82 |
82 |
83 #if defaultcacertsloaded |
83 #if defaultcacertsloaded |
84 $ hg clone https://localhost:$HGPORT/ copy-pull |
84 $ hg clone https://localhost:$HGPORT/ copy-pull |
85 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
85 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
86 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) |
86 (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) |
|
87 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
87 abort: error: *certificate verify failed* (glob) |
88 abort: error: *certificate verify failed* (glob) |
88 [255] |
89 [255] |
89 #endif |
90 #endif |
90 |
91 |
91 #if no-defaultcacerts |
92 #if no-defaultcacerts |
126 (modern ssl is able to discern whether the loaded cert is a CA cert) |
127 (modern ssl is able to discern whether the loaded cert is a CA cert) |
127 #if sslcontext |
128 #if sslcontext |
128 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ |
129 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ |
129 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
130 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
130 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
131 (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
|
132 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
131 abort: error: *certificate verify failed* (glob) |
133 abort: error: *certificate verify failed* (glob) |
132 [255] |
134 [255] |
133 #else |
135 #else |
134 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ |
136 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ |
135 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
137 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
293 searching for changes |
295 searching for changes |
294 no changes found |
296 no changes found |
295 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" |
297 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" |
296 pulling from https://localhost:$HGPORT/ |
298 pulling from https://localhost:$HGPORT/ |
297 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
299 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
300 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
298 abort: error: *certificate verify failed* (glob) |
301 abort: error: *certificate verify failed* (glob) |
299 [255] |
302 [255] |
300 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \ |
303 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \ |
301 > --insecure |
304 > --insecure |
302 pulling from https://localhost:$HGPORT/ |
305 pulling from https://localhost:$HGPORT/ |
311 $ cat hg1.pid >> $DAEMON_PIDS |
314 $ cat hg1.pid >> $DAEMON_PIDS |
312 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \ |
315 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \ |
313 > https://localhost:$HGPORT1/ |
316 > https://localhost:$HGPORT1/ |
314 pulling from https://localhost:$HGPORT1/ |
317 pulling from https://localhost:$HGPORT1/ |
315 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
318 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
319 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
316 abort: error: *certificate verify failed* (glob) |
320 abort: error: *certificate verify failed* (glob) |
317 [255] |
321 [255] |
318 |
322 |
319 Test server cert which no longer is valid |
323 Test server cert which no longer is valid |
320 |
324 |
322 $ cat hg2.pid >> $DAEMON_PIDS |
326 $ cat hg2.pid >> $DAEMON_PIDS |
323 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \ |
327 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \ |
324 > https://localhost:$HGPORT2/ |
328 > https://localhost:$HGPORT2/ |
325 pulling from https://localhost:$HGPORT2/ |
329 pulling from https://localhost:$HGPORT2/ |
326 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
330 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
331 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
327 abort: error: *certificate verify failed* (glob) |
332 abort: error: *certificate verify failed* (glob) |
328 [255] |
333 [255] |
329 |
334 |
330 Disabling the TLS 1.0 warning works |
335 Disabling the TLS 1.0 warning works |
331 $ hg -R copy-pull id https://localhost:$HGPORT/ \ |
336 $ hg -R copy-pull id https://localhost:$HGPORT/ \ |
576 |
581 |
577 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
582 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
578 > --config web.cacerts="$CERTSDIR/pub-other.pem" |
583 > --config web.cacerts="$CERTSDIR/pub-other.pem" |
579 pulling from https://localhost:$HGPORT/ |
584 pulling from https://localhost:$HGPORT/ |
580 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
585 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
586 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
581 abort: error: *certificate verify failed* (glob) |
587 abort: error: *certificate verify failed* (glob) |
582 [255] |
588 [255] |
583 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
589 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ |
584 > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/ |
590 > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/ |
585 pulling from https://localhost:$HGPORT2/ |
591 pulling from https://localhost:$HGPORT2/ |
586 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
592 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
593 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
587 abort: error: *certificate verify failed* (glob) |
594 abort: error: *certificate verify failed* (glob) |
588 [255] |
595 [255] |
589 |
596 |
590 |
597 |
591 $ killdaemons.py hg0.pid |
598 $ killdaemons.py hg0.pid |
617 |
624 |
618 without client certificate: |
625 without client certificate: |
619 |
626 |
620 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
627 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ |
621 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
628 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
|
629 (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
622 abort: error: *handshake failure* (glob) |
630 abort: error: *handshake failure* (glob) |
623 [255] |
631 [255] |
624 |
632 |
625 with client certificate: |
633 with client certificate: |
626 |
634 |