author | Martin von Zweigbergk <martinvonz@google.com> |
Wed, 09 Dec 2020 20:22:25 -0800 | |
changeset 46115 | be3d8178251e |
parent 45915 | 8f50dc096cf4 |
child 50729 | 5644f6286618 |
permissions | -rw-r--r-- |
29333
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
1 |
#require serve ssl |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
2 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
3 |
Set up SMTP server: |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
4 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
5 |
$ CERTSDIR="$TESTDIR/sslcerts" |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
6 |
$ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
7 |
|
39707
5abc47d4ca6b
tests: quote PYTHON usage
Matt Harbison <matt_harbison@yahoo.com>
parents:
33494
diff
changeset
|
8 |
$ "$PYTHON" "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \ |
29333
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
9 |
> --tls smtps --certificate `pwd`/server.pem |
31769
594dd384803c
test-serve: make the 'listening at *' lines optional
Matt Harbison <matt_harbison@yahoo.com>
parents:
31489
diff
changeset
|
10 |
listening at localhost:$HGPORT (?) |
29333
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
11 |
$ cat a.pid >> $DAEMON_PIDS |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
12 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
13 |
Set up repository: |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
14 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
15 |
$ hg init t |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
16 |
$ cd t |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
17 |
$ cat <<EOF >> .hg/hgrc |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
18 |
> [extensions] |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
19 |
> patchbomb = |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
20 |
> [email] |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
21 |
> method = smtp |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
22 |
> [smtp] |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
23 |
> host = localhost |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
24 |
> port = $HGPORT |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
25 |
> tls = smtps |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
26 |
> EOF |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
27 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
28 |
$ echo a > a |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
29 |
$ hg commit -Ama -d '1 0' |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
30 |
adding a |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
31 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
32 |
Utility functions: |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
33 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
34 |
$ DISABLECACERTS= |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
35 |
$ try () { |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
36 |
> hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@" |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
37 |
> } |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
38 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
39 |
Our test cert is not signed by a trusted CA. It should fail to verify if |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
40 |
we are able to load CA certs: |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
41 |
|
44881
89f83e47e9c9
tests: remove "sslcontext" check
Manuel Jacob <me@manueljacob.de>
parents:
44879
diff
changeset
|
42 |
#if no-defaultcacertsloaded |
29333
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
43 |
$ try |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
44 |
this patch series consists of 1 patches. |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
45 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
46 |
|
29449
5b71a8d7f7ff
sslutil: emit warning when no CA certificates loaded
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29411
diff
changeset
|
47 |
(an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
29333
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
48 |
(?i)abort: .*?certificate.verify.failed.* (re) |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
49 |
[255] |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
50 |
#endif |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
51 |
|
29481
5caa415aa48b
tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29449
diff
changeset
|
52 |
#if defaultcacertsloaded |
5caa415aa48b
tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29449
diff
changeset
|
53 |
$ try |
5caa415aa48b
tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29449
diff
changeset
|
54 |
this patch series consists of 1 patches. |
5caa415aa48b
tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29449
diff
changeset
|
55 |
|
5caa415aa48b
tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29449
diff
changeset
|
56 |
|
33494
30f2715be123
sslutil: inform the user about how to fix an incomplete certificate chain
Matt Harbison <matt_harbison@yahoo.com>
parents:
32940
diff
changeset
|
57 |
(the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
29481
5caa415aa48b
tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29449
diff
changeset
|
58 |
(?i)abort: .*?certificate.verify.failed.* (re) |
5caa415aa48b
tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29449
diff
changeset
|
59 |
[255] |
5caa415aa48b
tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29449
diff
changeset
|
60 |
|
5caa415aa48b
tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29449
diff
changeset
|
61 |
#endif |
5caa415aa48b
tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29449
diff
changeset
|
62 |
|
29333
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
63 |
$ DISABLECACERTS="--config devel.disableloaddefaultcerts=true" |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
64 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
65 |
Without certificates: |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
66 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
67 |
$ try --debug |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
68 |
this patch series consists of 1 patches. |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
69 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
70 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
71 |
(using smtps) |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
72 |
sending mail: smtp host localhost, port * (glob) |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
73 |
(verifying remote certificate) |
29411
e1778b9c8d53
sslutil: abort when unable to verify peer connection (BC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29333
diff
changeset
|
74 |
abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect |
29526
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29500
diff
changeset
|
75 |
(see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) |
45915
8f50dc096cf4
errors: introduce SecurityError and use it in a few places
Martin von Zweigbergk <martinvonz@google.com>
parents:
44895
diff
changeset
|
76 |
[150] |
29333
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
77 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
78 |
With global certificates: |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
79 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
80 |
$ try --debug --config web.cacerts="$CERTSDIR/pub.pem" |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
81 |
this patch series consists of 1 patches. |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
82 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
83 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
84 |
(using smtps) |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
85 |
sending mail: smtp host localhost, port * (glob) |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
86 |
(verifying remote certificate) |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
87 |
sending [PATCH] a ... |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
88 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
89 |
With invalid certificates: |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
90 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
91 |
$ try --config web.cacerts="$CERTSDIR/pub-other.pem" |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
92 |
this patch series consists of 1 patches. |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
93 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
94 |
|
33494
30f2715be123
sslutil: inform the user about how to fix an incomplete certificate chain
Matt Harbison <matt_harbison@yahoo.com>
parents:
32940
diff
changeset
|
95 |
(the full certificate chain may not be available locally; see "hg help debugssl") (windows !) |
29333
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
96 |
(?i)abort: .*?certificate.verify.failed.* (re) |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
97 |
[255] |
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
98 |
|
cdef60d9f442
tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
99 |
$ cd .. |