mercurial: tests/test-https.t@d283517b260b (annotated)

22046 7a9cbb315d84 tests: replace exit 80 with #require Matt Mackall <mpm@selenic.com> parents: 18682 diff changeset	1	#require serve ssl
2612 ffb895f16925 add support for streaming clone. Vadim Gelfer <vadim.gelfer@gmail.com> parents: diff changeset	2
22046 7a9cbb315d84 tests: replace exit 80 with #require Matt Mackall <mpm@selenic.com> parents: 18682 diff changeset	3	Proper https client requires the built-in ssl from Python 2.6.
12740 b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	4
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	5	Certificates created with:
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	6	printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' \| \
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	7	openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	8	Can be dumped with:
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	9	openssl x509 -in pub.pem -text
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	10
14193 c4de16642861 test-https.t: clean up superfluous trailing whitespace Augie Fackler <durin42@gmail.com> parents: 13654 diff changeset	11	$ cat << EOT > priv.pem
12740 b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	12	> -----BEGIN PRIVATE KEY-----
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	13	> MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	14	> aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	15	> j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	16	> EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	17	> MF1ACazQO7PYE8M0qfECIQDONHHP0SKZzz/ZwBZcAveC5K61f/v9hONFwbeYulzR
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	18	> +wIgc9SvbtgB/5Yzpp//4ZAEnR7oh5SClCvyB+KSx52K3nECICbhQphhoXmI10wy
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	19	> aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	20	> HY8gUVkVRVs=
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	21	> -----END PRIVATE KEY-----
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	22	> EOT
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	23
14193 c4de16642861 test-https.t: clean up superfluous trailing whitespace Augie Fackler <durin42@gmail.com> parents: 13654 diff changeset	24	$ cat << EOT > pub.pem
12740 b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	25	> -----BEGIN CERTIFICATE-----
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	26	> MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	27	> BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	28	> MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	29	> MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	30	> ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	31	> 6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	32	> r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	33	> DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	34	> t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c=
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	35	> -----END CERTIFICATE-----
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	36	> EOT
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	37	$ cat priv.pem pub.pem >> server.pem
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	38	$ PRIV=`pwd`/server.pem
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	39
14193 c4de16642861 test-https.t: clean up superfluous trailing whitespace Augie Fackler <durin42@gmail.com> parents: 13654 diff changeset	40	$ cat << EOT > pub-other.pem
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	41	> -----BEGIN CERTIFICATE-----
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	42	> MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	43	> BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	44	> MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	45	> MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	46	> ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	47	> K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	48	> y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	49	> DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	50	> bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig=
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	51	> -----END CERTIFICATE-----
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	52	> EOT
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	53
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	54	pub.pem patched with other notBefore / notAfter:
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	55
14193 c4de16642861 test-https.t: clean up superfluous trailing whitespace Augie Fackler <durin42@gmail.com> parents: 13654 diff changeset	56	$ cat << EOT > pub-not-yet.pem
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	57	> -----BEGIN CERTIFICATE-----
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	58	> MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	59	> aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	60	> NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	61	> c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	62	> EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	63	> +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	64	> BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	65	> /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0=
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	66	> -----END CERTIFICATE-----
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	67	> EOT
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	68	$ cat priv.pem pub-not-yet.pem > server-not-yet.pem
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	69
14193 c4de16642861 test-https.t: clean up superfluous trailing whitespace Augie Fackler <durin42@gmail.com> parents: 13654 diff changeset	70	$ cat << EOT > pub-expired.pem
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	71	> -----BEGIN CERTIFICATE-----
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	72	> MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	73	> aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	74	> NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	75	> c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	76	> EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	77	> +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	78	> BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	79	> 2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ=
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	80	> -----END CERTIFICATE-----
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	81	> EOT
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	82	$ cat priv.pem pub-expired.pem > server-expired.pem
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	83
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	84	$ hg init test
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	85	$ cd test
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	86	$ echo foo>foo
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	87	$ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	88	$ echo foo>foo.d/foo
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	89	$ echo bar>foo.d/bAr.hg.d/BaR
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	90	$ echo bar>foo.d/baR.d.hg/bAR
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	91	$ hg commit -A -m 1
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	92	adding foo
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	93	adding foo.d/bAr.hg.d/BaR
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	94	adding foo.d/baR.d.hg/bAR
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	95	adding foo.d/foo
12740 b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	96	$ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	97	$ cat ../hg0.pid >> $DAEMON_PIDS
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	98
13544 66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	99	cacert not found
66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	100
66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	101	$ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	102	abort: could not find web.cacerts: no-such.pem
66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	103	[255]
66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	104
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	105	Test server address cannot be reused
4289 e17598881509 test-http: use printenv.py Alexis S. L. Carvalho <alexis@cecm.usp.br> parents: 4130 diff changeset	106
17023 3e2d8120528b test-http and test-https: partially adapt for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 17018 diff changeset	107	#if windows
3e2d8120528b test-http and test-https: partially adapt for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 17018 diff changeset	108	$ hg serve -p $HGPORT --certificate=$PRIV 2>&1
18682 408f2202bd80 tests: remove glob from output lines containing no glob character Simon Heimberg <simohe@besonet.ch> parents: 18588 diff changeset	109	abort: cannot start server at ':$HGPORT':
17023 3e2d8120528b test-http and test-https: partially adapt for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 17018 diff changeset	110	[255]
3e2d8120528b test-http and test-https: partially adapt for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 17018 diff changeset	111	#else
12740 b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	112	$ hg serve -p $HGPORT --certificate=$PRIV 2>&1
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	113	abort: cannot start server at ':$HGPORT': Address already in use
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	114	[255]
17023 3e2d8120528b test-http and test-https: partially adapt for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 17018 diff changeset	115	#endif
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	116	$ cd ..
