
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
               searching for changes
               adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 1 changes to 1 files
               new changesets 5fed3813f7f5
               changegroup hook: HG_HOOKNAME=changegroup
               HG_HOOKTYPE=changegroup
               HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d
               HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d
               HG_SOURCE=pull
               HG_TXNID=TXN:$ID$
               HG_TXNNAME=pull
               https://localhost:$HGPORT/
               HG_URL=https://localhost:$HGPORT/
               (run 'hg update' to get a working copy)
               $ cd ..
             cacert configured in local repo
               $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
               $ echo "[web]" >> copy-pull/.hg/hgrc
               $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc
               $ hg -R copy-pull pull
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               searching for changes
               no changes found
               $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
             cacert configured globally, also testing expansion of environment
             variables in the filename
               $ echo "[web]" >> $HGRCPATH
               $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
               $ P="$CERTSDIR" hg -R copy-pull pull
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               searching for changes
               no changes found
               $ P="$CERTSDIR" hg -R copy-pull pull --insecure
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
               searching for changes
               no changes found
             empty cacert file
               $ touch emptycafile
-            #if sslcontext
               $ hg --config web.cacerts=emptycafile -R copy-pull pull
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error loading CA file emptycafile: * (glob)
               (file is empty or malformed?)
               [255]
-            #else
-              $ hg --config web.cacerts=emptycafile -R copy-pull pull
-              pulling from https://localhost:$HGPORT/
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-              abort: error: * (glob)
-              [255]
-            #endif
             cacert mismatch
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
               > https://$LOCALIP:$HGPORT/
               pulling from https://*:$HGPORT/ (glob)
               warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: $LOCALIP certificate error: certificate is for localhost (glob)
               (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
               [255]
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
               > https://$LOCALIP:$HGPORT/ --insecure
               pulling from https://*:$HGPORT/ (glob)
               warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob)
               searching for changes
               no changes found
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
               > --insecure
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
               searching for changes
               no changes found
             Test server cert which isn't valid yet
               $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
               $ cat hg1.pid >> $DAEMON_PIDS
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \
               > https://localhost:$HGPORT1/
               pulling from https://localhost:$HGPORT1/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
             Test server cert which no longer is valid
               $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
               $ cat hg2.pid >> $DAEMON_PIDS
               $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \
               > https://localhost:$HGPORT2/
               pulling from https://localhost:$HGPORT2/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
             Disabling the TLS 1.0 warning works
               $ hg -R copy-pull id https://localhost:$HGPORT/ \
               > --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 \
               > --config hostsecurity.disabletls10warning=true
 fed3813f7f5
-            Error message for setting ciphers is different depending on SSLContext support
-            #if no-sslcontext
-              $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-              abort: *No cipher can be selected. (glob)
-              [255]
-              $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-fed3813f7f5
-            #endif
-            #if sslcontext
             Setting ciphers to an invalid value aborts
               $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: could not set ciphers: No cipher can be selected.
               (change cipher string (invalid) in config)
               [255]
               $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: could not set ciphers: No cipher can be selected.
               (change cipher string (invalid) in config)
               [255]
             Changing the cipher string works
               $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
-            #endif
             Fingerprints
             - works without cacerts (hostfingerprints)
               $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
 fed3813f7f5
             - works without cacerts (hostsecurity)
               $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
               $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
             - multiple fingerprints specified and first matches
               $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
 fed3813f7f5
               $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
             - multiple fingerprints specified and last matches
               $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
 fed3813f7f5
               $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
             - multiple fingerprints specified and none match
               $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
               (check hostfingerprint configuration)
               [255]
               $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
               (check hostsecurity configuration)
               [255]
             - fails when cert doesn't match hostname (port is ignored)
               $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84
               (check hostfingerprint configuration)
               [255]
             - ignores that certificate doesn't match hostname
               $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
               warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
 fed3813f7f5
             Ports used by next test. Kill servers.
