tests/test-patchbomb-tls.t
author Denis Laxalde <denis@laxalde.org>
Thu, 10 Oct 2019 21:37:12 +0200
changeset 43172 9145abd8b96d
parent 39707 5abc47d4ca6b
child 44879 ab5348bbc55e
permissions -rw-r--r--
py3: decode username and password before SMTP login smtplib.SMTP.login() requires str on Python 3. For 'password', we only need to decode when value comes from config as getpass() returns the correct type already.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     1
#require serve ssl
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     2
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     3
Set up SMTP server:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     4
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     5
  $ CERTSDIR="$TESTDIR/sslcerts"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     6
  $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     7
39707
5abc47d4ca6b tests: quote PYTHON usage
Matt Harbison <matt_harbison@yahoo.com>
parents: 33494
diff changeset
     8
  $ "$PYTHON" "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     9
  > --tls smtps --certificate `pwd`/server.pem
31769
594dd384803c test-serve: make the 'listening at *' lines optional
Matt Harbison <matt_harbison@yahoo.com>
parents: 31489
diff changeset
    10
  listening at localhost:$HGPORT (?)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    11
  $ cat a.pid >> $DAEMON_PIDS
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    12
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    13
Set up repository:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    14
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    15
  $ hg init t
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    16
  $ cd t
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    17
  $ cat <<EOF >> .hg/hgrc
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    18
  > [extensions]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    19
  > patchbomb =
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    20
  > [email]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    21
  > method = smtp
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    22
  > [smtp]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    23
  > host = localhost
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    24
  > port = $HGPORT
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    25
  > tls = smtps
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    26
  > EOF
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    27
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    28
  $ echo a > a
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    29
  $ hg commit -Ama -d '1 0'
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    30
  adding a
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    31
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    32
Utility functions:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    33
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    34
  $ DISABLECACERTS=
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    35
  $ try () {
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    36
  >   hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    37
  > }
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    38
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    39
Our test cert is not signed by a trusted CA. It should fail to verify if
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    40
we are able to load CA certs:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    41
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    42
#if sslcontext defaultcacerts no-defaultcacertsloaded
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    43
  $ try
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    44
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    45
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    46
  
29449
5b71a8d7f7ff sslutil: emit warning when no CA certificates loaded
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29411
diff changeset
    47
  (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    48
  (?i)abort: .*?certificate.verify.failed.* (re)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    49
  [255]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    50
#endif
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    51
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    52
#if no-sslcontext defaultcacerts
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    53
  $ try
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    54
  this patch series consists of 1 patches.
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    55
  
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    56
  
29561
1a782fabf80d sslutil: print a warning when using TLS 1.0 on legacy Python
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
    57
  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
29500
4b16a5bd9948 sslutil: try to find CA certficates in well-known locations
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29499
diff changeset
    58
  (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    59
  (?i)abort: .*?certificate.verify.failed.* (re)
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    60
  [255]
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    61
#endif
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    62
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    63
#if defaultcacertsloaded
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    64
  $ try
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    65
  this patch series consists of 1 patches.
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    66
  
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    67
  
29601
6cff2ac0ccb9 sslutil: more robustly detect protocol support
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29561
diff changeset
    68
  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
29500
4b16a5bd9948 sslutil: try to find CA certficates in well-known locations
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29499
diff changeset
    69
  (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
33494
30f2715be123 sslutil: inform the user about how to fix an incomplete certificate chain
Matt Harbison <matt_harbison@yahoo.com>
parents: 32940
diff changeset
    70
  (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    71
  (?i)abort: .*?certificate.verify.failed.* (re)
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    72
  [255]
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    73
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    74
#endif
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    75
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    76
#if no-defaultcacerts
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    77
  $ try
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    78
  this patch series consists of 1 patches.
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    79
  
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    80
  
29499
9c5325c79683 sslutil: issue warning when unable to load certificates on OS X
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29481
diff changeset
    81
  (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    82
  abort: localhost certificate error: no certificate received
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    83
  (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    84
  [255]
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    85
#endif
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    86
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    87
  $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    88
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    89
Without certificates:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    90
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    91
  $ try --debug
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    92
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    93
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    94
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    95
  (using smtps)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    96
  sending mail: smtp host localhost, port * (glob)
29561
1a782fabf80d sslutil: print a warning when using TLS 1.0 on legacy Python
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
    97
  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    98
  (verifying remote certificate)
29411
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29333
diff changeset
    99
  abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
29526
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29500
diff changeset
   100
  (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
29411
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29333
diff changeset
   101
  [255]
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   102
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   103
With global certificates:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   104
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   105
  $ try --debug --config web.cacerts="$CERTSDIR/pub.pem"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   106
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   107
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   108
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   109
  (using smtps)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   110
  sending mail: smtp host localhost, port * (glob)
29561
1a782fabf80d sslutil: print a warning when using TLS 1.0 on legacy Python
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
   111
  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   112
  (verifying remote certificate)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   113
  sending [PATCH] a ...
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   114
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   115
With invalid certificates:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   116
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   117
  $ try --config web.cacerts="$CERTSDIR/pub-other.pem"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   118
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   119
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   120
  
29561
1a782fabf80d sslutil: print a warning when using TLS 1.0 on legacy Python
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
   121
  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
33494
30f2715be123 sslutil: inform the user about how to fix an incomplete certificate chain
Matt Harbison <matt_harbison@yahoo.com>
parents: 32940
diff changeset
   122
  (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   123
  (?i)abort: .*?certificate.verify.failed.* (re)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   124
  [255]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   125
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   126
  $ cd ..