2612 ffb895f16925 add support for streaming clone. Vadim Gelfer <vadim.gelfer@gmail.com> parents: diff changeset	117
23042 2cd3fa4412dc ssl: only use the dummy cert hack if using an Apple Python (issue4410) Mads Kiilerich <madski@unity3d.com> parents: 22960 diff changeset	118	OS X has a dummy CA cert that enables use of the system CA store when using
2cd3fa4412dc ssl: only use the dummy cert hack if using an Apple Python (issue4410) Mads Kiilerich <madski@unity3d.com> parents: 22960 diff changeset	119	Apple's OpenSSL. This trick do not work with plain OpenSSL.
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	120
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	121	$ DISABLEOSXDUMMYCERT=
24289 07fafcd4bc74 test-https: enable dummycert test only if Apple python is used (issue4500) Yuya Nishihara <yuya@tcha.org> parents: 24138 diff changeset	122	#if defaultcacerts
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	123	$ hg clone https://localhost:$HGPORT/ copy-pull
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	124	abort: error: certificate verify failed (glob)
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	125	[255]
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	126
24290 b76d8c641746 ssl: set explicit symbol "!" to web.cacerts to disable SSL verification (BC) Yuya Nishihara <yuya@tcha.org> parents: 24289 diff changeset	127	$ DISABLEOSXDUMMYCERT="--config=web.cacerts=!"
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	128	#endif
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	129
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	130	clone via pull
2673 109a22f5434a hooks: add url to changegroup, incoming, prechangegroup, pretxnchangegroup hooks Vadim Gelfer <vadim.gelfer@gmail.com> parents: 2622 diff changeset	131
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	132	$ hg clone https://localhost:$HGPORT/ copy-pull $DISABLEOSXDUMMYCERT
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	133	warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	134	requesting all changes
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	135	adding changesets
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	136	adding manifests
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	137	adding file changes
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	138	added 1 changesets with 4 changes to 4 files
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	139	updating to branch default
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	140	4 files updated, 0 files merged, 0 files removed, 0 files unresolved
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	141	$ hg verify -R copy-pull
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	142	checking changesets
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	143	checking manifests
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	144	crosschecking files in changesets and manifests
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	145	checking files
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	146	4 files, 1 changesets, 4 total revisions
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	147	$ cd test
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	148	$ echo bar > bar
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	149	$ hg commit -A -d '1 0' -m 2
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	150	adding bar
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	151	$ cd ..
2673 109a22f5434a hooks: add url to changegroup, incoming, prechangegroup, pretxnchangegroup hooks Vadim Gelfer <vadim.gelfer@gmail.com> parents: 2622 diff changeset	152
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	153	pull without cacert
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	154
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	155	$ cd copy-pull
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	156	$ echo '[hooks]' >> .hg/hgrc
17018 e7fdfc702d9f tests: consistently use printenv.py the same MSYS/Windows-compatible way Mads Kiilerich <mads@kiilerich.com> parents: 16982 diff changeset	157	$ echo "changegroup = python \"$TESTDIR/printenv.py\" changegroup" >> .hg/hgrc
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	158	$ hg pull $DISABLEOSXDUMMYCERT
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	159	pulling from https://localhost:$HGPORT/
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	160	warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	161	searching for changes
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	162	adding changesets
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	163	adding manifests
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	164	adding file changes
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	165	added 1 changesets with 1 changes to 1 files
24740 d283517b260b transaction: introduce a transaction ID, to be available to all hooks Pierre-Yves David <pierre-yves.david@fb.com> parents: 24290 diff changeset	166	changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:* HG_URL=https://localhost:$HGPORT/ (glob)
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	167	(run 'hg update' to get a working copy)
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	168	$ cd ..
