##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

debug: add a method to check the state of, and built an SSL cert chain...
Matt Harbison -
r33493:9a9f9521 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -13,6 +13,7 b' import operator'
13 13 import os
14 14 import random
15 15 import socket
16 import ssl
16 17 import string
17 18 import sys
18 19 import tempfile
@@ -2057,6 +2058,66 b' def debugsetparents(ui, repo, rev1, rev2'
2057 2058 with repo.wlock():
2058 2059 repo.setparents(r1, r2)
2059 2060
2061 @command('debugssl', [], '[SOURCE]', optionalrepo=True)
2062 def debugssl(ui, repo, source=None, **opts):
2063 '''test a secure connection to a server
2064
2065 This builds the certificate chain for the server on Windows, installing the
2066 missing intermediates and trusted root via Windows Update if necessary. It
2067 does nothing on other platforms.
2068
2069 If SOURCE is omitted, the 'default' path will be used. If a URL is given,
2070 that server is used. See :hg:`help urls` for more information.
2071
2072 If the update succeeds, retry the original operation. Otherwise, the cause
2073 of the SSL error is likely another issue.
2074 '''
2075 if pycompat.osname != 'nt':
2076 raise error.Abort(_('Certificate chain building is only possible on '
2077 'Windows'))
2078
2079 if not source:
2080 source = "default"
2081 elif not repo:
2082 raise error.Abort(_("there is no Mercurial repository here, and no "
2083 "server specified"))
2084
2085 source, branches = hg.parseurl(ui.expandpath(source))
2086 url = util.url(source)
2087 addr = None
2088
2089 if url.scheme == 'https':
2090 addr = (url.host, url.port or 443)
2091 elif url.scheme == 'ssh':
2092 addr = (url.host, url.port or 22)
2093 else:
2094 raise error.Abort(_("Only https and ssh connections are supported"))
2095
2096 from . import win32
2097
2098 s = ssl.wrap_socket(socket.socket(), ssl_version=ssl.PROTOCOL_TLS,
2099 cert_reqs=ssl.CERT_NONE, ca_certs=None)
2100
2101 try:
2102 s.connect(addr)
2103 cert = s.getpeercert(True)
2104
2105 ui.status(_('Checking the certificate chain for %s.\n') % url.host)
2106
2107 complete = win32.checkcertificatechain(cert, build=False)
2108
2109 if not complete:
2110 ui.status(_('The certificate chain is incomplete. Updating... '))
2111
2112 if not win32.checkcertificatechain(cert):
2113 ui.status(_('Failed.\n'))
2114 else:
2115 ui.status(_('Done.\n'))
2116 else:
2117 ui.status(_('The full certificate chain is available.\n'))
2118 finally:
2119 s.close()
2120
2060 2121 @command('debugsub',
2061 2122 [('r', 'rev', '',
2062 2123 _('revision to check'), _('REV'))],
Show file before | Show file after | Hide comments
@@ -108,6 +108,7 b' Show debug commands if there are no othe'
108 108 debugrevlog
109 109 debugrevspec
110 110 debugsetparents
111 debugssl
111 112 debugsub
112 113 debugsuccessorssets
113 114 debugtemplate
@@ -283,6 +284,7 b' Show all commands + options'
283 284 debugrevlog: changelog, manifest, dir, dump
284 285 debugrevspec: optimize, show-revs, show-set, show-stage, no-optimized, verify-optimized
285 286 debugsetparents:
287 debugssl:
286 288 debugsub: rev
287 289 debugsuccessorssets: closest
288 290 debugtemplate: rev, define
Show file before | Show file after | Hide comments
@@ -952,6 +952,7 b' Test list of internal help commands'
952 952 debugrevspec parse and apply a revision specification
953 953 debugsetparents
954 954 manually set the parents of the current working directory
955 debugssl test a secure connection to a server
955 956 debugsub (no help text available)
956 957 debugsuccessorssets
957 958 show set of successors for revision
General Comments 0
You need to be logged in to leave comments. Login now