324 $ hg -R copy-pull id https://localhost:$HGPORT/ \ |
324 $ hg -R copy-pull id https://localhost:$HGPORT/ \ |
325 > --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 \ |
325 > --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 \ |
326 > --config hostsecurity.disabletls10warning=true |
326 > --config hostsecurity.disabletls10warning=true |
327 5fed3813f7f5 |
327 5fed3813f7f5 |
328 |
328 |
|
329 #if no-sslcontext no-py27+ |
|
330 Setting ciphers doesn't work in Python 2.6 |
|
331 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ |
|
332 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
333 abort: setting ciphers in [hostsecurity] is not supported by this version of Python |
|
334 (remove the config option or run Mercurial with a modern Python version (preferred)) |
|
335 [255] |
|
336 #endif |
|
337 |
|
338 Setting ciphers works in Python 2.7+ but the error message is different on |
|
339 legacy ssl. We test legacy once and do more feature checking on modern |
|
340 configs. |
|
341 |
|
342 #if py27+ no-sslcontext |
|
343 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
344 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
345 abort: *No cipher can be selected. (glob) |
|
346 [255] |
|
347 |
|
348 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ |
|
349 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info |
|
350 5fed3813f7f5 |
|
351 #endif |
|
352 |
|
353 #if sslcontext |
|
354 Setting ciphers to an invalid value aborts |
|
355 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
356 abort: could not set ciphers: No cipher can be selected. |
|
357 (change cipher string (invalid) in config) |
|
358 [255] |
|
359 |
|
360 $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ |
|
361 abort: could not set ciphers: No cipher can be selected. |
|
362 (change cipher string (invalid) in config) |
|
363 [255] |
|
364 |
|
365 Changing the cipher string works |
|
366 |
|
367 $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ |
|
368 5fed3813f7f5 |
|
369 #endif |
|
370 |
329 Fingerprints |
371 Fingerprints |
330 |
372 |
331 - works without cacerts (hostkeyfingerprints) |
373 - works without cacerts (hostkeyfingerprints) |
332 $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
374 $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 |
333 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |
375 warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) |