tests/test-patchbomb-tls.t
author Martin von Zweigbergk <martinvonz@google.com>
Wed, 09 Dec 2020 20:22:25 -0800
changeset 46115 be3d8178251e
parent 45915 8f50dc096cf4
child 50729 5644f6286618
permissions -rw-r--r--
errors: raise InputError if an ambiguous revision id prefix is used It's long bothered me that we include the "00changelog.i" part in a message to the user. This fixes that along with the exit code. Differential Revision: https://phab.mercurial-scm.org/D9600
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     1
#require serve ssl
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     2
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     3
Set up SMTP server:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     4
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     5
  $ CERTSDIR="$TESTDIR/sslcerts"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     6
  $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     7
39707
5abc47d4ca6b tests: quote PYTHON usage
Matt Harbison <matt_harbison@yahoo.com>
parents: 33494
diff changeset
     8
  $ "$PYTHON" "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     9
  > --tls smtps --certificate `pwd`/server.pem
31769
594dd384803c test-serve: make the 'listening at *' lines optional
Matt Harbison <matt_harbison@yahoo.com>
parents: 31489
diff changeset
    10
  listening at localhost:$HGPORT (?)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    11
  $ cat a.pid >> $DAEMON_PIDS
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    12
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    13
Set up repository:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    14
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    15
  $ hg init t
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    16
  $ cd t
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    17
  $ cat <<EOF >> .hg/hgrc
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    18
  > [extensions]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    19
  > patchbomb =
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    20
  > [email]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    21
  > method = smtp
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    22
  > [smtp]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    23
  > host = localhost
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    24
  > port = $HGPORT
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    25
  > tls = smtps
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    26
  > EOF
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    27
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    28
  $ echo a > a
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    29
  $ hg commit -Ama -d '1 0'
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    30
  adding a
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    31
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    32
Utility functions:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    33
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    34
  $ DISABLECACERTS=
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    35
  $ try () {
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    36
  >   hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    37
  > }
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    38
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    39
Our test cert is not signed by a trusted CA. It should fail to verify if
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    40
we are able to load CA certs:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    41
44881
89f83e47e9c9 tests: remove "sslcontext" check
Manuel Jacob <me@manueljacob.de>
parents: 44879
diff changeset
    42
#if no-defaultcacertsloaded
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    43
  $ try
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    44
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    45
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    46
  
29449
5b71a8d7f7ff sslutil: emit warning when no CA certificates loaded
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29411
diff changeset
    47
  (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    48
  (?i)abort: .*?certificate.verify.failed.* (re)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    49
  [255]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    50
#endif
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    51
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    52
#if defaultcacertsloaded
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    53
  $ try
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    54
  this patch series consists of 1 patches.
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    55
  
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    56
  
33494
30f2715be123 sslutil: inform the user about how to fix an incomplete certificate chain
Matt Harbison <matt_harbison@yahoo.com>
parents: 32940
diff changeset
    57
  (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    58
  (?i)abort: .*?certificate.verify.failed.* (re)
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    59
  [255]
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    60
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    61
#endif
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    62
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    63
  $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    64
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    65
Without certificates:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    66
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    67
  $ try --debug
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    68
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    69
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    70
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    71
  (using smtps)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    72
  sending mail: smtp host localhost, port * (glob)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    73
  (verifying remote certificate)
29411
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29333
diff changeset
    74
  abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
29526
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29500
diff changeset
    75
  (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
45915
8f50dc096cf4 errors: introduce SecurityError and use it in a few places
Martin von Zweigbergk <martinvonz@google.com>
parents: 44895
diff changeset
    76
  [150]
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    77
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    78
With global certificates:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    79
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    80
  $ try --debug --config web.cacerts="$CERTSDIR/pub.pem"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    81
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    82
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    83
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    84
  (using smtps)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    85
  sending mail: smtp host localhost, port * (glob)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    86
  (verifying remote certificate)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    87
  sending [PATCH] a ...
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    88
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    89
With invalid certificates:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    90
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    91
  $ try --config web.cacerts="$CERTSDIR/pub-other.pem"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    92
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    93
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    94
  
33494
30f2715be123 sslutil: inform the user about how to fix an incomplete certificate chain
Matt Harbison <matt_harbison@yahoo.com>
parents: 32940
diff changeset
    95
  (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    96
  (?i)abort: .*?certificate.verify.failed.* (re)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    97
  [255]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    98
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    99
  $ cd ..