Show More
| @@ -0,0 +1,56 b'' | |||||
|
|
1 | A dummy certificate that will make OS X 10.6+ Python use the system CA | |||
|
|
2 | certificate store: | |||
|
|
3 | ||||
|
|
4 | -----BEGIN CERTIFICATE----- | |||
|
|
5 | MIIBIzCBzgIJANjmj39sb3FmMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNVBAMTDmhn | |||
|
|
6 | LmV4YW1wbGUuY29tMB4XDTE0MDgzMDA4NDU1OVoXDTE0MDgyOTA4NDU1OVowGTEX | |||
|
|
7 | MBUGA1UEAxMOaGcuZXhhbXBsZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA | |||
|
|
8 | mh/ZySGlcq0ALNLmA1gZqt61HruywPrRk6WyrLJRgt+X7OP9FFlEfl2tzHfzqvmK | |||
|
|
9 | CtSQoPINWOdAJMekBYFgKQIDAQABMA0GCSqGSIb3DQEBBQUAA0EAF9h49LkSqJ6a | |||
|
|
10 | IlpogZuUHtihXeKZBsiktVIDlDccYsNy0RSh9XxUfhk+XMLw8jBlYvcltSXdJ7We | |||
|
|
11 | aKdQRekuMQ== | |||
|
|
12 | -----END CERTIFICATE----- | |||
|
|
13 | ||||
|
|
14 | This certificate was generated to be syntactically valid but never be usable; | |||
|
|
15 | it expired before it became valid. | |||
|
|
16 | ||||
|
|
17 | Created as: | |||
|
|
18 | ||||
|
|
19 | $ cat > cn.conf << EOT | |||
|
|
20 | > [req] | |||
|
|
21 | > distinguished_name = req_distinguished_name | |||
|
|
22 | > [req_distinguished_name] | |||
|
|
23 | > commonName = Common Name | |||
|
|
24 | > commonName_default = no.example.com | |||
|
|
25 | > EOT | |||
|
|
26 | $ openssl req -nodes -new -x509 -keyout /dev/null \ | |||
|
|
27 | > -out dummycert.pem -days -1 -config cn.conf -subj '/CN=hg.example.com' | |||
|
|
28 | ||||
|
|
29 | To verify the content of this certificate: | |||
|
|
30 | ||||
|
|
31 | $ openssl x509 -in dummycert.pem -noout -text | |||
|
|
32 | Certificate: | |||
|
|
33 | Data: | |||
|
|
34 | Version: 1 (0x0) | |||
|
|
35 | Serial Number: 15629337334278746470 (0xd8e68f7f6c6f7166) | |||
|
|
36 | Signature Algorithm: sha1WithRSAEncryption | |||
|
|
37 | Issuer: CN=hg.example.com | |||
|
|
38 | Validity | |||
|
|
39 | Not Before: Aug 30 08:45:59 2014 GMT | |||
|
|
40 | Not After : Aug 29 08:45:59 2014 GMT | |||
|
|
41 | Subject: CN=hg.example.com | |||
|
|
42 | Subject Public Key Info: | |||
|
|
43 | Public Key Algorithm: rsaEncryption | |||
|
|
44 | Public-Key: (512 bit) | |||
|
|
45 | Modulus: | |||
|
|
46 | 00:9a:1f:d9:c9:21:a5:72:ad:00:2c:d2:e6:03:58: | |||
|
|
47 | 19:aa:de:b5:1e:bb:b2:c0:fa:d1:93:a5:b2:ac:b2: | |||
|
|
48 | 51:82:df:97:ec:e3:fd:14:59:44:7e:5d:ad:cc:77: | |||
|
|
49 | f3:aa:f9:8a:0a:d4:90:a0:f2:0d:58:e7:40:24:c7: | |||
|
|
50 | a4:05:81:60:29 | |||
|
|
51 | Exponent: 65537 (0x10001) | |||
|
|
52 | Signature Algorithm: sha1WithRSAEncryption | |||
|
|
53 | 17:d8:78:f4:b9:12:a8:9e:9a:22:5a:68:81:9b:94:1e:d8:a1: | |||
|
|
54 | 5d:e2:99:06:c8:a4:b5:52:03:94:37:1c:62:c3:72:d1:14:a1: | |||
|
|
55 | f5:7c:54:7e:19:3e:5c:c2:f0:f2:30:65:62:f7:25:b5:25:dd: | |||
|
|
56 | 27:b5:9e:68:a7:50:45:e9:2e:31 | |||
| @@ -6,7 +6,7 b'' | |||||
| 6 | # |
|
6 | # | |
| 7 | # This software may be used and distributed according to the terms of the |
|
7 | # This software may be used and distributed according to the terms of the | |
| 8 | # GNU General Public License version 2 or any later version. |
|
8 | # GNU General Public License version 2 or any later version. | |
| 9 | import os |
|
9 | import os, sys | |
| 10 |
|
10 | |||
| 11 | from mercurial import util |
|
11 | from mercurial import util | |
| 12 | from mercurial.i18n import _ |
|
12 | from mercurial.i18n import _ | |
| @@ -104,6 +104,13 b' def sslkwargs(ui, host):' | |||||
| 104 | cacerts = util.expandpath(cacerts) |
|
104 | cacerts = util.expandpath(cacerts) | |
| 105 | if not os.path.exists(cacerts): |
|
105 | if not os.path.exists(cacerts): | |
| 106 | raise util.Abort(_('could not find web.cacerts: %s') % cacerts) |
|
106 | raise util.Abort(_('could not find web.cacerts: %s') % cacerts) | |
