Mercurial > hg-stable
view tests/test-convert-baz @ 12592:f2937d6492c5 stable
url: verify correctness of https server certificates (issue2407)
Pythons SSL module verifies that certificates received for HTTPS are valid
according to the specified cacerts, but it doesn't verify that the certificate
is for the host we connect to.
We now explicitly verify that the commonName in the received certificate
matches the requested hostname and is valid for the time being.
This is a minimal patch where we try to fail to the safe side, but we do still
rely on Python's SSL functionality and do not try to implement the standards
fully and correctly. CRLs and subjectAltName are not handled and proxies
haven't been considered.
This change might break connections to some sites if cacerts is specified and
the certificates (by our definition) isn't correct. The workaround is to
disable cacerts which in most cases isn't much worse than it was before with
cacerts.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Fri, 01 Oct 2010 00:46:59 +0200 |
parents | 6e4cf8319f54 |
children | 7fc79055a62b |
line wrap: on
line source
#!/bin/sh "$TESTDIR/hghave" baz || exit 80 mkdir do_not_use_HOME_baz cd do_not_use_HOME_baz HOME=`pwd`; export HOME cd .. baz my-id "mercurial <mercurial@selenic.com>" echo "[extensions]" >> $HGRCPATH echo "convert=" >> $HGRCPATH echo 'graphlog =' >> $HGRCPATH echo % create baz archive baz make-archive baz@mercurial--convert hg-test-convert-baz echo % initialize baz repo mkdir baz-repo cd baz-repo/ baz init-tree baz@mercurial--convert/baz--test--0 baz import echo % create initial files echo 'this is a file' > a baz add a mkdir src baz add src cd src dd count=1 if=/dev/zero of=b > /dev/null 2> /dev/null baz add b # HACK: hide GNU tar-1.22 "tar: The --preserve option is deprecated, use --preserve-permissions --preserve-order instead" baz commit -s "added a file, src and src/b (binary)" 2>&1 | grep -v '^tar' echo % create link file and modify a ln -s ../a a-link baz add a-link echo 'this a modification to a' >> ../a baz commit -s "added link to a and modify a" echo % create second link and modify b ln -s ../a a-link-2 baz add a-link-2 dd count=1 seek=1 if=/dev/zero of=b > /dev/null 2> /dev/null baz commit -s "added second link and modify b" echo % b file to link and a-link-2 to regular file rm -f a-link-2 echo 'this is now a regular file' > a-link-2 ln -sf ../a b baz commit -s "file to link and link to file test" echo % move a-link-2 file and src directory cd .. baz mv src/a-link-2 c baz mv src test baz commit -s "move and rename a-link-2 file and src directory" echo % move and add the moved file again echo e > e baz add e baz commit -s "add e" baz mv e f echo ee > e baz add e baz commit -s "move e and recreate it again" cd .. echo % converting baz repo to Mercurial hg convert baz-repo baz-repo-hg baz register-archive -d baz@mercurial--convert glog() { hg glog --template '{rev} "{desc|firstline}" files: {files}\n' "$@" } echo % show graph log glog -R baz-repo-hg hg up -q -R baz-repo-hg hg -R baz-repo-hg manifest --debug hg -R baz-repo-hg log -r 5 -r 7 -C --debug | grep copies