tests/test-patchbomb-tls.t
author Gregory Szorc <gregory.szorc@gmail.com>
Mon, 22 Aug 2016 20:17:36 -0700
changeset 29829 dae97049345b
parent 29601 6cff2ac0ccb9
child 31489 5b2e1689b24d
permissions -rw-r--r--
revlog: remove unused variables
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     1
#require serve ssl
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     2
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     3
Set up SMTP server:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     4
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     5
  $ CERTSDIR="$TESTDIR/sslcerts"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     6
  $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     7
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     8
  $ python "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
     9
  > --tls smtps --certificate `pwd`/server.pem
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    10
  listening at localhost:$HGPORT
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    11
  $ cat a.pid >> $DAEMON_PIDS
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    12
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    13
Ensure hg email output is sent to stdout:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    14
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    15
  $ unset PAGER
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    16
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    17
Set up repository:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    18
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    19
  $ hg init t
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    20
  $ cd t
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    21
  $ cat <<EOF >> .hg/hgrc
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    22
  > [extensions]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    23
  > patchbomb =
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    24
  > [email]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    25
  > method = smtp
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    26
  > [smtp]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    27
  > host = localhost
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    28
  > port = $HGPORT
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    29
  > tls = smtps
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    30
  > EOF
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    31
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    32
  $ echo a > a
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    33
  $ hg commit -Ama -d '1 0'
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    34
  adding a
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    35
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    36
Utility functions:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    37
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    38
  $ DISABLECACERTS=
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    39
  $ try () {
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    40
  >   hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    41
  > }
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    42
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    43
Our test cert is not signed by a trusted CA. It should fail to verify if
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    44
we are able to load CA certs:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    45
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    46
#if sslcontext defaultcacerts no-defaultcacertsloaded
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    47
  $ try
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    48
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    49
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    50
  
29449
5b71a8d7f7ff sslutil: emit warning when no CA certificates loaded
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29411
diff changeset
    51
  (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    52
  (?i)abort: .*?certificate.verify.failed.* (re)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    53
  [255]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    54
#endif
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    55
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    56
#if no-sslcontext defaultcacerts
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    57
  $ try
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    58
  this patch series consists of 1 patches.
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    59
  
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    60
  
29561
1a782fabf80d sslutil: print a warning when using TLS 1.0 on legacy Python
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
    61
  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
29500
4b16a5bd9948 sslutil: try to find CA certficates in well-known locations
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29499
diff changeset
    62
  (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    63
  (?i)abort: .*?certificate.verify.failed.* (re)
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    64
  [255]
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    65
#endif
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    66
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    67
#if defaultcacertsloaded
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    68
  $ try
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    69
  this patch series consists of 1 patches.
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    70
  
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    71
  
29601
6cff2ac0ccb9 sslutil: more robustly detect protocol support
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29561
diff changeset
    72
  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
29500
4b16a5bd9948 sslutil: try to find CA certficates in well-known locations
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29499
diff changeset
    73
  (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    74
  (?i)abort: .*?certificate.verify.failed.* (re)
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    75
  [255]
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    76
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    77
#endif
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    78
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    79
#if no-defaultcacerts
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    80
  $ try
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    81
  this patch series consists of 1 patches.
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    82
  
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    83
  
29499
9c5325c79683 sslutil: issue warning when unable to load certificates on OS X
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29481
diff changeset
    84
  (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
29481
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    85
  abort: localhost certificate error: no certificate received
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    86
  (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    87
  [255]
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    88
#endif
5caa415aa48b tests: better testing of loaded certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29449
diff changeset
    89
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    90
  $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    91
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    92
Without certificates:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    93
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    94
  $ try --debug
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    95
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    96
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    97
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    98
  (using smtps)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
    99
  sending mail: smtp host localhost, port * (glob)
29561
1a782fabf80d sslutil: print a warning when using TLS 1.0 on legacy Python
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
   100
  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   101
  (verifying remote certificate)
29411
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29333
diff changeset
   102
  abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
29526
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29500
diff changeset
   103
  (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
29411
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29333
diff changeset
   104
  [255]
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   105
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   106
With global certificates:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   107
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   108
  $ try --debug --config web.cacerts="$CERTSDIR/pub.pem"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   109
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   110
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   111
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   112
  (using smtps)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   113
  sending mail: smtp host localhost, port * (glob)
29561
1a782fabf80d sslutil: print a warning when using TLS 1.0 on legacy Python
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
   114
  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   115
  (verifying remote certificate)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   116
  sending [PATCH] a ...
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   117
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   118
With invalid certificates:
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   119
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   120
  $ try --config web.cacerts="$CERTSDIR/pub-other.pem"
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   121
  this patch series consists of 1 patches.
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   122
  
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   123
  
29561
1a782fabf80d sslutil: print a warning when using TLS 1.0 on legacy Python
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
   124
  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
29333
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   125
  (?i)abort: .*?certificate.verify.failed.* (re)
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   126
  [255]
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   127
cdef60d9f442 tests: add basic tests for SMTP over SSL
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
   128
  $ cd ..