Mercurial Mercurial > hg / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/test-https.t
changeset 29559 7dec5e441bf7
parent 29555 121d11814c62
child 29560 303e9300772a
equal deleted inserted replaced
29558:a935cd7d51a6 29559:7dec5e441bf7 
   343 
   343 
   344 - ignores that certificate doesn't match hostname
 
   344 - ignores that certificate doesn't match hostname
 
   345   $ hg -R copy-pull id https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
 
   345   $ hg -R copy-pull id https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
 
   346   5fed3813f7f5
 
   346   5fed3813f7f5
 
   347 
   347 
   348 HGPORT1 is reused below for tinyproxy tests. Kill that server.
 
   348 Ports used by next test. Kill servers.
 
       
   349 
       
   350   $ killdaemons.py hg0.pid
 
   349   $ killdaemons.py hg1.pid
 
   351   $ killdaemons.py hg1.pid
 
       
   352   $ killdaemons.py hg2.pid
 
       
   353 
       
   354 #if sslcontext
 
       
   355 Start servers running supported TLS versions
 
       
   356 
       
   357   $ cd test
 
       
   358   $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
 
       
   359   > --config devel.serverexactprotocol=tls1.0
 
       
   360   $ cat ../hg0.pid >> $DAEMON_PIDS
 
       
   361   $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
 
       
   362   > --config devel.serverexactprotocol=tls1.1
 
       
   363   $ cat ../hg1.pid >> $DAEMON_PIDS
 
       
   364   $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
 
       
   365   > --config devel.serverexactprotocol=tls1.2
 
       
   366   $ cat ../hg2.pid >> $DAEMON_PIDS
 
       
   367   $ cd ..
 
       
   368 
       
   369 Clients talking same TLS versions work
 
       
   370 
       
   371   $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/
 
       
   372   5fed3813f7f5
 
       
   373   $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/
 
       
   374   5fed3813f7f5
 
       
   375   $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
 
       
   376   5fed3813f7f5
 
       
   377 
       
   378 Clients requiring newer TLS version than what server supports fail
 
       
   379 
       
   380   $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/
 
       
   381   (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
 
       
   382   abort: error: *unsupported protocol* (glob)
 
       
   383   [255]
 
       
   384   $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/
 
       
   385   (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
 
       
   386   abort: error: *unsupported protocol* (glob)
 
       
   387   [255]
 
       
   388   $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/
 
       
   389   (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
 
       
   390   abort: error: *unsupported protocol* (glob)
 
       
   391   [255]
 
       
   392 
       
   393 The per-host config option overrides the default
 
       
   394 
       
   395   $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
 
       
   396   > --config hostsecurity.minimumprotocol=tls1.2 \
 
       
   397   > --config hostsecurity.localhost:minimumprotocol=tls1.0
 
       
   398   5fed3813f7f5
 
       
   399 
       
   400 The per-host config option by itself works
 
       
   401 
       
   402   $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
 
       
   403   > --config hostsecurity.localhost:minimumprotocol=tls1.2
 
       
   404   (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
 
       
   405   abort: error: *unsupported protocol* (glob)
 
       
   406   [255]
 
       
   407 
       
   408   $ killdaemons.py hg0.pid
 
       
   409   $ killdaemons.py hg1.pid
 
       
   410   $ killdaemons.py hg2.pid
 
       
   411 #endif
 
   350 
   412 
   351 Prepare for connecting through proxy
 
   413 Prepare for connecting through proxy
 
   352 
   414 
       
   415   $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV
 
       
   416   $ cat hg0.pid >> $DAEMON_PIDS
 
       
   417   $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
 
       
   418   $ cat hg2.pid >> $DAEMON_PIDS
 
       
   419 tinyproxy.py doesn't fully detach, so killing it may result in extra output
 
       
   420 from the shell. So don't kill it.
 
   353   $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
 
   421   $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
 
   354   $ while [ ! -f proxy.pid ]; do sleep 0; done
 
   422   $ while [ ! -f proxy.pid ]; do sleep 0; done
 
   355   $ cat proxy.pid >> $DAEMON_PIDS
 
   423   $ cat proxy.pid >> $DAEMON_PIDS
 
   356 
   424 
   357   $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
 
   425   $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
Mercurial