upstream/mercurial-mirror Commit - r12741:949dfdb3

test-https: test web.cacerts functionality

Mads Kiilerich -

r12741:949dfdb3 default

parent child

tests/test-https.t

0 +73 0

		@@ -42,6 +42,50 b' Can be dumped with:'
42	42	$ cat priv.pem pub.pem >> server.pem
43	43	$ PRIV=`pwd`/server.pem
44	44
	45	$ cat << EOT > pub-other.pem
	46	> -----BEGIN CERTIFICATE-----
	47	> MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
	48	> BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
	49	> MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0
	50	> MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
	51	> ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo
	52	> K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN
	53	> y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw
	54	> DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6
	55	> bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig=
	56	> -----END CERTIFICATE-----
	57	> EOT
	58
	59	pub.pem patched with other notBefore / notAfter:
	60
	61	$ cat << EOT > pub-not-yet.pem
	62	> -----BEGIN CERTIFICATE-----
	63	> MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
	64	> aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw
	65	> NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
	66	> c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
	67	> EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
	68	> +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
	69	> BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb
	70	> /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0=
	71	> -----END CERTIFICATE-----
	72	> EOT
	73	$ cat priv.pem pub-not-yet.pem > server-not-yet.pem
	74
	75	$ cat << EOT > pub-expired.pem
	76	> -----BEGIN CERTIFICATE-----
	77	> MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
	78	> aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx
	79	> NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
	80	> c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
	81	> EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
	82	> +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
	83	> BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt
	84	> 2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ=
	85	> -----END CERTIFICATE-----
	86	> EOT
	87	$ cat priv.pem pub-expired.pem > server-expired.pem
	88
45	89	$ hg init test
46	90	$ cd test
47	91	$ echo foo>foo
		@@ -101,3 +145,32 b' pull'
101	145	added 1 changesets with 1 changes to 1 files
102	146	(run 'hg update' to get a working copy)
103	147	$ cd ..
	148
	149	cacert
	150
	151	$ hg -R copy-pull pull --config web.cacerts=pub.pem
	152	pulling from https://localhost:$HGPORT/
	153	searching for changes
	154	no changes found
	155	$ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/
	156	abort: 127.0.0.1 certificate error: certificate is for localhost
	157	[255]
	158	$ hg -R copy-pull pull --config web.cacerts=pub-other.pem
	159	abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob)
	160	[255]
	161
	162	Test server cert which isn't valid yet
	163
	164	$ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
	165	$ cat hg1.pid >> $DAEMON_PIDS
	166	$ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/
	167	abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob)
	168	[255]
	169
	170	Test server cert which no longer is valid
	171
	172	$ hg -R test serve -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
	173	$ cat hg2.pid >> $DAEMON_PIDS
	174	$ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
	175	abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob)
	176	[255]

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages