Mercurial > hg-stable
changeset 44938:ab5348bbc55e
tests: remove "defaultcacerts" check
`sslutil._canloaddefaultcerts` is always true (and will be removed).
author | Manuel Jacob <me@manueljacob.de> |
---|---|
date | Sat, 30 May 2020 05:08:02 +0200 |
parents | 035199ba04ee |
children | 7dd63a8cb1ee |
files | tests/hghave.py tests/test-https.t tests/test-patchbomb-tls.t |
diffstat | 3 files changed, 4 insertions(+), 34 deletions(-) [+] |
line wrap: on
line diff
--- a/tests/hghave.py Fri May 29 21:30:04 2020 +0200 +++ b/tests/hghave.py Sat May 30 05:08:02 2020 +0200 @@ -656,21 +656,11 @@ return False -@check("defaultcacerts", "can verify SSL certs by system's CA certs store") -def has_defaultcacerts(): - from mercurial import sslutil, ui as uimod - - ui = uimod.ui.load() - return sslutil._defaultcacerts(ui) or sslutil._canloaddefaultcerts - - @check("defaultcacertsloaded", "detected presence of loaded system CA certs") def has_defaultcacertsloaded(): import ssl from mercurial import sslutil, ui as uimod - if not has_defaultcacerts(): - return False if not has_sslcontext(): return False
--- a/tests/test-https.t Fri May 29 21:30:04 2020 +0200 +++ b/tests/test-https.t Sat May 30 05:08:02 2020 +0200 @@ -49,14 +49,14 @@ Our test cert is not signed by a trusted CA. It should fail to verify if we are able to load CA certs. -#if sslcontext defaultcacerts no-defaultcacertsloaded +#if sslcontext no-defaultcacertsloaded $ hg clone https://localhost:$HGPORT/ copy-pull (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) abort: error: *certificate verify failed* (glob) [255] #endif -#if no-sslcontext defaultcacerts +#if no-sslcontext $ hg clone https://localhost:$HGPORT/ copy-pull warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) @@ -90,15 +90,6 @@ [255] #endif -#if no-defaultcacerts - $ hg clone https://localhost:$HGPORT/ copy-pull - warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?) - (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) - abort: localhost certificate error: no certificate received - (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) - [255] -#endif - Specifying a per-host certificate file that doesn't exist will abort. The full C:/path/to/msysroot will print on Windows.
--- a/tests/test-patchbomb-tls.t Fri May 29 21:30:04 2020 +0200 +++ b/tests/test-patchbomb-tls.t Sat May 30 05:08:02 2020 +0200 @@ -39,7 +39,7 @@ Our test cert is not signed by a trusted CA. It should fail to verify if we are able to load CA certs: -#if sslcontext defaultcacerts no-defaultcacertsloaded +#if sslcontext no-defaultcacertsloaded $ try this patch series consists of 1 patches. @@ -49,7 +49,7 @@ [255] #endif -#if no-sslcontext defaultcacerts +#if no-sslcontext $ try this patch series consists of 1 patches. @@ -73,17 +73,6 @@ #endif -#if no-defaultcacerts - $ try - this patch series consists of 1 patches. - - - (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) - abort: localhost certificate error: no certificate received - (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely) - [255] -#endif - $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true" Without certificates: