##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

ssl: set explicit symbol "!" to web.cacerts to disable SSL verification (BC)...
Yuya Nishihara -
r24290:b76d8c64 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -826,7 +826,7 def _dispatch(req):
826 826
827 827 if cmdoptions.get('insecure', False):
828 828 for ui_ in uis:
829 ui_.setconfig('web', 'cacerts', '', '--insecure')
829 ui_.setconfig('web', 'cacerts', '!', '--insecure')
830 830
831 831 if options['version']:
832 832 return commands.version_(ui)
Show file before | Show file after | Hide comments
@@ -672,7 +672,9 def remoteui(src, opts):
672 672 for key, val in src.configitems(sect):
673 673 dst.setconfig(sect, key, val, 'copied')
674 674 v = src.config('web', 'cacerts')
675 if v:
675 if v == '!':
676 dst.setconfig('web', 'cacerts', v, 'copied')
677 elif v:
676 678 dst.setconfig('web', 'cacerts', util.expandpath(v), 'copied')
677 679
678 680 return dst
Show file before | Show file after | Hide comments
@@ -134,7 +134,7 def _defaultcacerts():
134 134 dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
135 135 if os.path.exists(dummycert):
136 136 return dummycert
137 return None
137 return '!'
138 138
139 139 def sslkwargs(ui, host):
140 140 kws = {}
@@ -142,17 +142,18 def sslkwargs(ui, host):
142 142 if hostfingerprint:
143 143 return kws
144 144 cacerts = ui.config('web', 'cacerts')
145 if cacerts:
145 if cacerts == '!':
146 pass
147 elif cacerts:
146 148 cacerts = util.expandpath(cacerts)
147 149 if not os.path.exists(cacerts):
148 150 raise util.Abort(_('could not find web.cacerts: %s') % cacerts)
149 elif cacerts is None:
150 dummycert = _defaultcacerts()
151 if dummycert:
152 ui.debug('using %s to enable OS X system CA\n' % dummycert)
153 ui.setconfig('web', 'cacerts', dummycert, 'dummy')
154 cacerts = dummycert
155 if cacerts:
151 else:
152 cacerts = _defaultcacerts()
153 if cacerts and cacerts != '!':
154 ui.debug('using %s to enable OS X system CA\n' % cacerts)
155 ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
156 if cacerts != '!':
156 157 kws.update({'ca_certs': cacerts,
157 158 'cert_reqs': CERT_REQUIRED,
158 159 })
@@ -201,7 +202,7 class validator(object):
201 202 hint=_('check hostfingerprint configuration'))
202 203 self.ui.debug('%s certificate matched fingerprint %s\n' %
203 204 (host, nicefingerprint))
204 elif cacerts:
205 elif cacerts != '!':
205 206 msg = _verifycert(peercert2, host)
206 207 if msg:
207 208 raise util.Abort(_('%s certificate error: %s') % (host, msg),
Show file before | Show file after | Hide comments
@@ -323,7 +323,7 def has_ssl():
323 323 @check("defaultcacerts", "can verify SSL certs by system's CA certs store")
324 324 def has_defaultcacerts():
325 325 from mercurial import sslutil
326 return sslutil._defaultcacerts()
326 return sslutil._defaultcacerts() != '!'
327 327
328 328 @check("windows", "Windows")
329 329 def has_windows():
Show file before | Show file after | Hide comments
@@ -124,7 +124,7 Apple's OpenSSL. This trick do not work
124 124 abort: error: *certificate verify failed* (glob)
125 125 [255]
126 126
127 $ DISABLEOSXDUMMYCERT="--config=web.cacerts="
127 $ DISABLEOSXDUMMYCERT="--config=web.cacerts=!"
128 128 #endif
129 129
130 130 clone via pull
@@ -240,7 +240,7 Fingerprints
240 240 $ echo "127.0.0.1 = 914f1aff87249c09b6859b88b1906d30756491ca" >> copy-pull/.hg/hgrc
241 241
242 242 - works without cacerts
243 $ hg -R copy-pull id https://localhost:$HGPORT/ --config web.cacerts=
243 $ hg -R copy-pull id https://localhost:$HGPORT/ --config web.cacerts=!
244 244 5fed3813f7f5
245 245
246 246 - fails when cert doesn't match hostname (port is ignored)
General Comments 0
You need to be logged in to leave comments. Login now