Mercurial > hg-stable
changeset 44940:89f83e47e9c9
tests: remove "sslcontext" check
Now that we require the presence of ssl.SSLContext in setup.py, the check
would always return `True`.
author | Manuel Jacob <me@manueljacob.de> |
---|---|
date | Sat, 30 May 2020 05:27:53 +0200 |
parents | 7dd63a8cb1ee |
children | be3e85cf8f4d |
files | tests/hghave.py tests/test-clonebundles.t tests/test-https.t tests/test-patchbomb-tls.t |
diffstat | 4 files changed, 5 insertions(+), 112 deletions(-) [+] |
line wrap: on
line diff
--- a/tests/hghave.py Sat May 30 03:23:58 2020 +0200 +++ b/tests/hghave.py Sat May 30 05:27:53 2020 +0200 @@ -645,25 +645,11 @@ return False -@check("sslcontext", "python >= 2.7.9 ssl") -def has_sslcontext(): - try: - import ssl - - ssl.SSLContext - return True - except (ImportError, AttributeError): - return False - - @check("defaultcacertsloaded", "detected presence of loaded system CA certs") def has_defaultcacertsloaded(): import ssl from mercurial import sslutil, ui as uimod - if not has_sslcontext(): - return False - ui = uimod.ui.load() cafile = sslutil._defaultcacerts(ui) ctx = ssl.create_default_context()
--- a/tests/test-clonebundles.t Sat May 30 03:23:58 2020 +0200 +++ b/tests/test-clonebundles.t Sat May 30 05:27:53 2020 +0200 @@ -255,7 +255,8 @@ added 2 changesets with 2 changes to 2 files new changesets 53245c60e682:aaff8d2ffbbf -URLs requiring SNI are filtered in Python <2.7.9 +We require a Python version that supports SNI. Therefore, URLs requiring SNI +are not filtered. $ cp full.hg sni.hg $ cat > server/.hg/clonebundles.manifest << EOF @@ -263,9 +264,6 @@ > http://localhost:$HGPORT1/full.hg > EOF -#if sslcontext -Python 2.7.9+ support SNI - $ hg clone -U http://localhost:$HGPORT sni-supported applying clone bundle from http://localhost:$HGPORT1/sni.hg adding changesets @@ -276,20 +274,6 @@ searching for changes no changes found 2 local changesets published -#else -Python <2.7.9 will filter SNI URLs - - $ hg clone -U http://localhost:$HGPORT sni-unsupported - applying clone bundle from http://localhost:$HGPORT1/full.hg - adding changesets - adding manifests - adding file changes - added 2 changesets with 2 changes to 2 files - finished applying clone bundle - searching for changes - no changes found - 2 local changesets published -#endif Stream clone bundles are supported
--- a/tests/test-https.t Sat May 30 03:23:58 2020 +0200 +++ b/tests/test-https.t Sat May 30 05:27:53 2020 +0200 @@ -49,38 +49,13 @@ Our test cert is not signed by a trusted CA. It should fail to verify if we are able to load CA certs. -#if sslcontext no-defaultcacertsloaded +#if no-defaultcacertsloaded $ hg clone https://localhost:$HGPORT/ copy-pull (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) abort: error: *certificate verify failed* (glob) [255] #endif -#if no-sslcontext - $ hg clone https://localhost:$HGPORT/ copy-pull - warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) - (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) - abort: error: *certificate verify failed* (glob) - [255] -#endif - -#if no-sslcontext windows - $ hg clone https://localhost:$HGPORT/ copy-pull - warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info - (unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) - abort: error: *certificate verify failed* (glob) - [255] -#endif - -#if no-sslcontext osx - $ hg clone https://localhost:$HGPORT/ copy-pull - warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info - (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) - abort: localhost certificate error: no certificate received - (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) - [255] -#endif - #if defaultcacertsloaded $ hg clone https://localhost:$HGPORT/ copy-pull warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) @@ -101,35 +76,21 @@ A malformed per-host certificate file will raise an error $ echo baddata > badca.pem -#if sslcontext $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) abort: error loading CA file badca.pem: * (glob) (file is empty or malformed?) [255] -#else - $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ - warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) - abort: error: * (glob) - [255] -#endif A per-host certificate mismatching the server will fail verification (modern ssl is able to discern whether the loaded cert is a CA cert) -#if sslcontext $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) abort: error: *certificate verify failed* (glob) [255] -#else - $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ - warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) - abort: error: *certificate verify failed* (glob) - [255] -#endif A per-host certificate matching the server's cert will be accepted @@ -269,20 +230,12 @@ $ touch emptycafile -#if sslcontext $ hg --config web.cacerts=emptycafile -R copy-pull pull pulling from https://localhost:$HGPORT/ warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) abort: error loading CA file emptycafile: * (glob) (file is empty or malformed?) [255] -#else - $ hg --config web.cacerts=emptycafile -R copy-pull pull - pulling from https://localhost:$HGPORT/ - warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) - abort: error: * (glob) - [255] -#endif cacert mismatch @@ -344,20 +297,6 @@ > --config hostsecurity.disabletls10warning=true 5fed3813f7f5 -Error message for setting ciphers is different depending on SSLContext support - -#if no-sslcontext - $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ - warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info - abort: *No cipher can be selected. (glob) - [255] - - $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ - warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info - 5fed3813f7f5 -#endif - -#if sslcontext Setting ciphers to an invalid value aborts $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) @@ -376,7 +315,6 @@ $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) 5fed3813f7f5 -#endif Fingerprints @@ -449,7 +387,7 @@ $ killdaemons.py hg1.pid $ killdaemons.py hg2.pid -#if sslcontext tls1.2 +#if tls1.2 Start servers running supported TLS versions $ cd test @@ -603,8 +541,6 @@ $ killdaemons.py hg0.pid -#if sslcontext - $ cd test Missing certificate file(s) are detected @@ -668,5 +604,3 @@ abort: certificate file (*/missing/key) does not exist; cannot connect to localhost (glob) (restore missing file or fix references in Mercurial config) [255] - -#endif
--- a/tests/test-patchbomb-tls.t Sat May 30 03:23:58 2020 +0200 +++ b/tests/test-patchbomb-tls.t Sat May 30 05:27:53 2020 +0200 @@ -39,7 +39,7 @@ Our test cert is not signed by a trusted CA. It should fail to verify if we are able to load CA certs: -#if sslcontext no-defaultcacertsloaded +#if no-defaultcacertsloaded $ try this patch series consists of 1 patches. @@ -49,17 +49,6 @@ [255] #endif -#if no-sslcontext - $ try - this patch series consists of 1 patches. - - - warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info - (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) - (?i)abort: .*?certificate.verify.failed.* (re) - [255] -#endif - #if defaultcacertsloaded $ try this patch series consists of 1 patches.