               $ killdaemons.py hg0.pid
               $ killdaemons.py hg1.pid
               $ killdaemons.py hg2.pid
-            #if sslcontext tls1.2
+            #if tls1.2
             Start servers running supported TLS versions
               $ cd test
               $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
               > --config devel.serverexactprotocol=tls1.0
               $ cat ../hg0.pid >> $DAEMON_PIDS
               $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
               > --config devel.serverexactprotocol=tls1.1
               $ cat ../hg1.pid >> $DAEMON_PIDS
               $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
               > --config devel.serverexactprotocol=tls1.2
               $ cat ../hg2.pid >> $DAEMON_PIDS
               $ cd ..
             Clients talking same TLS versions work
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/
 fed3813f7f5
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/
 fed3813f7f5
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
 fed3813f7f5
             Clients requiring newer TLS version than what server supports fail
               $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
               (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: .*(unsupported protocol|wrong ssl version).* (re)
               [255]
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/
               (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: .*(unsupported protocol|wrong ssl version).* (re)
               [255]
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/
               (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: .*(unsupported protocol|wrong ssl version).* (re)
               [255]
               $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/
               (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: .*(unsupported protocol|wrong ssl version).* (re)
               [255]
             --insecure will allow TLS 1.0 connections and override configs
               $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
 fed3813f7f5
             The per-host config option overrides the default
               $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
               > --config hostsecurity.minimumprotocol=tls1.2 \
               > --config hostsecurity.localhost:minimumprotocol=tls1.0
 fed3813f7f5
             The per-host config option by itself works
               $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
               > --config hostsecurity.localhost:minimumprotocol=tls1.2
               (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: .*(unsupported protocol|wrong ssl version).* (re)
               [255]
             .hg/hgrc file [hostsecurity] settings are applied to remote ui instances (issue5305)
               $ cat >> copy-pull/.hg/hgrc << EOF
               > [hostsecurity]
               > localhost:minimumprotocol=tls1.2
               > EOF
               $ P="$CERTSDIR" hg -R copy-pull id https://localhost:$HGPORT/
               (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
               (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
               (see https://mercurial-scm.org/wiki/SecureConnections for more info)
               abort: error: .*(unsupported protocol|wrong ssl version).* (re)
               [255]
               $ killdaemons.py hg0.pid
               $ killdaemons.py hg1.pid
               $ killdaemons.py hg2.pid
             #endif
             Prepare for connecting through proxy
               $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV
               $ cat hg0.pid >> $DAEMON_PIDS
               $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
               $ cat hg2.pid >> $DAEMON_PIDS
             tinyproxy.py doesn't fully detach, so killing it may result in extra output
             from the shell. So don't kill it.
               $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
               $ while [ ! -f proxy.pid ]; do sleep 0; done
               $ cat proxy.pid >> $DAEMON_PIDS
               $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
               $ echo "always=True" >> copy-pull/.hg/hgrc
               $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
               $ echo "localhost =" >> copy-pull/.hg/hgrc
             Test unvalidated https through proxy
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
               searching for changes
               no changes found
             Test https with cacert and fingerprint through proxy
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
               > --config web.cacerts="$CERTSDIR/pub.pem"
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               searching for changes
               no changes found
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace
               pulling from https://*:$HGPORT/ (glob)
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
               searching for changes
               no changes found
             Test https with cert problems through proxy
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
               > --config web.cacerts="$CERTSDIR/pub-other.pem"
               pulling from https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
               $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
               > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
               pulling from https://localhost:$HGPORT2/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               abort: error: *certificate verify failed* (glob)
               [255]
               $ killdaemons.py hg0.pid
-            #if sslcontext
               $ cd test
             Missing certificate file(s) are detected
               $ hg serve -p $HGPORT --certificate=/missing/certificate \
               > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
               abort: referenced certificate file (*/missing/certificate) does not exist (glob)
               [255]
               $ hg serve -p $HGPORT --certificate=$PRIV \
               > --config devel.servercafile=/missing/cafile --config devel.serverrequirecert=true
               abort: referenced certificate file (*/missing/cafile) does not exist (glob)
               [255]
             Start hgweb that requires client certificates:
               $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
               > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
               $ cat ../hg0.pid >> $DAEMON_PIDS
               $ cd ..