|
|
107 | elif cacerts is None and sys.platform == 'darwin' and not util.mainfrozen(): | |||
|
|
108 | dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') | |||
|
|
109 | if os.path.exists(dummycert): | |||
|
|
110 | ui.debug('using %s to enable OS X system CA\n' % dummycert) | |||
|
|
111 | ui.setconfig('web', 'cacerts', dummycert, 'dummy') | |||
|
|
112 | cacerts = dummycert | |||
|
|
113 | if cacerts: | |||
| 107 | kws.update({'ca_certs': cacerts, |
|
114 | kws.update({'ca_certs': cacerts, | |
| 108 | 'cert_reqs': CERT_REQUIRED, |
|
115 | 'cert_reqs': CERT_REQUIRED, | |
| 109 | }) |
|
116 | }) | |
| @@ -481,7 +481,8 b' class HackedMingw32CCompiler(cygwinccomp' | |||||
| 481 | cygwinccompiler.Mingw32CCompiler = HackedMingw32CCompiler |
|
481 | cygwinccompiler.Mingw32CCompiler = HackedMingw32CCompiler | |
| 482 |
|
482 | |||
| 483 | packagedata = {'mercurial': ['locale/*/LC_MESSAGES/hg.mo', |
|
483 | packagedata = {'mercurial': ['locale/*/LC_MESSAGES/hg.mo', | |
| 484 |
'help/*.txt' |
|
484 | 'help/*.txt', | |
|
|
485 | 'dummycert.pem']} | |||
| 485 |
|
486 | |||
| 486 | def ordinarypath(p): |
|
487 | def ordinarypath(p): | |
| 487 | return p and p[0] != '.' and p[-1] != '~' |
|
488 | return p and p[0] != '.' and p[-1] != '~' | |
| @@ -332,6 +332,10 b' def has_msys():' | |||||
| 332 | def has_aix(): |
|
332 | def has_aix(): | |
| 333 | return sys.platform.startswith("aix") |
|
333 | return sys.platform.startswith("aix") | |
| 334 |
|
334 | |||
|
|
335 | @check("osx", "OS X") | |||
|
|
336 | def has_osx(): | |||
|
|
337 | return sys.platform == 'darwin' | |||
|
|
338 | ||||
| 335 | @check("absimport", "absolute_import in __future__") |
|
339 | @check("absimport", "absolute_import in __future__") | |
| 336 | def has_absimport(): |
|
340 | def has_absimport(): | |
| 337 | import __future__ |
|
341 | import __future__ | |
| @@ -115,9 +115,20 b' Test server address cannot be reused' | |||||
| 115 | #endif |
|
115 | #endif | |
| 116 | $ cd .. |
|
116 | $ cd .. | |
| 117 |
|
117 | |||
|
|
118 | OS X has a dummy CA cert that enables use of the system CA store | |||
|
|
119 | ||||
|
|
120 | $ DISABLEOSXDUMMYCERT= | |||
|
|
121 | #if osx | |||
|
|
122 | $ hg clone https://localhost:$HGPORT/ copy-pull | |||
|
|
123 | abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) | |||
|
|
124 | [255] | |||
|
|
125 | ||||
|
|
126 | $ DISABLEOSXDUMMYCERT="--config=web.cacerts=" | |||
|
|
127 | #endif | |||
|
|
128 | ||||
| 118 | clone via pull |
|
129 | clone via pull | |
| 119 |
|
130 | |||
| 120 | $ hg clone https://localhost:$HGPORT/ copy-pull |
|
131 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLEOSXDUMMYCERT | |
| 121 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
|
132 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
| 122 | requesting all changes |
|
133 | requesting all changes | |
| 123 | adding changesets |
|
134 | adding changesets | |
| @@ -143,7 +154,7 b' pull without cacert' | |||||
| 143 | $ cd copy-pull |
|
154 | $ cd copy-pull | |
| 144 | $ echo '[hooks]' >> .hg/hgrc |
|
155 | $ echo '[hooks]' >> .hg/hgrc | |
| 145 | $ echo "changegroup = python \"$TESTDIR/printenv.py\" changegroup" >> .hg/hgrc |
|
156 | $ echo "changegroup = python \"$TESTDIR/printenv.py\" changegroup" >> .hg/hgrc | |
| 146 | $ hg pull |
|
157 | $ hg pull $DISABLEOSXDUMMYCERT | |
| 147 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
|
158 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
| 148 | pulling from https://localhost:$HGPORT/ |
|
159 | pulling from https://localhost:$HGPORT/ | |
| 149 | searching for changes |
|
160 | searching for changes | |
General Comments 0
You need to be logged in to leave comments.
Login now