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	169
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	170	cacert configured in local repo
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	171
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	172	$ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	173	$ echo "[web]" >> copy-pull/.hg/hgrc
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	174	$ echo "cacerts=`pwd`/pub.pem" >> copy-pull/.hg/hgrc
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	175	$ hg -R copy-pull pull --traceback
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	176	pulling from https://localhost:$HGPORT/
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	177	searching for changes
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	178	no changes found
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	179	$ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	180
13231 b335882c2f21 url: expand path for web.cacerts Eduard-Cristian Stefan <alexandrul.ct@gmail.com> parents: 13192 diff changeset	181	cacert configured globally, also testing expansion of environment
b335882c2f21 url: expand path for web.cacerts Eduard-Cristian Stefan <alexandrul.ct@gmail.com> parents: 13192 diff changeset	182	variables in the filename
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	183
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	184	$ echo "[web]" >> $HGRCPATH
13231 b335882c2f21 url: expand path for web.cacerts Eduard-Cristian Stefan <alexandrul.ct@gmail.com> parents: 13192 diff changeset	185	$ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
b335882c2f21 url: expand path for web.cacerts Eduard-Cristian Stefan <alexandrul.ct@gmail.com> parents: 13192 diff changeset	186	$ P=`pwd` hg -R copy-pull pull
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	187	pulling from https://localhost:$HGPORT/
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	188	searching for changes
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	189	no changes found
13328 a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	190	$ P=`pwd` hg -R copy-pull pull --insecure
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	191	pulling from https://localhost:$HGPORT/
13328 a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	192	warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	193	searching for changes
a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	194	no changes found
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	195
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	196	cacert mismatch
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	197
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	198	$ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	199	pulling from https://127.0.0.1:$HGPORT/
15814 c3e958b50a22 sslutil: show fingerprint when cacerts validation fails Mads Kiilerich <mads@kiilerich.com> parents: 15650 diff changeset	200	abort: 127.0.0.1 certificate error: certificate is for localhost
c3e958b50a22 sslutil: show fingerprint when cacerts validation fails Mads Kiilerich <mads@kiilerich.com> parents: 15650 diff changeset	201	(configure hostfingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca or use --insecure to connect insecurely)
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	202	[255]
13328 a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	203	$ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	204	pulling from https://127.0.0.1:$HGPORT/
13328 a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	205	warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	206	searching for changes
a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	207	no changes found
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	208	$ hg -R copy-pull pull --config web.cacerts=pub-other.pem
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	209	pulling from https://localhost:$HGPORT/
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	210	abort: error: certificate verify failed (glob)
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	211	[255]
13328 a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	212	$ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	213	pulling from https://localhost:$HGPORT/
13328 a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	214	warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	215	searching for changes
a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	216	no changes found
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	217
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	218	Test server cert which isn't valid yet
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	219
14193 c4de16642861 test-https.t: clean up superfluous trailing whitespace Augie Fackler <durin42@gmail.com> parents: 13654 diff changeset	220	$ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	221	$ cat hg1.pid >> $DAEMON_PIDS
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	222	$ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	223	pulling from https://localhost:$HGPORT1/
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	224	abort: error: certificate verify failed (glob)
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	225	[255]
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	226
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	227	Test server cert which no longer is valid
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	228
14193 c4de16642861 test-https.t: clean up superfluous trailing whitespace Augie Fackler <durin42@gmail.com> parents: 13654 diff changeset	229	$ hg -R test serve -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	230	$ cat hg2.pid >> $DAEMON_PIDS
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	231	$ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	232	pulling from https://localhost:$HGPORT2/
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	233	abort: error: certificate verify failed (glob)
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	234	[255]
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	235
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	236	Fingerprints
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	237
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	238	$ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	239	$ echo "localhost = 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca" >> copy-pull/.hg/hgrc
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	240	$ echo "127.0.0.1 = 914f1aff87249c09b6859b88b1906d30756491ca" >> copy-pull/.hg/hgrc
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	241
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	242	- works without cacerts
24290 b76d8c641746 ssl: set explicit symbol "!" to web.cacerts to disable SSL verification (BC) Yuya Nishihara <yuya@tcha.org> parents: 24289 diff changeset	243	$ hg -R copy-pull id https://localhost:$HGPORT/ --config web.cacerts=!
