upstream/mercurial-mirror Files · tests/test-patchbomb-tls.t

show: use consistent (and possibly shorter) node lengths...

show: use consistent (and possibly shorter) node lengths `hg show` makes heavy use of shortest() to limit the length of the node hash. For the "stack" and "work" views, you are often looking at multiple lines of similar output for "lines" of work. It is visually appeasing for things to vertically align. A naive use of {shortest(node, N)} could result in variable length nodes and for the first character of the description to vary by a column or two. We implement a function to determine the longest shortest prefix for a set of revisions. The new function is used to determine the printed node length for all `hg show` views. .. feature:: show: use consistent node length in views Our previous shortest node length of 5 was arbitrarily chosen. shortest() already does the work of ensuring that a partial node isn't ambiguous with an integer revision, which is our primary risk of a collision for very short nodes. It should be safe to go with the shortest node possible. Existing code is also optimized to handle nodes as short as 4. So, we decrease the minimum hash length from 5 to 4. We also add a test demonstrating that prefix collisions increase the node length. .. feature:: show: decrease minimum displayed hash length from 5 to 4 Differential Revision: https://phab.mercurial-scm.org/D558

Matt Harbison - - Load All Authors

File last commit:

r33494:30f2715b default


                r34192:e6b5e732

default

Download file

             test-patchbomb-tls.t
        
                    126 lines
            
             | 4.4 KiB
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-patchbomb-tls.t
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      #require serve ssl

      Set up SMTP server:

        $ CERTSDIR="$TESTDIR/sslcerts"

        $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem

        $ $PYTHON "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \

        > --tls smtps --certificate `pwd`/server.pem

        listening at localhost:$HGPORT (?)

        $ cat a.pid >> $DAEMON_PIDS

      Set up repository:

        $ hg init t

        $ cd t

        $ cat <<EOF >> .hg/hgrc

        > [extensions]

        > patchbomb =

        > [email]

        > method = smtp

        > [smtp]

        > host = localhost

        > port = $HGPORT

        > tls = smtps

        > EOF

        $ echo a > a

        $ hg commit -Ama -d '1 0'

        adding a

      Utility functions:

        $ DISABLECACERTS=

        $ try () {

        >   hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"

        > }

      Our test cert is not signed by a trusted CA. It should fail to verify if

      we are able to load CA certs:

      #if sslcontext defaultcacerts no-defaultcacertsloaded

        $ try

        this patch series consists of 1 patches.

        (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)

        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

      #endif

      #if no-sslcontext defaultcacerts

        $ try

        this patch series consists of 1 patches.

        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info

        (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)

        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

      #endif

      #if defaultcacertsloaded

        $ try

        this patch series consists of 1 patches.

        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)

        (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)

        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

      #endif

      #if no-defaultcacerts

        $ try

        this patch series consists of 1 patches.

        (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)

        abort: localhost certificate error: no certificate received

        (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)

        [255]

      #endif

        $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"

      Without certificates:

        $ try --debug

        this patch series consists of 1 patches.

        (using smtps)

        sending mail: smtp host localhost, port * (glob)

        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        (verifying remote certificate)

        abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect

        (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)

        [255]

      With global certificates:

        $ try --debug --config web.cacerts="$CERTSDIR/pub.pem"

        this patch series consists of 1 patches.

        (using smtps)

        sending mail: smtp host localhost, port * (glob)

        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        (verifying remote certificate)

        sending [PATCH] a ...

      With invalid certificates:

        $ try --config web.cacerts="$CERTSDIR/pub-other.pem"

        this patch series consists of 1 patches.

        warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)

        (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)

        (?i)abort: .*?certificate.verify.failed.* (re)

        [255]

        $ cd ..

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				#require serve ssl

				Set up SMTP server:

				$ CERTSDIR="$TESTDIR/sslcerts"
				$ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem

				$ $PYTHON "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \
				> --tls smtps --certificate `pwd`/server.pem
				listening at localhost:$HGPORT (?)
				$ cat a.pid >> $DAEMON_PIDS

				Set up repository:

				$ hg init t
				$ cd t
				$ cat <<EOF >> .hg/hgrc
				> [extensions]
				> patchbomb =
				> [email]
				> method = smtp
				> [smtp]
				> host = localhost
				> port = $HGPORT
				> tls = smtps
				> EOF

				$ echo a > a
				$ hg commit -Ama -d '1 0'
				adding a

				Utility functions:

				$ DISABLECACERTS=
				$ try () {
				> hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"
				> }

				Our test cert is not signed by a trusted CA. It should fail to verify if
				we are able to load CA certs:

				#if sslcontext defaultcacerts no-defaultcacertsloaded
				$ try
				this patch series consists of 1 patches.


				(an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
				(?i)abort: .?certificate.verify.failed. (re)
				[255]
				#endif

				#if no-sslcontext defaultcacerts
				$ try
				this patch series consists of 1 patches.


				warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
				(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
				(?i)abort: .?certificate.verify.failed. (re)
				[255]
				#endif

				#if defaultcacertsloaded
				$ try
				this patch series consists of 1 patches.


				warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
				(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
				(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
				(?i)abort: .?certificate.verify.failed. (re)
				[255]

				#endif

				#if no-defaultcacerts
				$ try
				this patch series consists of 1 patches.


				(unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
				abort: localhost certificate error: no certificate received
				(set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
				[255]
				#endif

				$ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"

				Without certificates:

				$ try --debug
				this patch series consists of 1 patches.


				(using smtps)
				sending mail: smtp host localhost, port * (glob)
				warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
				(verifying remote certificate)
				abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
				(see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
				[255]

				With global certificates:

				$ try --debug --config web.cacerts="$CERTSDIR/pub.pem"
				this patch series consists of 1 patches.


				(using smtps)
				sending mail: smtp host localhost, port * (glob)
				warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
				(verifying remote certificate)
				sending [PATCH] a ...

				With invalid certificates:

				$ try --config web.cacerts="$CERTSDIR/pub-other.pem"
				this patch series consists of 1 patches.


				warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
				(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
				(?i)abort: .?certificate.verify.failed. (re)
				[255]

				$ cd ..