##// END OF EJS Templates
py3: handle keyword arguments correctly in hgext/patchbomb.py...
py3: handle keyword arguments correctly in hgext/patchbomb.py The keys of keyword arguments must be str on Python 3 which is unicode. This patch make sure we pass keyword arguments with keys are str everywhere in this file and access the keys depending on whether they are bytes or str. This patch uses pycompat.{byteskwargs|strkwargs} and somewhere it also added r'' to prevent transformer from adding a b'' over there. Differential Revision: https://phab.mercurial-scm.org/D974

File last commit:

r29579:43f3c0df default
r35035:71e63fe6 default
Show More
README
45 lines | 1.8 KiB | text/plain | TextLexer
Generate a private key (priv.pem):
$ openssl genrsa -out priv.pem 2048
Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):
$ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
-out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
$ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
-out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Now generate an expired certificate by turning back the system time:
$ faketime 2016-01-01T00:00:00Z \
openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
-out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Generate a certificate not yet active by advancing the system time:
$ faketime 2030-01-1T00:00:00Z \
openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
-out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Generate a passphrase protected client certificate private key:
$ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048
Create a copy of the private key without a passphrase:
$ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem
Create a CSR and sign the key using the server keypair:
$ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \
openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
$ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
-set_serial 01 -out client-cert.pem
When replacing the certificates, references to certificate fingerprints will
need to be updated in test files.
Fingerprints for certs can be obtained by running:
$ openssl x509 -in pub.pem -noout -sha1 -fingerprint
$ openssl x509 -in pub.pem -noout -sha256 -fingerprint