Mercurial > hg
comparison tests/test-https.t @ 13328:a939f08fae9c stable
url: add --insecure option to bypass verification of ssl certificates
If --insecure specified, it behaves in the same way as no web.cacerts
configured.
Also shows hint for --insecure option when _verifycert() failed. But currently
the hint isn't displayed on SSLError, because it needs a certain level of
changes.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Sat, 29 Jan 2011 23:23:24 +0900 |
| parents | 8dc488dfcdb4 |
| children | 12773f1b7728 |
comparison
equal
deleted
inserted
replaced
| 13322:c19b9282d3a7 | 13328:a939f08fae9c |
|---|---|
| 161 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH | 161 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH |
| 162 $ P=`pwd` hg -R copy-pull pull | 162 $ P=`pwd` hg -R copy-pull pull |
| 163 pulling from https://localhost:$HGPORT/ | 163 pulling from https://localhost:$HGPORT/ |
| 164 searching for changes | 164 searching for changes |
| 165 no changes found | 165 no changes found |
| 166 $ P=`pwd` hg -R copy-pull pull --insecure | |
| 167 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
| 168 pulling from https://localhost:$HGPORT/ | |
| 169 searching for changes | |
| 170 no changes found | |
| 166 | 171 |
| 167 cacert mismatch | 172 cacert mismatch |
| 168 | 173 |
| 169 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ | 174 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ |
| 170 abort: 127.0.0.1 certificate error: certificate is for localhost | 175 abort: 127.0.0.1 certificate error: certificate is for localhost (use --insecure to connect insecurely) |
| 171 [255] | 176 [255] |
| 177 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure | |
| 178 warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
| 179 pulling from https://127.0.0.1:$HGPORT/ | |
| 180 searching for changes | |
| 181 no changes found | |
| 172 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem | 182 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem |
| 173 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) | 183 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
| 174 [255] | 184 [255] |
| 185 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure | |
| 186 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
| 187 pulling from https://localhost:$HGPORT/ | |
| 188 searching for changes | |
| 189 no changes found | |
| 175 | 190 |
| 176 Test server cert which isn't valid yet | 191 Test server cert which isn't valid yet |
| 177 | 192 |
| 178 $ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem | 193 $ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem |
| 179 $ cat hg1.pid >> $DAEMON_PIDS | 194 $ cat hg1.pid >> $DAEMON_PIDS |