Mercurial > hg-stable
view tests/test-bundle @ 12592:f2937d6492c5 stable
url: verify correctness of https server certificates (issue2407)
Pythons SSL module verifies that certificates received for HTTPS are valid
according to the specified cacerts, but it doesn't verify that the certificate
is for the host we connect to.
We now explicitly verify that the commonName in the received certificate
matches the requested hostname and is valid for the time being.
This is a minimal patch where we try to fail to the safe side, but we do still
rely on Python's SSL functionality and do not try to implement the standards
fully and correctly. CRLs and subjectAltName are not handled and proxies
haven't been considered.
This change might break connections to some sites if cacerts is specified and
the certificates (by our definition) isn't correct. The workaround is to
disable cacerts which in most cases isn't much worse than it was before with
cacerts.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Fri, 01 Oct 2010 00:46:59 +0200 |
parents | 0b999aec64e8 |
children |
line wrap: on
line source
#!/bin/sh cp "$TESTDIR"/printenv.py . echo "====== Setting up test" hg init test cd test echo 0 > afile hg add afile hg commit -m "0.0" -d "1000000 0" echo 1 >> afile hg commit -m "0.1" -d "1000000 0" echo 2 >> afile hg commit -m "0.2" -d "1000000 0" echo 3 >> afile hg commit -m "0.3" -d "1000000 0" hg update -C 0 echo 1 >> afile hg commit -m "1.1" -d "1000000 0" echo 2 >> afile hg commit -m "1.2" -d "1000000 0" echo "a line" > fred echo 3 >> afile hg add fred hg commit -m "1.3" -d "1000000 0" hg mv afile adifferentfile hg commit -m "1.3m" -d "1000000 0" hg update -C 3 hg mv afile anotherfile hg commit -m "0.3m" -d "1000000 0" hg verify cd .. hg init empty echo "====== Bundle --all" hg -R test bundle --all all.hg echo "====== Bundle test to full.hg" hg -R test bundle full.hg empty echo "====== Unbundle full.hg in test" hg -R test unbundle full.hg echo "====== Verify empty" hg -R empty heads hg -R empty verify echo "====== Pull full.hg into test (using --cwd)" hg --cwd test pull ../full.hg echo "====== Pull full.hg into empty (using --cwd)" hg --cwd empty pull ../full.hg echo "====== Rollback empty" hg -R empty rollback echo "====== Pull full.hg into empty again (using --cwd)" hg --cwd empty pull ../full.hg echo "====== Pull full.hg into test (using -R)" hg -R test pull full.hg echo "====== Pull full.hg into empty (using -R)" hg -R empty pull full.hg echo "====== Rollback empty" hg -R empty rollback echo "====== Pull full.hg into empty again (using -R)" hg -R empty pull full.hg echo "====== Log -R full.hg in fresh empty" rm -r empty hg init empty cd empty hg -R bundle://../full.hg log echo "====== Pull ../full.hg into empty (with hook)" echo '[hooks]' >> .hg/hgrc echo 'changegroup = python ../printenv.py changegroup' >> .hg/hgrc #doesn't work (yet ?) #hg -R bundle://../full.hg verify hg pull bundle://../full.hg echo "====== Rollback empty" hg rollback cd .. echo "====== Log -R bundle:empty+full.hg" hg -R bundle:empty+full.hg log --template="{rev} " echo "" echo "====== Pull full.hg into empty again (using -R; with hook)" hg -R empty pull full.hg echo "====== Create partial clones" rm -r empty hg init empty hg clone -r 3 test partial hg clone partial partial2 cd partial echo "====== Log -R full.hg in partial" hg -R bundle://../full.hg log echo "====== Incoming full.hg in partial" hg incoming bundle://../full.hg echo "====== Outgoing -R full.hg vs partial2 in partial" hg -R bundle://../full.hg outgoing ../partial2 echo "====== Outgoing -R does-not-exist.hg vs partial2 in partial" hg -R bundle://../does-not-exist.hg outgoing ../partial2 cd .. echo "====== Direct clone from bundle (all-history)" hg clone full.hg full-clone hg -R full-clone heads rm -r full-clone # test for http://mercurial.selenic.com/bts/issue216 echo "====== Unbundle incremental bundles into fresh empty in one go" rm -r empty hg init empty hg -R test bundle --base null -r 0 ../0.hg hg -R test bundle --base 0 -r 1 ../1.hg hg -R empty unbundle -u ../0.hg ../1.hg # test for 540d1059c802 echo "====== test for 540d1059c802" hg init orig cd orig echo foo > foo hg add foo hg ci -m 'add foo' hg clone . ../copy hg tag foo cd ../copy echo >> foo hg ci -m 'change foo' hg bundle ../bundle.hg ../orig cd ../orig hg incoming ../bundle.hg cd .. # test for http://mercurial.selenic.com/bts/issue1144 echo "===== test that verify bundle does not traceback" # partial history bundle, fails w/ unkown parent hg -R bundle.hg verify # full history bundle, refuses to verify non-local repo hg -R all.hg verify # but, regular verify must continue to work hg -R orig verify echo "====== diff against bundle" hg init b cd b hg -R ../all.hg diff -r tip cd .. echo "====== bundle single branch" hg init branchy cd branchy echo a >a hg ci -Ama echo b >b hg ci -Amb echo b1 >b1 hg ci -Amb1 hg up 0 echo c >c hg ci -Amc echo c1 >c1 hg ci -Amc1 hg clone -q .#tip part echo "== bundling via incoming" hg in -R part --bundle incoming.hg --template "{node}\n" . echo "== bundling" hg bundle bundle.hg part --debug