Show More
@@ -207,8 +207,9 def _hostsettings(ui, hostname): | |||||
207 | else: |
|
207 | else: | |
208 | # At this point we don't have a fingerprint, aren't being |
|
208 | # At this point we don't have a fingerprint, aren't being | |
209 | # explicitly insecure, and can't load CA certs. Connecting |
|
209 | # explicitly insecure, and can't load CA certs. Connecting | |
210 | # at this point is insecure. But we do it for BC reasons. |
|
210 | # is insecure. We allow the connection and abort during | |
211 | # TODO abort here to make secure by default. |
|
211 | # validation (once we have the fingerprint to print to the | |
|
212 | # user). | |||
212 | s['verifymode'] = ssl.CERT_NONE |
|
213 | s['verifymode'] = ssl.CERT_NONE | |
213 |
|
214 | |||
214 | assert s['verifymode'] is not None |
|
215 | assert s['verifymode'] is not None | |
@@ -413,11 +414,16 def validatesocket(sock): | |||||
413 | 'fingerprint %s') % (host, nice), |
|
414 | 'fingerprint %s') % (host, nice), | |
414 | hint=_('check %s configuration') % section) |
|
415 | hint=_('check %s configuration') % section) | |
415 |
|
416 | |||
|
417 | # Security is enabled but no CAs are loaded. We can't establish trust | |||
|
418 | # for the cert so abort. | |||
416 | if not sock._hgstate['caloaded']: |
|
419 | if not sock._hgstate['caloaded']: | |
417 | ui.warn(_('warning: certificate for %s not verified ' |
|
420 | raise error.Abort( | |
418 | '(set hostsecurity.%s:certfingerprints=%s or web.cacerts ' |
|
421 | _('unable to verify security of %s (no loaded CA certificates); ' | |
419 | 'config settings)\n') % (host, host, nicefingerprint)) |
|
422 | 'refusing to connect') % host, | |
420 | return |
|
423 | hint=_('see https://mercurial-scm.org/wiki/SecureConnections for ' | |
|
424 | 'how to configure Mercurial to avoid this error or set ' | |||
|
425 | 'hostsecurity.%s:fingerprints=%s to trust this server') % | |||
|
426 | (host, nicefingerprint)) | |||
421 |
|
427 | |||
422 | msg = _verifycert(peercert2, host) |
|
428 | msg = _verifycert(peercert2, host) | |
423 | if msg: |
|
429 | if msg: |
@@ -103,10 +103,15 Defining both per-host certificate and a | |||||
103 |
|
103 | |||
104 | $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true" |
|
104 | $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true" | |
105 |
|
105 | |||
106 | clone via pull |
|
106 | Inability to verify peer certificate will result in abort | |
107 |
|
107 | |||
108 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS |
|
108 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS | |
109 | warning: certificate for localhost not verified (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or web.cacerts config settings) |
|
109 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | |
|
110 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 to trust this server) | |||
|
111 | [255] | |||
|
112 | ||||
|
113 | $ hg clone --insecure https://localhost:$HGPORT/ copy-pull | |||
|
114 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |||
110 | requesting all changes |
|
115 | requesting all changes | |
111 | adding changesets |
|
116 | adding changesets | |
112 | adding manifests |
|
117 | adding manifests | |
@@ -133,7 +138,13 pull without cacert | |||||
133 | $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc |
|
138 | $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc | |
134 | $ hg pull $DISABLECACERTS |
|
139 | $ hg pull $DISABLECACERTS | |
135 | pulling from https://localhost:$HGPORT/ |
|
140 | pulling from https://localhost:$HGPORT/ | |
136 | warning: certificate for localhost not verified (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or web.cacerts config settings) |
|
141 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | |
|
142 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 to trust this server) | |||
|
143 | [255] | |||
|
144 | ||||
|
145 | $ hg pull --insecure | |||
|
146 | pulling from https://localhost:$HGPORT/ | |||
|
147 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |||
137 | searching for changes |
|
148 | searching for changes | |
138 | adding changesets |
|
149 | adding changesets | |
139 | adding manifests |
|
150 | adding manifests |
@@ -63,8 +63,9 Without certificates: | |||||
63 | (using smtps) |
|
63 | (using smtps) | |
64 | sending mail: smtp host localhost, port * (glob) |
|
64 | sending mail: smtp host localhost, port * (glob) | |
65 | (verifying remote certificate) |
|
65 | (verifying remote certificate) | |
66 | warning: certificate for localhost not verified (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or web.cacerts config settings) |
|
66 | abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect | |
67 | sending [PATCH] a ... |
|
67 | (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 to trust this server) | |
|
68 | [255] | |||
68 |
|
69 | |||
69 | With global certificates: |
|
70 | With global certificates: | |
70 |
|
71 |
General Comments 0
You need to be logged in to leave comments.
Login now