Mercurial > hg-stable
view tests/test-hgweb-auth.py.out @ 29258:6315c1e14f75
sslutil: introduce a function for determining host-specific settings
This patch marks the beginning of a series that introduces a new,
more configurable, per-host security settings mechanism. Currently,
we have global settings (like web.cacerts and the --insecure argument).
We also have per-host settings via [hostfingerprints].
Global security settings are good for defaults, but they don't
provide the amount of control often wanted. For example, an
organization may want to require a particular CA is used for a
particular hostname.
[hostfingerprints] is nice. But it currently assumes SHA-1.
Furthermore, there is no obvious place to put additional per-host
settings.
Subsequent patches will be introducing new mechanisms for defining
security settings, some on a per-host basis. This commits starts
the transition to that world by introducing the _hostsettings
function. It takes a ui and hostname and returns a dict of security
settings. Currently, it limits itself to returning host fingerprint
info.
We foreshadow the future support of non-SHA1 hashing algorithms
for verifying the host fingerprint by making the "certfingerprints"
key a list of tuples instead of a list of hashes.
We add this dict to the hgstate property on the socket and use it
during socket validation for checking fingerprints. There should be
no change in behavior.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sat, 28 May 2016 11:12:02 -0700 |
| parents | 0f1311e829c9 |
| children | 31c37e703cee |
line wrap: on
line source
*** Test in-uri schemes CFG: {x.prefix: http://example.org} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: https://example.org} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort CFG: {x.prefix: http://example.org, x.schemes: https} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: https://example.org, x.schemes: http} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort *** Test separately configured schemes CFG: {x.prefix: example.org, x.schemes: http} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: example.org, x.schemes: https} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort CFG: {x.prefix: example.org, x.schemes: http https} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort *** Test prefix matching CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/bar} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('y', 'y') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/foo/bar} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('y', 'y') URI: http://example.org/bar abort URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: *, y.prefix: https://example.org/bar} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('y', 'y') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar ('y', 'y') *** Test user matching CFG: {x.password: xpassword, x.prefix: http://example.org/foo, x.username: None} URI: http://y@example.org/foo ('y', 'xpassword') CFG: {x.password: xpassword, x.prefix: http://example.org/foo, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y} URI: http://y@example.org/foo ('y', 'ypassword') CFG: {x.password: xpassword, x.prefix: http://example.org/foo/bar, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y} URI: http://y@example.org/foo/bar ('y', 'xpassword') *** Test urllib2 and util.url URIs: http://user@example.com:8080/foo http://example.com:8080/foo ('user', '')