Show More
@@ -826,7 +826,7 b' def _dispatch(req):' | |||||
826 |
|
826 | |||
827 | if cmdoptions.get('insecure', False): |
|
827 | if cmdoptions.get('insecure', False): | |
828 | for ui_ in uis: |
|
828 | for ui_ in uis: | |
829 | ui_.setconfig('web', 'cacerts', '', '--insecure') |
|
829 | ui_.setconfig('web', 'cacerts', '!', '--insecure') | |
830 |
|
830 | |||
831 | if options['version']: |
|
831 | if options['version']: | |
832 | return commands.version_(ui) |
|
832 | return commands.version_(ui) |
@@ -672,7 +672,9 b' def remoteui(src, opts):' | |||||
672 | for key, val in src.configitems(sect): |
|
672 | for key, val in src.configitems(sect): | |
673 | dst.setconfig(sect, key, val, 'copied') |
|
673 | dst.setconfig(sect, key, val, 'copied') | |
674 | v = src.config('web', 'cacerts') |
|
674 | v = src.config('web', 'cacerts') | |
675 | if v: |
|
675 | if v == '!': | |
|
676 | dst.setconfig('web', 'cacerts', v, 'copied') | |||
|
677 | elif v: | |||
676 | dst.setconfig('web', 'cacerts', util.expandpath(v), 'copied') |
|
678 | dst.setconfig('web', 'cacerts', util.expandpath(v), 'copied') | |
677 |
|
679 | |||
678 | return dst |
|
680 | return dst |
@@ -134,7 +134,7 b' def _defaultcacerts():' | |||||
134 | dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') |
|
134 | dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') | |
135 | if os.path.exists(dummycert): |
|
135 | if os.path.exists(dummycert): | |
136 | return dummycert |
|
136 | return dummycert | |
137 |
return |
|
137 | return '!' | |
138 |
|
138 | |||
139 | def sslkwargs(ui, host): |
|
139 | def sslkwargs(ui, host): | |
140 | kws = {} |
|
140 | kws = {} | |
@@ -142,17 +142,18 b' def sslkwargs(ui, host):' | |||||
142 | if hostfingerprint: |
|
142 | if hostfingerprint: | |
143 | return kws |
|
143 | return kws | |
144 | cacerts = ui.config('web', 'cacerts') |
|
144 | cacerts = ui.config('web', 'cacerts') | |
145 | if cacerts: |
|
145 | if cacerts == '!': | |
|
146 | pass | |||
|
147 | elif cacerts: | |||
146 | cacerts = util.expandpath(cacerts) |
|
148 | cacerts = util.expandpath(cacerts) | |
147 | if not os.path.exists(cacerts): |
|
149 | if not os.path.exists(cacerts): | |
148 | raise util.Abort(_('could not find web.cacerts: %s') % cacerts) |
|
150 | raise util.Abort(_('could not find web.cacerts: %s') % cacerts) | |
149 | elif cacerts is None: |
|
151 | else: | |
150 |
|
|
152 | cacerts = _defaultcacerts() | |
151 | if dummycert: |
|
153 | if cacerts and cacerts != '!': | |
152 |
ui.debug('using %s to enable OS X system CA\n' % |
|
154 | ui.debug('using %s to enable OS X system CA\n' % cacerts) | |
153 |
|
|
155 | ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') | |
154 | cacerts = dummycert |
|
156 | if cacerts != '!': | |
155 | if cacerts: |
|
|||
156 | kws.update({'ca_certs': cacerts, |
|
157 | kws.update({'ca_certs': cacerts, | |
157 | 'cert_reqs': CERT_REQUIRED, |
|
158 | 'cert_reqs': CERT_REQUIRED, | |
158 | }) |
|
159 | }) | |
@@ -201,7 +202,7 b' class validator(object):' | |||||
201 | hint=_('check hostfingerprint configuration')) |
|
202 | hint=_('check hostfingerprint configuration')) | |
202 | self.ui.debug('%s certificate matched fingerprint %s\n' % |
|
203 | self.ui.debug('%s certificate matched fingerprint %s\n' % | |
203 | (host, nicefingerprint)) |
|
204 | (host, nicefingerprint)) | |
204 | elif cacerts: |
|
205 | elif cacerts != '!': | |
205 | msg = _verifycert(peercert2, host) |
|
206 | msg = _verifycert(peercert2, host) | |
206 | if msg: |
|
207 | if msg: | |
207 | raise util.Abort(_('%s certificate error: %s') % (host, msg), |
|
208 | raise util.Abort(_('%s certificate error: %s') % (host, msg), |
@@ -323,7 +323,7 b' def has_ssl():' | |||||
323 | @check("defaultcacerts", "can verify SSL certs by system's CA certs store") |
|
323 | @check("defaultcacerts", "can verify SSL certs by system's CA certs store") | |
324 | def has_defaultcacerts(): |
|
324 | def has_defaultcacerts(): | |
325 | from mercurial import sslutil |
|
325 | from mercurial import sslutil | |
326 | return sslutil._defaultcacerts() |
|
326 | return sslutil._defaultcacerts() != '!' | |
327 |
|
327 | |||
328 | @check("windows", "Windows") |
|
328 | @check("windows", "Windows") | |
329 | def has_windows(): |
|
329 | def has_windows(): |
@@ -124,7 +124,7 b" Apple's OpenSSL. This trick do not work " | |||||
124 | abort: error: *certificate verify failed* (glob) |
|
124 | abort: error: *certificate verify failed* (glob) | |
125 | [255] |
|
125 | [255] | |
126 |
|
126 | |||
127 | $ DISABLEOSXDUMMYCERT="--config=web.cacerts=" |
|
127 | $ DISABLEOSXDUMMYCERT="--config=web.cacerts=!" | |
128 | #endif |
|
128 | #endif | |
129 |
|
129 | |||
130 | clone via pull |
|
130 | clone via pull | |
@@ -240,7 +240,7 b' Fingerprints' | |||||
240 | $ echo "127.0.0.1 = 914f1aff87249c09b6859b88b1906d30756491ca" >> copy-pull/.hg/hgrc |
|
240 | $ echo "127.0.0.1 = 914f1aff87249c09b6859b88b1906d30756491ca" >> copy-pull/.hg/hgrc | |
241 |
|
241 | |||
242 | - works without cacerts |
|
242 | - works without cacerts | |
243 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config web.cacerts= |
|
243 | $ hg -R copy-pull id https://localhost:$HGPORT/ --config web.cacerts=! | |
244 | 5fed3813f7f5 |
|
244 | 5fed3813f7f5 | |
245 |
|
245 | |||
246 | - fails when cert doesn't match hostname (port is ignored) |
|
246 | - fails when cert doesn't match hostname (port is ignored) |
General Comments 0
You need to be logged in to leave comments.
Login now