Show More
@@ -815,6 +815,16 b' def validatesocket(sock):' | |||||
815 | if peerfingerprints[hash].lower() == fingerprint: |
|
815 | if peerfingerprints[hash].lower() == fingerprint: | |
816 | ui.debug('%s certificate matched fingerprint %s:%s\n' % |
|
816 | ui.debug('%s certificate matched fingerprint %s:%s\n' % | |
817 | (host, hash, fmtfingerprint(fingerprint))) |
|
817 | (host, hash, fmtfingerprint(fingerprint))) | |
|
818 | if settings['legacyfingerprint']: | |||
|
819 | ui.warn(_('(SHA-1 fingerprint for %s found in legacy ' | |||
|
820 | '[hostfingerprints] section; ' | |||
|
821 | 'if you trust this fingerprint, set the ' | |||
|
822 | 'following config value in [hostsecurity] and ' | |||
|
823 | 'remove the old one from [hostfingerprints] ' | |||
|
824 | 'to upgrade to a more secure SHA-256 ' | |||
|
825 | 'fingerprint: ' | |||
|
826 | '%s.fingerprints=%s)\n') % ( | |||
|
827 | host, host, nicefingerprint)) | |||
818 | return |
|
828 | return | |
819 |
|
829 | |||
820 | # Pinned fingerprint didn't match. This is a fatal error. |
|
830 | # Pinned fingerprint didn't match. This is a fatal error. |
@@ -382,6 +382,7 b' Fingerprints' | |||||
382 | - works without cacerts (hostfingerprints) |
|
382 | - works without cacerts (hostfingerprints) | |
383 | $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
|
383 | $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 | |
384 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
384 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
|
385 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, set the following config value in [hostsecurity] and remove the old one from [hostfingerprints] to upgrade to a more secure SHA-256 fingerprint: localhost.fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |||
385 | 5fed3813f7f5 |
|
386 | 5fed3813f7f5 | |
386 |
|
387 | |||
387 | - works without cacerts (hostsecurity) |
|
388 | - works without cacerts (hostsecurity) | |
@@ -396,6 +397,7 b' Fingerprints' | |||||
396 | - multiple fingerprints specified and first matches |
|
397 | - multiple fingerprints specified and first matches | |
397 | $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
398 | $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
398 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
399 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
|
400 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, set the following config value in [hostsecurity] and remove the old one from [hostfingerprints] to upgrade to a more secure SHA-256 fingerprint: localhost.fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |||
399 | 5fed3813f7f5 |
|
401 | 5fed3813f7f5 | |
400 |
|
402 | |||
401 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ |
|
403 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ | |
@@ -405,6 +407,7 b' Fingerprints' | |||||
405 | - multiple fingerprints specified and last matches |
|
407 | - multiple fingerprints specified and last matches | |
406 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure |
|
408 | $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure | |
407 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
409 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
|
410 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, set the following config value in [hostsecurity] and remove the old one from [hostfingerprints] to upgrade to a more secure SHA-256 fingerprint: localhost.fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |||
408 | 5fed3813f7f5 |
|
411 | 5fed3813f7f5 | |
409 |
|
412 | |||
410 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ |
|
413 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ | |
@@ -436,6 +439,7 b' Fingerprints' | |||||
436 | - ignores that certificate doesn't match hostname |
|
439 | - ignores that certificate doesn't match hostname | |
437 | $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 |
|
440 | $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 | |
438 | warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
441 | warning: connecting to $LOCALIP using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
|
442 | (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, set the following config value in [hostsecurity] and remove the old one from [hostfingerprints] to upgrade to a more secure SHA-256 fingerprint: $LOCALIP.fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |||
439 | 5fed3813f7f5 |
|
443 | 5fed3813f7f5 | |
440 |
|
444 | |||
441 | Ports used by next test. Kill servers. |
|
445 | Ports used by next test. Kill servers. | |
@@ -574,6 +578,7 b' Test https with cacert and fingerprint t' | |||||
574 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace |
|
578 | $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace | |
575 | pulling from https://*:$HGPORT/ (glob) |
|
579 | pulling from https://*:$HGPORT/ (glob) | |
576 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
580 | warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) | |
|
581 | (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, set the following config value in [hostsecurity] and remove the old one from [hostfingerprints] to upgrade to a more secure SHA-256 fingerprint: localhost.fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) | |||
577 | searching for changes |
|
582 | searching for changes | |
578 | no changes found |
|
583 | no changes found | |
579 |
|
584 |
General Comments 0
You need to be logged in to leave comments.
Login now