Mercurial > hg-stable
view tests/test-merge-tools @ 12592:f2937d6492c5 stable
url: verify correctness of https server certificates (issue2407)
Pythons SSL module verifies that certificates received for HTTPS are valid
according to the specified cacerts, but it doesn't verify that the certificate
is for the host we connect to.
We now explicitly verify that the commonName in the received certificate
matches the requested hostname and is valid for the time being.
This is a minimal patch where we try to fail to the safe side, but we do still
rely on Python's SSL functionality and do not try to implement the standards
fully and correctly. CRLs and subjectAltName are not handled and proxies
haven't been considered.
This change might break connections to some sites if cacerts is specified and
the certificates (by our definition) isn't correct. The workaround is to
disable cacerts which in most cases isn't much worse than it was before with
cacerts.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Fri, 01 Oct 2010 00:46:59 +0200 |
parents | c52057614c72 |
children | 4c94b6d0fb1c |
line wrap: on
line source
#!/bin/sh # test merge-tools configuration - mostly exercising filemerge.py unset HGMERGE # make sure HGMERGE doesn't interfere with the test hg init echo "# revision 0" echo "revision 0" > f echo "space" >> f hg commit -Am "revision 0" -d "1000000 0" echo "# revision 1" echo "revision 1" > f echo "space" >> f hg commit -Am "revision 1" -d "1000000 0" hg update 0 > /dev/null echo "# revision 2" echo "revision 2" > f echo "space" >> f hg commit -Am "revision 2" -d "1000000 0" hg update 0 > /dev/null echo "# revision 3 - simple to merge" echo "revision 3" >> f hg commit -Am "revision 3" -d "1000000 0" echo "[merge-tools]" > .hg/hgrc echo beforemerge() { cat .hg/hgrc echo "# hg update -C 1" hg update -C 1 > /dev/null } aftermerge() { echo "# cat f" cat f echo "# hg stat" hg stat rm -f f.orig echo } domerge() { beforemerge echo "# hg merge $*" hg merge $* aftermerge } echo echo Tool selection echo echo "# default is internal merge:" beforemerge echo "# hg merge -r 2" # override $PATH to ensure hgmerge not visible; use $PYTHON in case we're # running from a devel copy, not a temp installation PATH="$BINDIR" $PYTHON "$BINDIR"/hg merge -r 2 aftermerge echo "# simplest hgrc using false for merge:" echo "false.whatever=" >> .hg/hgrc domerge -r 2 echo "# true with higher .priority gets precedence:" echo "true.priority=1" >> .hg/hgrc domerge -r 2 echo "# unless lowered on command line:" domerge -r 2 --config merge-tools.true.priority=-7 echo "# or false set higher on command line:" domerge -r 2 --config merge-tools.false.priority=117 echo "# or true.executable not found in PATH:" domerge -r 2 --config merge-tools.true.executable=nonexistingmergetool echo "# or true.executable with bogus path:" domerge -r 2 --config merge-tools.true.executable=/nonexisting/mergetool echo "# but true.executable set to cat found in PATH works:" echo "true.executable=cat" >> .hg/hgrc domerge -r 2 echo "# and true.executable set to cat with path works:" domerge -r 2 --config merge-tools.true.executable=cat echo echo Tool selection and merge-patterns echo echo "# merge-patterns specifies new tool false:" domerge -r 2 --config merge-patterns.f=false echo "# merge-patterns specifies executable not found in PATH and gets warning:" domerge -r 2 --config merge-patterns.f=true --config merge-tools.true.executable=nonexistingmergetool echo "# merge-patterns specifies executable with bogus path and gets warning:" domerge -r 2 --config merge-patterns.f=true --config merge-tools.true.executable=/nonexisting/mergetool echo echo ui.merge overrules priority echo echo "# ui.merge specifies false:" domerge -r 2 --config ui.merge=false echo "# ui.merge specifies internal:fail:" domerge -r 2 --config ui.merge=internal:fail echo "# ui.merge specifies internal:local:" domerge -r 2 --config ui.merge=internal:local echo "# ui.merge specifies internal:other:" domerge -r 2 --config ui.merge=internal:other echo "# ui.merge specifies internal:prompt:" domerge -r 2 --config ui.merge=internal:prompt echo "# ui.merge specifies internal:dump:" domerge -r 2 --config ui.merge=internal:dump echo f.base: cat f.base echo f.local: cat f.local echo f.other: cat f.other rm f.base f.local f.other echo echo "# ui.merge specifies internal:other but is overruled by pattern for false:" domerge -r 2 --config ui.merge=internal:other --config merge-patterns.f=false echo echo Premerge echo echo "# Default is silent simplemerge:" domerge -r 3 echo "# .premerge=True is same:" domerge -r 3 --config merge-tools.true.premerge=True echo "# .premerge=False executes merge-tool:" domerge -r 3 --config merge-tools.true.premerge=False echo echo Tool execution echo echo '# set tools.args explicit to include $base $local $other $output:' # default '$local $base $other' beforemerge hg merge -r 2 --config merge-tools.true.executable=head --config merge-tools.true.args='$base $local $other $output' \ | sed 's,==> .* <==,==> ... <==,g' aftermerge echo '# Merge with "echo mergeresult > $local":' beforemerge hg merge -r 2 --config merge-tools.true.executable=echo --config merge-tools.true.args='mergeresult > $local' aftermerge echo '# - and $local is the file f:' beforemerge hg merge -r 2 --config merge-tools.true.executable=echo --config merge-tools.true.args='mergeresult > f' aftermerge echo '# Merge with "echo mergeresult > $output" - the variable is a bit magic:' beforemerge hg merge -r 2 --config merge-tools.true.executable=echo --config merge-tools.true.args='mergeresult > $output' aftermerge echo '# Merge using tool with a path that must be quoted:' beforemerge cat <<EOF > 'my merge tool' #!/bin/sh cat "\$1" "\$2" "\$3" > "\$4" EOF chmod +x 'my merge tool' hg merge -r 2 --config merge-tools.true.executable='./my merge tool' --config merge-tools.true.args='$base $local $other $output' rm -f 'my merge tool' aftermerge echo echo Merge post-processing echo echo "# cat is a bad merge-tool and doesn't change:" domerge -y -r 2 --config merge-tools.true.checkchanged=1