Show More
@@ -13,6 +13,7 b' import operator' | |||||
13 | import os |
|
13 | import os | |
14 | import random |
|
14 | import random | |
15 | import socket |
|
15 | import socket | |
|
16 | import ssl | |||
16 | import string |
|
17 | import string | |
17 | import sys |
|
18 | import sys | |
18 | import tempfile |
|
19 | import tempfile | |
@@ -2057,6 +2058,66 b' def debugsetparents(ui, repo, rev1, rev2' | |||||
2057 | with repo.wlock(): |
|
2058 | with repo.wlock(): | |
2058 | repo.setparents(r1, r2) |
|
2059 | repo.setparents(r1, r2) | |
2059 |
|
2060 | |||
|
2061 | @command('debugssl', [], '[SOURCE]', optionalrepo=True) | |||
|
2062 | def debugssl(ui, repo, source=None, **opts): | |||
|
2063 | '''test a secure connection to a server | |||
|
2064 | ||||
|
2065 | This builds the certificate chain for the server on Windows, installing the | |||
|
2066 | missing intermediates and trusted root via Windows Update if necessary. It | |||
|
2067 | does nothing on other platforms. | |||
|
2068 | ||||
|
2069 | If SOURCE is omitted, the 'default' path will be used. If a URL is given, | |||
|
2070 | that server is used. See :hg:`help urls` for more information. | |||
|
2071 | ||||
|
2072 | If the update succeeds, retry the original operation. Otherwise, the cause | |||
|
2073 | of the SSL error is likely another issue. | |||
|
2074 | ''' | |||
|
2075 | if pycompat.osname != 'nt': | |||
|
2076 | raise error.Abort(_('Certificate chain building is only possible on ' | |||
|
2077 | 'Windows')) | |||
|
2078 | ||||
|
2079 | if not source: | |||
|
2080 | source = "default" | |||
|
2081 | elif not repo: | |||
|
2082 | raise error.Abort(_("there is no Mercurial repository here, and no " | |||
|
2083 | "server specified")) | |||
|
2084 | ||||
|
2085 | source, branches = hg.parseurl(ui.expandpath(source)) | |||
|
2086 | url = util.url(source) | |||
|
2087 | addr = None | |||
|
2088 | ||||
|
2089 | if url.scheme == 'https': | |||
|
2090 | addr = (url.host, url.port or 443) | |||
|
2091 | elif url.scheme == 'ssh': | |||
|
2092 | addr = (url.host, url.port or 22) | |||
|
2093 | else: | |||
|
2094 | raise error.Abort(_("Only https and ssh connections are supported")) | |||
|
2095 | ||||
|
2096 | from . import win32 | |||
|
2097 | ||||
|
2098 | s = ssl.wrap_socket(socket.socket(), ssl_version=ssl.PROTOCOL_TLS, | |||
|
2099 | cert_reqs=ssl.CERT_NONE, ca_certs=None) | |||
|
2100 | ||||
|
2101 | try: | |||
|
2102 | s.connect(addr) | |||
|
2103 | cert = s.getpeercert(True) | |||
|
2104 | ||||
|
2105 | ui.status(_('Checking the certificate chain for %s.\n') % url.host) | |||
|
2106 | ||||
|
2107 | complete = win32.checkcertificatechain(cert, build=False) | |||
|
2108 | ||||
|
2109 | if not complete: | |||
|
2110 | ui.status(_('The certificate chain is incomplete. Updating... ')) | |||
|
2111 | ||||
|
2112 | if not win32.checkcertificatechain(cert): | |||
|
2113 | ui.status(_('Failed.\n')) | |||
|
2114 | else: | |||
|
2115 | ui.status(_('Done.\n')) | |||
|
2116 | else: | |||
|
2117 | ui.status(_('The full certificate chain is available.\n')) | |||
|
2118 | finally: | |||
|
2119 | s.close() | |||
|
2120 | ||||
2060 | @command('debugsub', |
|
2121 | @command('debugsub', | |
2061 | [('r', 'rev', '', |
|
2122 | [('r', 'rev', '', | |
2062 | _('revision to check'), _('REV'))], |
|
2123 | _('revision to check'), _('REV'))], |
@@ -108,6 +108,7 b' Show debug commands if there are no othe' | |||||
108 | debugrevlog |
|
108 | debugrevlog | |
109 | debugrevspec |
|
109 | debugrevspec | |
110 | debugsetparents |
|
110 | debugsetparents | |
|
111 | debugssl | |||
111 | debugsub |
|
112 | debugsub | |
112 | debugsuccessorssets |
|
113 | debugsuccessorssets | |
113 | debugtemplate |
|
114 | debugtemplate | |
@@ -283,6 +284,7 b' Show all commands + options' | |||||
283 | debugrevlog: changelog, manifest, dir, dump |
|
284 | debugrevlog: changelog, manifest, dir, dump | |
284 | debugrevspec: optimize, show-revs, show-set, show-stage, no-optimized, verify-optimized |
|
285 | debugrevspec: optimize, show-revs, show-set, show-stage, no-optimized, verify-optimized | |
285 | debugsetparents: |
|
286 | debugsetparents: | |
|
287 | debugssl: | |||
286 | debugsub: rev |
|
288 | debugsub: rev | |
287 | debugsuccessorssets: closest |
|
289 | debugsuccessorssets: closest | |
288 | debugtemplate: rev, define |
|
290 | debugtemplate: rev, define |
@@ -952,6 +952,7 b' Test list of internal help commands' | |||||
952 | debugrevspec parse and apply a revision specification |
|
952 | debugrevspec parse and apply a revision specification | |
953 | debugsetparents |
|
953 | debugsetparents | |
954 | manually set the parents of the current working directory |
|
954 | manually set the parents of the current working directory | |
|
955 | debugssl test a secure connection to a server | |||
955 | debugsub (no help text available) |
|
956 | debugsub (no help text available) | |
956 | debugsuccessorssets |
|
957 | debugsuccessorssets | |
957 | show set of successors for revision |
|
958 | show set of successors for revision |
General Comments 0
You need to be logged in to leave comments.
Login now