Mercurial > hg-stable
view tests/test-status @ 12592:f2937d6492c5 stable
url: verify correctness of https server certificates (issue2407)
Pythons SSL module verifies that certificates received for HTTPS are valid
according to the specified cacerts, but it doesn't verify that the certificate
is for the host we connect to.
We now explicitly verify that the commonName in the received certificate
matches the requested hostname and is valid for the time being.
This is a minimal patch where we try to fail to the safe side, but we do still
rely on Python's SSL functionality and do not try to implement the standards
fully and correctly. CRLs and subjectAltName are not handled and proxies
haven't been considered.
This change might break connections to some sites if cacerts is specified and
the certificates (by our definition) isn't correct. The workaround is to
disable cacerts which in most cases isn't much worse than it was before with
cacerts.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Fri, 01 Oct 2010 00:46:59 +0200 |
parents | 54cd28258ea7 |
children |
line wrap: on
line source
#!/bin/sh hg init repo1 cd repo1 mkdir a b a/1 b/1 b/2 touch in_root a/in_a b/in_b a/1/in_a_1 b/1/in_b_1 b/2/in_b_2 echo "hg status in repo root:" hg status echo "hg status . in repo root:" hg status . for dir in a b a/1 b/1 b/2; do echo "hg status in $dir:" hg status --cwd "$dir" echo "hg status . in $dir:" hg status --cwd "$dir" . echo "hg status .. in $dir:" hg status --cwd "$dir" .. done cd .. hg init repo2 cd repo2 touch modified removed deleted ignored echo "^ignored$" > .hgignore hg ci -A -m 'initial checkin' -d "1000000 0" touch modified added unknown ignored hg add added hg remove removed rm deleted echo "hg status:" hg status echo "hg status modified added removed deleted unknown never-existed ignored:" hg status modified added removed deleted unknown never-existed ignored hg copy modified copied echo "hg status -C:" hg status -C echo "hg status -A:" hg status -A echo "^ignoreddir$" > .hgignore mkdir ignoreddir touch ignoreddir/file echo "hg status ignoreddir/file:" hg status ignoreddir/file echo "hg status -i ignoreddir/file:" hg status -i ignoreddir/file cd .. # check 'status -q' and some combinations hg init repo3 cd repo3 touch modified removed deleted ignored echo "^ignored$" > .hgignore hg commit -A -m 'initial checkin' touch added unknown ignored hg add added echo "test" >> modified hg remove removed rm deleted hg copy modified copied # Run status with 2 different flags. # Check if result is the same or different. # If result is not as expected, raise error assert() { hg status $1 > ../a hg status $2 > ../b out=`diff ../a ../b` if [ $? -ne 0 ]; then out=1 else out=0 fi if [ $3 -eq 0 ]; then df="same" else df="different" fi if [ $out -ne $3 ]; then echo "Error on $1 and $2, should be $df." fi } # assert flag1 flag2 [0-same | 1-different] assert "-q" "-mard" 0 assert "-A" "-marduicC" 0 assert "-qA" "-mardcC" 0 assert "-qAui" "-A" 0 assert "-qAu" "-marducC" 0 assert "-qAi" "-mardicC" 0 assert "-qu" "-u" 0 assert "-q" "-u" 1 assert "-m" "-a" 1 assert "-r" "-d" 1 cd .. hg init repo4 cd repo4 touch modified removed deleted hg ci -q -A -m 'initial checkin' -d "1000000 0" touch added unknown hg add added hg remove removed rm deleted echo x > modified hg copy modified copied hg ci -m 'test checkin' -d "1000001 0" rm * touch unrelated hg ci -q -A -m 'unrelated checkin' -d "1000002 0" echo "hg status --change 1:" hg status --change 1 echo "hg status --change 1 unrelated:" hg status --change 1 unrelated echo "hg status -C --change 1 added modified copied removed deleted:" hg status -C --change 1 added modified copied removed deleted echo "hg status -A --change 1" hg status -A --change 1