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	244	5fed3813f7f5
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	245
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	246	- fails when cert doesn't match hostname (port is ignored)
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	247	$ hg -R copy-pull id https://localhost:$HGPORT1/
15997 a45516cb8d9f sslutil: more helpful fingerprint mismatch message Matt Mackall <mpm@selenic.com> parents: 15814 diff changeset	248	abort: certificate for localhost has unexpected fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
a45516cb8d9f sslutil: more helpful fingerprint mismatch message Matt Mackall <mpm@selenic.com> parents: 15814 diff changeset	249	(check hostfingerprint configuration)
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	250	[255]
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	251
18588 3241fc65e3cd test-https.t: stop using kill `cat $pidfile` Augie Fackler <raf@durin42.com> parents: 18354 diff changeset	252
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	253	- ignores that certificate doesn't match hostname
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	254	$ hg -R copy-pull id https://127.0.0.1:$HGPORT/
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	255	5fed3813f7f5
13423 4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	256
18588 3241fc65e3cd test-https.t: stop using kill `cat $pidfile` Augie Fackler <raf@durin42.com> parents: 18354 diff changeset	257	HGPORT1 is reused below for tinyproxy tests. Kill that server.
3241fc65e3cd test-https.t: stop using kill `cat $pidfile` Augie Fackler <raf@durin42.com> parents: 18354 diff changeset	258	$ "$TESTDIR/killdaemons.py" hg1.pid
16300 74e114ac6ec1 tests: fix startup/shutdown races in test-https Matt Mackall <mpm@selenic.com> parents: 16107 diff changeset	259
13423 4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	260	Prepare for connecting through proxy
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	261
16300 74e114ac6ec1 tests: fix startup/shutdown races in test-https Matt Mackall <mpm@selenic.com> parents: 16107 diff changeset	262	$ "$TESTDIR/tinyproxy.py" $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
16496 abbabbbe4ec2 tests: use 'do sleep 0' instead of 'do true', also on first line of command Mads Kiilerich <mads@kiilerich.com> parents: 16300 diff changeset	263	$ while [ ! -f proxy.pid ]; do sleep 0; done
13423 4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	264	$ cat proxy.pid >> $DAEMON_PIDS
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	265
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	266	$ echo "[http_proxy]" >> copy-pull/.hg/hgrc
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	267	$ echo "always=True" >> copy-pull/.hg/hgrc
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	268	$ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	269	$ echo "localhost =" >> copy-pull/.hg/hgrc
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	270
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	271	Test unvalidated https through proxy
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	272
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	273	$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure --traceback
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	274	pulling from https://localhost:$HGPORT/
13438 48463d889d4e tests: update test-https.t output Mads Kiilerich <mads@kiilerich.com> parents: 13424 diff changeset	275	warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
13423 4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	276	searching for changes
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	277	no changes found
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	278
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	279	Test https with cacert and fingerprint through proxy
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	280
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	281	$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub.pem
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	282	pulling from https://localhost:$HGPORT/
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	283	searching for changes
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	284	no changes found
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	285	$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://127.0.0.1:$HGPORT/
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	286	pulling from https://127.0.0.1:$HGPORT/
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	287	searching for changes
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	288	no changes found
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	289
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	290	Test https with cert problems through proxy
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	291
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	292	$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-other.pem
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	293	pulling from https://localhost:$HGPORT/
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	294	abort: error: certificate verify failed (glob)
13424 08f9c587141f url: merge BetterHTTPS with httpsconnection to get some proxy https validation Mads Kiilerich <mads@kiilerich.com> parents: 13423 diff changeset	295	[255]
13423 4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	296	$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	297	pulling from https://localhost:$HGPORT2/
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	298	abort: error: certificate verify failed (glob)
13424 08f9c587141f url: merge BetterHTTPS with httpsconnection to get some proxy https validation Mads Kiilerich <mads@kiilerich.com> parents: 13423 diff changeset	299	[255]

author	Pierre-Yves David <pierre-yves.david@fb.com>
	Wed, 15 Apr 2015 11:11:54 -0400
changeset 24740	d283517b260b
parent 24290	b76d8c641746
child 25413	4d705f6a3c35
permissions	-rw-r--r--