##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sslutil: make cert fingerprints messages more actionable...
Gregory Szorc -
r29292:bc5f5549 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -397,15 +397,15 b' def validatesocket(sock):'
397 hint=_('check %s configuration') % section)
397 hint=_('check %s configuration') % section)
398
398
399 if not sock._hgstate['caloaded']:
399 if not sock._hgstate['caloaded']:
400 ui.warn(_('warning: %s certificate with fingerprint %s '
400 ui.warn(_('warning: certificate for %s not verified '
401 'not verified (check %s or web.cacerts config '
401 '(set hostsecurity.%s:certfingerprints=%s or web.cacerts '
402 'setting)\n') %
402 'config settings)\n') % (host, host, nicefingerprint))
403 (host, nicefingerprint, section))
404 return
403 return
405
404
406 msg = _verifycert(peercert2, host)
405 msg = _verifycert(peercert2, host)
407 if msg:
406 if msg:
408 raise error.Abort(_('%s certificate error: %s') % (host, msg),
407 raise error.Abort(_('%s certificate error: %s') % (host, msg),
409 hint=_('configure %s %s or use '
408 hint=_('set hostsecurity.%s:certfingerprints=%s '
410 '--insecure to connect insecurely') %
409 'config setting or use --insecure to connect '
411 (section, nicefingerprint))
410 'insecurely') %
411 (host, nicefingerprint))
Show file before | Show file after | Hide comments
@@ -176,7 +176,7 b' we are able to load CA certs.'
176 clone via pull
176 clone via pull
177
177
178 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
178 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
179 warning: localhost certificate with fingerprint sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 not verified (check hostsecurity or web.cacerts config setting)
179 warning: certificate for localhost not verified (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or web.cacerts config settings)
180 requesting all changes
180 requesting all changes
181 adding changesets
181 adding changesets
182 adding manifests
182 adding manifests
@@ -203,7 +203,7 b' pull without cacert'
203 $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc
203 $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc
204 $ hg pull $DISABLECACERTS
204 $ hg pull $DISABLECACERTS
205 pulling from https://localhost:$HGPORT/
205 pulling from https://localhost:$HGPORT/
206 warning: localhost certificate with fingerprint sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 not verified (check hostsecurity or web.cacerts config setting)
206 warning: certificate for localhost not verified (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or web.cacerts config settings)
207 searching for changes
207 searching for changes
208 adding changesets
208 adding changesets
209 adding manifests
209 adding manifests
@@ -244,7 +244,7 b' cacert mismatch'
244 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/
244 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/
245 pulling from https://127.0.0.1:$HGPORT/
245 pulling from https://127.0.0.1:$HGPORT/
246 abort: 127.0.0.1 certificate error: certificate is for localhost
246 abort: 127.0.0.1 certificate error: certificate is for localhost
247 (configure hostsecurity sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or use --insecure to connect insecurely)
247 (set hostsecurity.127.0.0.1:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
248 [255]
248 [255]
249 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure
249 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure
250 pulling from https://127.0.0.1:$HGPORT/
250 pulling from https://127.0.0.1:$HGPORT/
General Comments 0
You need to be logged in to leave comments. Login now