##// END OF EJS Templates
sslutil: abort when unable to verify peer connection (BC)...
Gregory Szorc -
r29411:e1778b9c default
parent child Browse files
Show More
@@ -207,8 +207,9 def _hostsettings(ui, hostname):
207 else:
207 else:
208 # At this point we don't have a fingerprint, aren't being
208 # At this point we don't have a fingerprint, aren't being
209 # explicitly insecure, and can't load CA certs. Connecting
209 # explicitly insecure, and can't load CA certs. Connecting
210 # at this point is insecure. But we do it for BC reasons.
210 # is insecure. We allow the connection and abort during
211 # TODO abort here to make secure by default.
211 # validation (once we have the fingerprint to print to the
212 # user).
212 s['verifymode'] = ssl.CERT_NONE
213 s['verifymode'] = ssl.CERT_NONE
213
214
214 assert s['verifymode'] is not None
215 assert s['verifymode'] is not None
@@ -413,11 +414,16 def validatesocket(sock):
413 'fingerprint %s') % (host, nice),
414 'fingerprint %s') % (host, nice),
414 hint=_('check %s configuration') % section)
415 hint=_('check %s configuration') % section)
415
416
417 # Security is enabled but no CAs are loaded. We can't establish trust
418 # for the cert so abort.
416 if not sock._hgstate['caloaded']:
419 if not sock._hgstate['caloaded']:
417 ui.warn(_('warning: certificate for %s not verified '
420 raise error.Abort(
418 '(set hostsecurity.%s:certfingerprints=%s or web.cacerts '
421 _('unable to verify security of %s (no loaded CA certificates); '
419 'config settings)\n') % (host, host, nicefingerprint))
422 'refusing to connect') % host,
420 return
423 hint=_('see https://mercurial-scm.org/wiki/SecureConnections for '
424 'how to configure Mercurial to avoid this error or set '
425 'hostsecurity.%s:fingerprints=%s to trust this server') %
426 (host, nicefingerprint))
421
427
422 msg = _verifycert(peercert2, host)
428 msg = _verifycert(peercert2, host)
423 if msg:
429 if msg:
@@ -103,10 +103,15 Defining both per-host certificate and a
103
103
104 $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
104 $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
105
105
106 clone via pull
106 Inability to verify peer certificate will result in abort
107
107
108 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
108 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
109 warning: certificate for localhost not verified (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or web.cacerts config settings)
109 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
110 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 to trust this server)
111 [255]
112
113 $ hg clone --insecure https://localhost:$HGPORT/ copy-pull
114 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
110 requesting all changes
115 requesting all changes
111 adding changesets
116 adding changesets
112 adding manifests
117 adding manifests
@@ -133,7 +138,13 pull without cacert
133 $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc
138 $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc
134 $ hg pull $DISABLECACERTS
139 $ hg pull $DISABLECACERTS
135 pulling from https://localhost:$HGPORT/
140 pulling from https://localhost:$HGPORT/
136 warning: certificate for localhost not verified (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or web.cacerts config settings)
141 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
142 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 to trust this server)
143 [255]
144
145 $ hg pull --insecure
146 pulling from https://localhost:$HGPORT/
147 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
137 searching for changes
148 searching for changes
138 adding changesets
149 adding changesets
139 adding manifests
150 adding manifests
@@ -63,8 +63,9 Without certificates:
63 (using smtps)
63 (using smtps)
64 sending mail: smtp host localhost, port * (glob)
64 sending mail: smtp host localhost, port * (glob)
65 (verifying remote certificate)
65 (verifying remote certificate)
66 warning: certificate for localhost not verified (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or web.cacerts config settings)
66 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
67 sending [PATCH] a ...
67 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 to trust this server)
68 [255]
68
69
69 With global certificates:
70 With global certificates:
70
71
General Comments 0
You need to be logged in to leave comments. Login now