Mercurial > hg-stable
view tests/test-ssh @ 12592:f2937d6492c5 stable
url: verify correctness of https server certificates (issue2407)
Pythons SSL module verifies that certificates received for HTTPS are valid
according to the specified cacerts, but it doesn't verify that the certificate
is for the host we connect to.
We now explicitly verify that the commonName in the received certificate
matches the requested hostname and is valid for the time being.
This is a minimal patch where we try to fail to the safe side, but we do still
rely on Python's SSL functionality and do not try to implement the standards
fully and correctly. CRLs and subjectAltName are not handled and proxies
haven't been considered.
This change might break connections to some sites if cacerts is specified and
the certificates (by our definition) isn't correct. The workaround is to
disable cacerts which in most cases isn't much worse than it was before with
cacerts.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Fri, 01 Oct 2010 00:46:59 +0200 |
parents | 9f76df0edb7d |
children | 4c94b6d0fb1c |
line wrap: on
line source
#!/bin/sh cp "$TESTDIR"/printenv.py . # This test tries to exercise the ssh functionality with a dummy script cat <<EOF > dummyssh import sys import os os.chdir(os.path.dirname(sys.argv[0])) if sys.argv[1] != "user@dummy": sys.exit(-1) if not os.path.exists("dummyssh"): sys.exit(-1) os.environ["SSH_CLIENT"] = "127.0.0.1 1 2" log = open("dummylog", "ab") log.write("Got arguments") for i, arg in enumerate(sys.argv[1:]): log.write(" %d:%s" % (i+1, arg)) log.write("\n") log.close() r = os.system(sys.argv[2]) sys.exit(bool(r)) EOF cat <<EOF > badhook import sys sys.stdout.write("KABOOM\n") EOF echo "# creating 'remote'" hg init remote cd remote echo this > foo echo this > fooO hg ci -A -m "init" -d "1000000 0" foo fooO echo '[server]' > .hg/hgrc echo 'uncompressed = True' >> .hg/hgrc echo '[hooks]' >> .hg/hgrc echo 'changegroup = python ../printenv.py changegroup-in-remote 0 ../dummylog' >> .hg/hgrc cd .. echo "# repo not found error" hg clone -e "python ./dummyssh" ssh://user@dummy/nonexistent local echo "# clone remote via stream" hg clone -e "python ./dummyssh" --uncompressed ssh://user@dummy/remote local-stream 2>&1 | \ sed -e 's/[0-9][0-9.]*/XXX/g' -e 's/[KM]\(B\/sec\)/X\1/' cd local-stream hg verify cd .. echo "# clone remote via pull" hg clone -e "python ./dummyssh" ssh://user@dummy/remote local echo "# verify" cd local hg verify echo '[hooks]' >> .hg/hgrc echo 'changegroup = python ../printenv.py changegroup-in-local 0 ../dummylog' >> .hg/hgrc echo "# empty default pull" hg paths hg pull -e "python ../dummyssh" echo "# local change" echo bleah > foo hg ci -m "add" -d "1000000 0" echo "# updating rc" echo "default-push = ssh://user@dummy/remote" >> .hg/hgrc echo "[ui]" >> .hg/hgrc echo "ssh = python ../dummyssh" >> .hg/hgrc echo "# find outgoing" hg out ssh://user@dummy/remote echo "# find incoming on the remote side" hg incoming -R ../remote -e "python ../dummyssh" ssh://user@dummy/local echo "# push" hg push cd ../remote echo "# check remote tip" hg tip hg verify hg cat -r tip foo echo z > z hg ci -A -m z -d '1000001 0' z # a bad, evil hook that prints to stdout echo 'changegroup.stdout = python ../badhook' >> .hg/hgrc cd ../local echo r > r hg ci -A -m z -d '1000002 0' r echo "# push should succeed even though it has an unexpected response" hg push hg -R ../remote heads cd .. cat dummylog