Mercurial > hg-stable
view tests/test-convert-baz.out @ 12592:f2937d6492c5 stable
url: verify correctness of https server certificates (issue2407)
Pythons SSL module verifies that certificates received for HTTPS are valid
according to the specified cacerts, but it doesn't verify that the certificate
is for the host we connect to.
We now explicitly verify that the commonName in the received certificate
matches the requested hostname and is valid for the time being.
This is a minimal patch where we try to fail to the safe side, but we do still
rely on Python's SSL functionality and do not try to implement the standards
fully and correctly. CRLs and subjectAltName are not handled and proxies
haven't been considered.
This change might break connections to some sites if cacerts is specified and
the certificates (by our definition) isn't correct. The workaround is to
disable cacerts which in most cases isn't much worse than it was before with
cacerts.
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Fri, 01 Oct 2010 00:46:59 +0200 |
| parents | 7616ff5f3596 |
| children |
line wrap: on
line source
% create baz archive % initialize baz repo * creating version baz@mercurial--convert/baz--test--0 * imported baz@mercurial--convert/baz--test--0 % create initial files * build pristine tree for baz@mercurial--convert/baz--test--0--base-0 * Scanning for full-tree revision: . * from import revision: baz@mercurial--convert/baz--test--0--base-0 A/ .arch-ids A/ src A/ src/.arch-ids A .arch-ids/a.id A a A src/.arch-ids/=id A src/.arch-ids/b.id A src/b * update pristine tree (baz@mercurial--convert/baz--test--0--base-0 => baz--test--0--patch-1) * committed baz@mercurial--convert/baz--test--0--patch-1 % create link file and modify a A src/.arch-ids/a-link.id A src/a-link M a * update pristine tree (baz@mercurial--convert/baz--test--0--patch-1 => baz--test--0--patch-2) * committed baz@mercurial--convert/baz--test--0--patch-2 % create second link and modify b A src/.arch-ids/a-link-2.id A src/a-link-2 Mb src/b * update pristine tree (baz@mercurial--convert/baz--test--0--patch-2 => baz--test--0--patch-3) * committed baz@mercurial--convert/baz--test--0--patch-3 % b file to link and a-link-2 to regular file fl src/b lf src/a-link-2 * update pristine tree (baz@mercurial--convert/baz--test--0--patch-3 => baz--test--0--patch-4) * committed baz@mercurial--convert/baz--test--0--patch-4 % move a-link-2 file and src directory D/ src/.arch-ids A/ test/.arch-ids /> src test => src/.arch-ids/a-link-2.id .arch-ids/c.id => src/a-link-2 c => src/.arch-ids/=id test/.arch-ids/=id => src/.arch-ids/a-link.id test/.arch-ids/a-link.id => src/.arch-ids/b.id test/.arch-ids/b.id * update pristine tree (baz@mercurial--convert/baz--test--0--patch-4 => baz--test--0--patch-5) * committed baz@mercurial--convert/baz--test--0--patch-5 % move and add the moved file again A .arch-ids/e.id A e * update pristine tree (baz@mercurial--convert/baz--test--0--patch-5 => baz--test--0--patch-6) * committed baz@mercurial--convert/baz--test--0--patch-6 A .arch-ids/e.id A e => .arch-ids/e.id .arch-ids/f.id => e f * update pristine tree (baz@mercurial--convert/baz--test--0--patch-6 => baz--test--0--patch-7) * committed baz@mercurial--convert/baz--test--0--patch-7 % converting baz repo to Mercurial initializing destination baz-repo-hg repository analyzing tree version baz@mercurial--convert/baz--test--0... scanning source... sorting... converting... 7 initial import 6 added a file, src and src/b (binary) 5 added link to a and modify a 4 added second link and modify b 3 file to link and link to file test 2 move and rename a-link-2 file and src directory 1 add e 0 move e and recreate it again % show graph log o 7 "move e and recreate it again" files: e f | o 6 "add e" files: e | o 5 "move and rename a-link-2 file and src directory" files: c src/a-link src/a-link-2 src/b test/a-link test/b | o 4 "file to link and link to file test" files: src/a-link-2 src/b | o 3 "added second link and modify b" files: src/a-link-2 src/b | o 2 "added link to a and modify a" files: a src/a-link | o 1 "added a file, src and src/b (binary)" files: a src/b | o 0 "initial import" files: c4072c4b72e1cabace081888efa148ee80ca3cbb 644 a 0201ac32a3a8e86e303dff60366382a54b48a72e 644 c 1a4a864db0073705a11b1439f563bfa4b46d9246 644 e 09e0222742fc3f75777fa9d68a5d8af7294cb5e7 644 f c0067ba5ff0b7c9a3eb17270839d04614c435623 644 @ test/a-link 375f4263d86feacdea7e3c27100abd1560f2a973 644 @ test/b copies: c (src/a-link-2) test/a-link (src/a-link) test/b (src/b) copies: f (e)