Mercurial: mercurial/dummycert.pem annotate

annotate mercurial/dummycert.pem @ 36426:23d12524a202

http: drop custom http client logic Eight and a half years ago, as my starter bug on code.google.com, I investigated a mysterious "broken pipe" error from seemingly random clients[0]. That investigation revealed a tragic story: the Python standard library's httplib was (and remains) barely functional. During large POSTs, if a server responds early with an error (even a permission denied error!) the client only notices that the server closed the connection and everything breaks. Such server behavior is implicitly legal under RFC 2616 (the latest HTTP RFC as of when I was last working on this), and my understanding is that later RFCs have made it explicitly legal to respond early with any status code outside the 2xx range. I embarked, probably foolishly, on a journey to write a new http library with better overall behavior. The http library appears to work well in most cases, but it can get confused in the presence of proxies, and it depends on select(2) which limits its utility if a lot of file descriptors are open. I haven't touched the http library in almost two years, and in the interim the Python community has discovered a better way[1] of writing network code. In theory some day urllib3 will have its own home-grown http library built on h11[2], or we could do that. Either way, it's time to declare our current confusingly-named "http2" client logic and move on. I do hope to revisit this some day: it's still garbage that we can't even respond with a 401 or 403 without reading the entire POST body from the client, but the goalposts on writing a new http client library have moved substantially. We're almost certainly better off just switching to requests and eventually picking up their http fixes than trying to live with something that realistically only we'll ever use. Another approach would be to write an adapter so that Mercurial can use pycurl if it's installed. Neither of those approaches seem like they should be investigated prior to a release of Mercurial that works on Python 3: that's where the mindshare is going to be for any improvements to the state of the http client art. 0: http://web.archive.org/web/20130501031801/http://code.google.com/p/support/issues/detail?id=2716 1: http://sans-io.readthedocs.io/ 2: https://github.com/njsmith/h11 Differential Revision: https://phab.mercurial-scm.org/D2444

author	Augie Fackler <augie@google.com>
date	Sun, 25 Feb 2018 23:51:32 -0500
parents	d7f7f1860f00
children

rev	line source
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	1 A dummy certificate that will make OS X 10.6+ Python use the system CA
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	2 certificate store:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	3
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	4 -----BEGIN CERTIFICATE-----
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	5 MIIBIzCBzgIJANjmj39sb3FmMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNVBAMTDmhn
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	6 LmV4YW1wbGUuY29tMB4XDTE0MDgzMDA4NDU1OVoXDTE0MDgyOTA4NDU1OVowGTEX
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	7 MBUGA1UEAxMOaGcuZXhhbXBsZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	8 mh/ZySGlcq0ALNLmA1gZqt61HruywPrRk6WyrLJRgt+X7OP9FFlEfl2tzHfzqvmK
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	9 CtSQoPINWOdAJMekBYFgKQIDAQABMA0GCSqGSIb3DQEBBQUAA0EAF9h49LkSqJ6a
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	10 IlpogZuUHtihXeKZBsiktVIDlDccYsNy0RSh9XxUfhk+XMLw8jBlYvcltSXdJ7We
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	11 aKdQRekuMQ==
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	12 -----END CERTIFICATE-----
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	13
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	14 This certificate was generated to be syntactically valid but never be usable;
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	15 it expired before it became valid.
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	16
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	17 Created as:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	18
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	19 $ cat > cn.conf << EOT
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	20 > [req]
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	21 > distinguished_name = req_distinguished_name
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	22 > [req_distinguished_name]
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	23 > commonName = Common Name
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	24 > commonName_default = no.example.com
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	25 > EOT
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	26 $ openssl req -nodes -new -x509 -keyout /dev/null \
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	27 > -out dummycert.pem -days -1 -config cn.conf -subj '/CN=hg.example.com'
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	28
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	29 To verify the content of this certificate:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	30
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	31 $ openssl x509 -in dummycert.pem -noout -text
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	32 Certificate:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	33 Data:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	34 Version: 1 (0x0)
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	35 Serial Number: 15629337334278746470 (0xd8e68f7f6c6f7166)
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	36 Signature Algorithm: sha1WithRSAEncryption
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	37 Issuer: CN=hg.example.com
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	38 Validity
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	39 Not Before: Aug 30 08:45:59 2014 GMT
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	40 Not After : Aug 29 08:45:59 2014 GMT
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	41 Subject: CN=hg.example.com
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	42 Subject Public Key Info:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	43 Public Key Algorithm: rsaEncryption
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	44 Public-Key: (512 bit)
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	45 Modulus:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	46 00:9a:1f:d9:c9:21:a5:72:ad:00:2c:d2:e6:03:58:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	47 19:aa:de:b5:1e:bb:b2:c0:fa:d1:93:a5:b2:ac:b2:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	48 51:82:df:97:ec:e3:fd:14:59:44:7e:5d:ad:cc:77:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	49 f3:aa:f9:8a:0a:d4:90:a0:f2:0d:58:e7:40:24:c7:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	50 a4:05:81:60:29
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	51 Exponent: 65537 (0x10001)
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	52 Signature Algorithm: sha1WithRSAEncryption
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	53 17:d8:78:f4:b9:12:a8:9e:9a:22:5a:68:81:9b:94:1e:d8:a1:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	54 5d:e2:99:06:c8:a4:b5:52:03:94:37:1c:62:c3:72:d1:14:a1:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	55 f5:7c:54:7e:19:3e:5c:c2:f0:f2:30:65:62:f7:25:b5:25:dd:
d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: diff changeset	56 27:b5:9e:68:a7:50:45:e9:2e:31

Mercurial > hg

annotate mercurial/dummycert.pem @ 36426:23d12524a202