             without client certificate:
               $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error: .*(\$ECONNRESET\$|certificate required|handshake failure).* (re)
               [255]
             with client certificate:
               $ cat << EOT >> $HGRCPATH
               > [auth]
               > l.prefix = localhost
               > l.cert = $CERTSDIR/client-cert.pem
               > l.key = $CERTSDIR/client-key.pem
               > EOT
               $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
               > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem"
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
 fed3813f7f5
               $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
               > --config ui.interactive=True --config ui.nontty=True
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               passphrase for */client-key.pem: 5fed3813f7f5 (glob)
               $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               abort: error: * (glob)
               [255]
             Missing certficate and key files result in error
               $ hg id https://localhost:$HGPORT/ --config auth.l.cert=/missing/cert
               abort: certificate file (*/missing/cert) does not exist; cannot connect to localhost (glob)
               (restore missing file or fix references in Mercurial config)
               [255]
               $ hg id https://localhost:$HGPORT/ --config auth.l.key=/missing/key
               abort: certificate file (*/missing/key) does not exist; cannot connect to localhost (glob)
               (restore missing file or fix references in Mercurial config)
               [255]
-            #endif

tests/test-patchbomb-tls.t

0 +1 -12

             #require serve ssl
             Set up SMTP server:
               $ CERTSDIR="$TESTDIR/sslcerts"
               $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
               $ "$PYTHON" "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \
               > --tls smtps --certificate `pwd`/server.pem
               listening at localhost:$HGPORT (?)
               $ cat a.pid >> $DAEMON_PIDS
             Set up repository:
               $ hg init t
               $ cd t
               $ cat <<EOF >> .hg/hgrc
               > [extensions]
               > patchbomb =
               > [email]
               > method = smtp
               > [smtp]
               > host = localhost
               > port = $HGPORT
               > tls = smtps
               > EOF
               $ echo a > a
               $ hg commit -Ama -d '1 0'
               adding a
             Utility functions:
               $ DISABLECACERTS=
               $ try () {
               >   hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"
               > }
             Our test cert is not signed by a trusted CA. It should fail to verify if
             we are able to load CA certs:
-            #if sslcontext no-defaultcacertsloaded
+            #if no-defaultcacertsloaded
               $ try
               this patch series consists of 1 patches.
               (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
               (?i)abort: .*?certificate.verify.failed.* (re)
               [255]
             #endif
-            #if no-sslcontext
-              $ try
-              this patch series consists of 1 patches.
-              warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-              (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
-              (?i)abort: .*?certificate.verify.failed.* (re)
-              [255]
-            #endif
             #if defaultcacertsloaded
               $ try
               this patch series consists of 1 patches.
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               (?i)abort: .*?certificate.verify.failed.* (re)
               [255]
             #endif
               $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
             Without certificates:
               $ try --debug
               this patch series consists of 1 patches.
               (using smtps)
               sending mail: smtp host localhost, port * (glob)
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (verifying remote certificate)
               abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
               (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
               [255]
             With global certificates:
               $ try --debug --config web.cacerts="$CERTSDIR/pub.pem"
               this patch series consists of 1 patches.
               (using smtps)
               sending mail: smtp host localhost, port * (glob)
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (verifying remote certificate)
               sending [PATCH] a ...
             With invalid certificates:
               $ try --config web.cacerts="$CERTSDIR/pub-other.pem"
               this patch series consists of 1 patches.
               warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
               (?i)abort: .*?certificate.verify.failed.* (re)
               [255]
               $ cd ..

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages