tests/test-issue842.t
author Gregory Szorc <gregory.szorc@gmail.com>
Thu, 09 Mar 2017 20:33:29 -0800
changeset 31299 f819aa9dbbf9
parent 26420 2fc86d92c4a9
child 49585 55c6ebd11cb9
permissions -rw-r--r--
sslutil: issue warning when [hostfingerprint] is used Mercurial 3.9 added the [hostsecurity] section, which is better than [hostfingerprints] in every way. One of the ways that [hostsecurity] is better is that it supports SHA-256 and SHA-512 fingerprints, not just SHA-1 fingerprints. The world is moving away from SHA-1 because it is borderline secure. Mercurial should be part of that movement. This patch adds a warning when a valid SHA-1 fingerprint from the [hostfingerprints] section is being used. The warning informs users to switch to [hostsecurity]. It even prints the config option they should set. It uses the SHA-256 fingerprint because recommending a SHA-1 fingerprint in 2017 would be ill-advised. The warning will print itself on every connection to a server until it is fixed. There is no way to suppress the warning. I admit this is annoying. But given the security implications of sticking with SHA-1, I think this is justified. If this patch is accepted, I'll likely send a follow-up to start warning on SHA-1 certificates in [hostsecurity] as well. Then sometime down the road, we can drop support for SHA-1 fingerprints. Credit for this idea comes from timeless in issue 5466.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
26420
2fc86d92c4a9 urls: bulk-change BTS urls to new location
Matt Mackall <mpm@selenic.com>
parents: 15615
diff changeset
     1
https://bz.mercurial-scm.org/842
12195
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
     2
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
     3
  $ hg init
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
     4
  $ echo foo > a
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
     5
  $ hg ci -Ama
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
     6
  adding a
8452
cb93eee1fbcd tests: add missing interpreter lines
Martin Geisler <mg@lazybytes.net>
parents: 6336
diff changeset
     7
12195
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
     8
  $ hg up -r0000
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
     9
  0 files updated, 0 files merged, 1 files removed, 0 files unresolved
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    10
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    11
  $ echo bar > a
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    12
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    13
Should issue new head warning:
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    14
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    15
  $ hg ci -Amb
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    16
  adding a
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    17
  created new head
6336
4b0c9c674707 warn about new heads on commit (issue842)
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
diff changeset
    18
12195
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    19
  $ hg up -r0000
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    20
  0 files updated, 0 files merged, 1 files removed, 0 files unresolved
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    21
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    22
  $ echo stuffy > a
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    23
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    24
Should not issue new head warning:
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    25
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    26
  $ hg ci -q -Amc
6336
4b0c9c674707 warn about new heads on commit (issue842)
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
diff changeset
    27
12195
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    28
  $ hg up -r0000
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    29
  0 files updated, 0 files merged, 1 files removed, 0 files unresolved
6336
4b0c9c674707 warn about new heads on commit (issue842)
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
diff changeset
    30
12195
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    31
  $ echo crap > a
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    32
  $ hg branch testing
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    33
  marked working directory as branch testing
15615
41885892796e branch: warn on branching
Matt Mackall <mpm@selenic.com>
parents: 12328
diff changeset
    34
  (branches are permanent and global, did you want a bookmark?)
12195
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    35
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    36
Should not issue warning:
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    37
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    38
  $ hg ci -q -Amd
ee41be2bbf5a tests: unify test-issue*
Adrian Buehlmann <adrian@cadifra.com>
parents: 8452
diff changeset
    39