39 > t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c= |
39 > t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c= |
40 > -----END CERTIFICATE----- |
40 > -----END CERTIFICATE----- |
41 > EOT |
41 > EOT |
42 $ cat priv.pem pub.pem >> server.pem |
42 $ cat priv.pem pub.pem >> server.pem |
43 $ PRIV=`pwd`/server.pem |
43 $ PRIV=`pwd`/server.pem |
|
44 |
|
45 $ cat << EOT > pub-other.pem |
|
46 > -----BEGIN CERTIFICATE----- |
|
47 > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV |
|
48 > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw |
|
49 > MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0 |
|
50 > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL |
|
51 > ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo |
|
52 > K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN |
|
53 > y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw |
|
54 > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6 |
|
55 > bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig= |
|
56 > -----END CERTIFICATE----- |
|
57 > EOT |
|
58 |
|
59 pub.pem patched with other notBefore / notAfter: |
|
60 |
|
61 $ cat << EOT > pub-not-yet.pem |
|
62 > -----BEGIN CERTIFICATE----- |
|
63 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs |
|
64 > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw |
|
65 > NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv |
|
66 > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK |
|
67 > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA |
|
68 > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T |
|
69 > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb |
|
70 > /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0= |
|
71 > -----END CERTIFICATE----- |
|
72 > EOT |
|
73 $ cat priv.pem pub-not-yet.pem > server-not-yet.pem |
|
74 |
|
75 $ cat << EOT > pub-expired.pem |
|
76 > -----BEGIN CERTIFICATE----- |
|
77 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs |
|
78 > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx |
|
79 > NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv |
|
80 > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK |
|
81 > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA |
|
82 > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T |
|
83 > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt |
|
84 > 2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ= |
|
85 > -----END CERTIFICATE----- |
|
86 > EOT |
|
87 $ cat priv.pem pub-expired.pem > server-expired.pem |
44 |
88 |
45 $ hg init test |
89 $ hg init test |
46 $ cd test |
90 $ cd test |
47 $ echo foo>foo |
91 $ echo foo>foo |
48 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg |
92 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg |
99 adding manifests |
143 adding manifests |
100 adding file changes |
144 adding file changes |
101 added 1 changesets with 1 changes to 1 files |
145 added 1 changesets with 1 changes to 1 files |
102 (run 'hg update' to get a working copy) |
146 (run 'hg update' to get a working copy) |
103 $ cd .. |
147 $ cd .. |
|
148 |
|
149 cacert |
|
150 |
|
151 $ hg -R copy-pull pull --config web.cacerts=pub.pem |
|
152 pulling from https://localhost:$HGPORT/ |
|
153 searching for changes |
|
154 no changes found |
|
155 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ |
|
156 abort: 127.0.0.1 certificate error: certificate is for localhost |
|
157 [255] |
|
158 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem |
|
159 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
|
160 [255] |
|
161 |
|
162 Test server cert which isn't valid yet |
|
163 |
|
164 $ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem |
|
165 $ cat hg1.pid >> $DAEMON_PIDS |
|
166 $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/ |
|
167 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
|
168 [255] |
|
169 |
|
170 Test server cert which no longer is valid |
|
171 |
|
172 $ hg -R test serve -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem |
|
173 $ cat hg2.pid >> $DAEMON_PIDS |
|
174 $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ |
|
175 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
|
176 [255] |