--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/test-url.py Fri Oct 01 00:46:59 2010 +0200
@@ -0,0 +1,41 @@
+#!/usr/bin/env python
+
+def check(a, b):
+ if a != b:
+ print (a, b)
+
+from mercurial.url import _verifycert
+
+# Test non-wildcard certificates
+check(_verifycert({'subject': ((('commonName', 'example.com'),),)}, 'example.com'),
+ None)
+check(_verifycert({'subject': ((('commonName', 'example.com'),),)}, 'www.example.com'),
+ 'certificate is for example.com')
+check(_verifycert({'subject': ((('commonName', 'www.example.com'),),)}, 'example.com'),
+ 'certificate is for www.example.com')
+
+# Test wildcard certificates
+check(_verifycert({'subject': ((('commonName', '*.example.com'),),)}, 'www.example.com'),
+ None)
+check(_verifycert({'subject': ((('commonName', '*.example.com'),),)}, 'example.com'),
+ 'certificate is for *.example.com')
+check(_verifycert({'subject': ((('commonName', '*.example.com'),),)}, 'w.w.example.com'),
+ 'certificate is for *.example.com')
+
+# Avoid some pitfalls
+check(_verifycert({'subject': ((('commonName', '*.foo'),),)}, 'foo'),
+ 'certificate is for *.foo')
+check(_verifycert({'subject': ((('commonName', '*o'),),)}, 'foo'),
+ 'certificate is for *o')
+
+import time
+lastyear = time.gmtime().tm_year - 1
+nextyear = time.gmtime().tm_year + 1
+check(_verifycert({'notAfter': 'May 9 00:00:00 %s GMT' % lastyear}, 'example.com'),
+ 'certificate expired May 9 00:00:00 %s GMT' % lastyear)
+check(_verifycert({'notBefore': 'May 9 00:00:00 %s GMT' % nextyear}, 'example.com'),
+ 'certificate not valid before May 9 00:00:00 %s GMT' % nextyear)
+check(_verifycert({'notAfter': 'Sep 29 15:29:48 %s GMT' % nextyear, 'subject': ()}, 'example.com'),
+ 'no commonName found in certificate')
+check(_verifycert(None, 'example.com'),
+ 'no certificate received')