Mercurial > hg-stable
view tests/test-mq-qimport @ 12592:f2937d6492c5 stable
url: verify correctness of https server certificates (issue2407)
Pythons SSL module verifies that certificates received for HTTPS are valid
according to the specified cacerts, but it doesn't verify that the certificate
is for the host we connect to.
We now explicitly verify that the commonName in the received certificate
matches the requested hostname and is valid for the time being.
This is a minimal patch where we try to fail to the safe side, but we do still
rely on Python's SSL functionality and do not try to implement the standards
fully and correctly. CRLs and subjectAltName are not handled and proxies
haven't been considered.
This change might break connections to some sites if cacerts is specified and
the certificates (by our definition) isn't correct. The workaround is to
disable cacerts which in most cases isn't much worse than it was before with
cacerts.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Fri, 01 Oct 2010 00:46:59 +0200 |
parents | c52057614c72 |
children | da0b9109186d |
line wrap: on
line source
#!/bin/sh cat > writelines.py <<EOF import sys path = sys.argv[1] args = sys.argv[2:] assert (len(args) % 2) == 0 f = file(path, 'wb') for i in xrange(len(args)/2): count, s = args[2*i:2*i+2] count = int(count) s = s.decode('string_escape') f.write(s*count) f.close() EOF echo "[extensions]" >> $HGRCPATH echo "mq=" >> $HGRCPATH echo "[diff]" >> $HGRCPATH echo "git=1" >> $HGRCPATH hg init repo cd repo echo % qimport non-existing-file hg qimport non-existing-file echo % import email hg qimport --push -n email - <<EOF From: Username in email <test@example.net> Subject: [PATCH] Message in email Date: Fri, 02 Jan 1970 00:00:00 +0000 Text before patch. # HG changeset patch # User Username in patch <test@example.net> # Date 0 0 # Node ID 1a706973a7d84cb549823634a821d9bdf21c6220 # Parent 0000000000000000000000000000000000000000 First line of commit message. More text in commit message. --- confuse the diff detection diff --git a/x b/x new file mode 100644 --- /dev/null +++ b/x @@ -0,0 +1,1 @@ +new file Text after patch. EOF echo % hg tip -v hg tip -v hg qpop hg qdelete email echo % import URL echo foo >> foo hg add foo hg diff > $HGTMP/url.diff hg revert --no-backup foo rm foo # Under unix: file:///foobar/blah # Under windows: file:///c:/foobar/blah patchurl=`echo "$HGTMP"/url.diff | tr '\\\\' /` expr "$patchurl" : "\/" > /dev/null if [ $? -ne 0 ]; then patchurl="/$patchurl" fi hg qimport file://"$patchurl" hg qun echo % import patch that already exists echo foo2 >> foo hg add foo hg diff > ../url.diff hg revert --no-backup foo rm foo hg qimport ../url.diff hg qpush cat foo hg qpop echo % qimport -f hg qimport -f ../url.diff hg qpush cat foo hg qpop echo % build diff with CRLF python ../writelines.py b 5 'a\n' 5 'a\r\n' hg ci -Am addb python ../writelines.py b 2 'a\n' 10 'b\n' 2 'a\r\n' hg diff > b.diff hg up -C echo % qimport CRLF diff hg qimport b.diff hg qpush echo % try to import --push echo another >> b hg diff > another.diff hg up -C hg qimport --push another.diff hg qfin -a hg qimport -rtip -P