Show More
| @@ -8,7 +8,7 b' Certificates created with:' | |||||
| 8 | Can be dumped with: |
|
8 | Can be dumped with: | |
| 9 | openssl x509 -in pub.pem -text |
|
9 | openssl x509 -in pub.pem -text | |
| 10 |
|
10 | |||
| 11 |
$ cat << EOT > priv.pem |
|
11 | $ cat << EOT > priv.pem | |
| 12 | > -----BEGIN PRIVATE KEY----- |
|
12 | > -----BEGIN PRIVATE KEY----- | |
| 13 | > MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH |
|
13 | > MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH | |
| 14 | > aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8 |
|
14 | > aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8 | |
| @@ -21,7 +21,7 b' Can be dumped with:' | |||||
| 21 | > -----END PRIVATE KEY----- |
|
21 | > -----END PRIVATE KEY----- | |
| 22 | > EOT |
|
22 | > EOT | |
| 23 |
|
23 | |||
| 24 |
$ cat << EOT > pub.pem |
|
24 | $ cat << EOT > pub.pem | |
| 25 | > -----BEGIN CERTIFICATE----- |
|
25 | > -----BEGIN CERTIFICATE----- | |
| 26 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV |
|
26 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV | |
| 27 | > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw |
|
27 | > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw | |
| @@ -37,7 +37,7 b' Can be dumped with:' | |||||
| 37 | $ cat priv.pem pub.pem >> server.pem |
|
37 | $ cat priv.pem pub.pem >> server.pem | |
| 38 | $ PRIV=`pwd`/server.pem |
|
38 | $ PRIV=`pwd`/server.pem | |
| 39 |
|
39 | |||
| 40 |
$ cat << EOT > pub-other.pem |
|
40 | $ cat << EOT > pub-other.pem | |
| 41 | > -----BEGIN CERTIFICATE----- |
|
41 | > -----BEGIN CERTIFICATE----- | |
| 42 | > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV |
|
42 | > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV | |
| 43 | > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw |
|
43 | > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw | |
| @@ -53,7 +53,7 b' Can be dumped with:' | |||||
| 53 |
|
53 | |||
| 54 | pub.pem patched with other notBefore / notAfter: |
|
54 | pub.pem patched with other notBefore / notAfter: | |
| 55 |
|
55 | |||
| 56 |
$ cat << EOT > pub-not-yet.pem |
|
56 | $ cat << EOT > pub-not-yet.pem | |
| 57 | > -----BEGIN CERTIFICATE----- |
|
57 | > -----BEGIN CERTIFICATE----- | |
| 58 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs |
|
58 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs | |
| 59 | > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw |
|
59 | > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw | |
| @@ -67,7 +67,7 b' pub.pem patched with other notBefore / n' | |||||
| 67 | > EOT |
|
67 | > EOT | |
| 68 | $ cat priv.pem pub-not-yet.pem > server-not-yet.pem |
|
68 | $ cat priv.pem pub-not-yet.pem > server-not-yet.pem | |
| 69 |
|
69 | |||
| 70 |
$ cat << EOT > pub-expired.pem |
|
70 | $ cat << EOT > pub-expired.pem | |
| 71 | > -----BEGIN CERTIFICATE----- |
|
71 | > -----BEGIN CERTIFICATE----- | |
| 72 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs |
|
72 | > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs | |
| 73 | > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx |
|
73 | > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx | |
| @@ -198,7 +198,7 b' cacert mismatch' | |||||
| 198 |
|
198 | |||
| 199 | Test server cert which isn't valid yet |
|
199 | Test server cert which isn't valid yet | |
| 200 |
|
200 | |||
| 201 |
$ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem |
|
201 | $ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem | |
| 202 | $ cat hg1.pid >> $DAEMON_PIDS |
|
202 | $ cat hg1.pid >> $DAEMON_PIDS | |
| 203 | $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/ |
|
203 | $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/ | |
| 204 | abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
|
204 | abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) | |
| @@ -206,7 +206,7 b" Test server cert which isn't valid yet" | |||||
| 206 |
|
206 | |||
| 207 | Test server cert which no longer is valid |
|
207 | Test server cert which no longer is valid | |
| 208 |
|
208 | |||
| 209 |
$ hg -R test serve -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem |
|
209 | $ hg -R test serve -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem | |
| 210 | $ cat hg2.pid >> $DAEMON_PIDS |
|
210 | $ cat hg2.pid >> $DAEMON_PIDS | |
| 211 | $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ |
|
211 | $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ | |
| 212 | abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
|
212 | abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) | |
General Comments 0
You need to be logged in to leave comments.
Login now