upstream/mercurial-mirror Files · tests/sslcerts

tests: fix `filtertraceback.py` to handle contiguous "File" lines...

tests: fix `filtertraceback.py` to handle contiguous "File" lines It looks like it assumed each `" File"` line would be followed by the code at the referenced line, but that's not true of a few things in `test-hook.t`. That and the fact that there are an odd number of them in that test caused the `self.loader.exec_module(module)` line below to leak through in non-chg tests, when the filter is applied in `test-hook.t`: Traceback (most recent call last): File "C:\Users\Matt\hg\mercurial\hook.py", line 62, in pythonhook obj = __import__(pycompat.sysstr(modname)) File "<frozen importlib._bootstrap>", line 1007, in _find_and_load File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 680, in _load_unlocked File "C:\Users\Matt\hg\hgdemandimport\demandimportpy3.py", line 52, in exec_module self.loader.exec_module(module) File "$TESTTMP\b\syntaxerror.py", line 1 (foo

Matt Harbison -


            r53325:8431296a

default

Name	Size	Modified	Last Commit	Author
/ tests / sslcerts
README	Loading ...
client-cert.pem	Loading ...
client-key-decrypted.pem	Loading ...
client-key.pem	Loading ...
priv.pem	Loading ...
pub-expired.pem	Loading ...
pub-not-yet.pem	Loading ...
pub-other.pem	Loading ...
pub.pem	Loading ...

tests/sslcerts/README

            
Generate a private key (priv.pem):

  $ openssl genrsa -out priv.pem 2048

Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):

  $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
    -out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
  $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
    -out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

Now generate an expired certificate by turning back the system time:

  $ faketime 2016-01-01T00:00:00Z \
    openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
    -out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

Generate a certificate not yet active by advancing the system time:

  $ faketime 2030-01-1T00:00:00Z \
    openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
    -out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

Generate a passphrase protected client certificate private key:

  $ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048

Create a copy of the private key without a passphrase:

  $ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem

Create a CSR and sign the key using the server keypair:

  $ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \
    openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
  $ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
    -set_serial 01 -out client-cert.pem

When replacing the certificates, references to certificate fingerprints will
need to be updated in test files.

Fingerprints for certs can be obtained by running:

  $ openssl x509 -in pub.pem -noout -sha1 -fingerprint
  $ openssl x509 -in pub.pem -noout -sha256 -fingerprint
          

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages