Mercurial > hg-stable
view tests/test-commit @ 12592:f2937d6492c5 stable
url: verify correctness of https server certificates (issue2407)
Pythons SSL module verifies that certificates received for HTTPS are valid
according to the specified cacerts, but it doesn't verify that the certificate
is for the host we connect to.
We now explicitly verify that the commonName in the received certificate
matches the requested hostname and is valid for the time being.
This is a minimal patch where we try to fail to the safe side, but we do still
rely on Python's SSL functionality and do not try to implement the standards
fully and correctly. CRLs and subjectAltName are not handled and proxies
haven't been considered.
This change might break connections to some sites if cacerts is specified and
the certificates (by our definition) isn't correct. The workaround is to
disable cacerts which in most cases isn't much worse than it was before with
cacerts.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Fri, 01 Oct 2010 00:46:59 +0200 |
parents | 8766fee6f225 |
children |
line wrap: on
line source
#!/bin/sh echo % commit date test hg init test cd test echo foo > foo hg add foo HGEDITOR=true hg commit -m "" hg commit -d '0 0' -m commit-1 echo foo >> foo hg commit -d '1 4444444' -m commit-3 hg commit -d '1 15.1' -m commit-4 hg commit -d 'foo bar' -m commit-5 hg commit -d ' 1 4444' -m commit-6 hg commit -d '111111111111 0' -m commit-7 echo % commit added file that has been deleted echo bar > bar hg add bar rm bar hg commit -d "1000000 0" -m commit-8 hg commit -d "1000000 0" -m commit-8-2 bar hg -q revert -a --no-backup mkdir dir echo boo > dir/file hg add hg -v commit -m commit-9 dir echo > dir.file hg add hg commit -m commit-10 dir dir.file echo >> dir/file mkdir bleh mkdir dir2 cd bleh hg commit -m commit-11 . hg commit -m commit-12 ../dir ../dir2 hg -v commit -m commit-13 ../dir cd .. hg commit -m commit-14 does-not-exist ln -s foo baz hg commit -m commit-15 baz touch quux hg commit -m commit-16 quux echo >> dir/file hg -v commit -m commit-17 dir/file # An empty date was interpreted as epoch origin echo foo >> foo hg commit -d '' -m commit-no-date hg tip --template '{date|isodate}\n' | grep '1970' cd .. echo % partial subdir commit test hg init test2 cd test2 mkdir foo echo foo > foo/foo mkdir bar echo bar > bar/bar hg add hg ci -d '1000000 0' -m commit-subdir-1 foo hg ci -d '1000001 0' -m commit-subdir-2 bar echo % subdir log 1 hg log -v foo echo % subdir log 2 hg log -v bar echo % full log hg log -v cd .. echo % dot and subdir commit test hg init test3 cd test3 mkdir foo echo foo content > foo/plain-file hg add foo/plain-file hg ci -d '1000000 0' -m commit-foo-subdir foo echo modified foo content > foo/plain-file hg ci -d '2000000 0' -m commit-foo-dot . echo % full log hg log -v echo % subdir log cd foo hg log . cd .. cd .. cd .. hg init issue1049 cd issue1049 echo a > a hg ci -Ama echo a >> a hg ci -mb hg up 0 echo b >> a hg ci -mc HGMERGE=true hg merge echo % should fail because we are specifying a file name hg ci -mmerge a echo % should fail because we are specifying a pattern hg ci -mmerge -I a echo % should succeed hg ci -mmerge cd .. echo % test commit message content hg init commitmsg cd commitmsg echo changed > changed echo removed > removed hg ci -qAm init hg rm removed echo changed >> changed echo added > added hg add added HGEDITOR=cat hg ci -A cd .. exit 0