Mercurial > hg
comparison tests/test-https.t @ 13328:a939f08fae9c stable
url: add --insecure option to bypass verification of ssl certificates
If --insecure specified, it behaves in the same way as no web.cacerts
configured.
Also shows hint for --insecure option when _verifycert() failed. But currently
the hint isn't displayed on SSLError, because it needs a certain level of
changes.
author | Yuya Nishihara <yuya@tcha.org> |
---|---|
date | Sat, 29 Jan 2011 23:23:24 +0900 |
parents | 8dc488dfcdb4 |
children | 12773f1b7728 |
comparison
equal
deleted
inserted
replaced
13322:c19b9282d3a7 | 13328:a939f08fae9c |
---|---|
161 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH | 161 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH |
162 $ P=`pwd` hg -R copy-pull pull | 162 $ P=`pwd` hg -R copy-pull pull |
163 pulling from https://localhost:$HGPORT/ | 163 pulling from https://localhost:$HGPORT/ |
164 searching for changes | 164 searching for changes |
165 no changes found | 165 no changes found |
166 $ P=`pwd` hg -R copy-pull pull --insecure | |
167 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
168 pulling from https://localhost:$HGPORT/ | |
169 searching for changes | |
170 no changes found | |
166 | 171 |
167 cacert mismatch | 172 cacert mismatch |
168 | 173 |
169 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ | 174 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ |
170 abort: 127.0.0.1 certificate error: certificate is for localhost | 175 abort: 127.0.0.1 certificate error: certificate is for localhost (use --insecure to connect insecurely) |
171 [255] | 176 [255] |
177 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure | |
178 warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
179 pulling from https://127.0.0.1:$HGPORT/ | |
180 searching for changes | |
181 no changes found | |
172 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem | 182 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem |
173 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) | 183 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
174 [255] | 184 [255] |
185 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure | |
186 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |
187 pulling from https://localhost:$HGPORT/ | |
188 searching for changes | |
189 no changes found | |
175 | 190 |
176 Test server cert which isn't valid yet | 191 Test server cert which isn't valid yet |
177 | 192 |
178 $ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem | 193 $ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem |
179 $ cat hg1.pid >> $DAEMON_PIDS | 194 $ cat hg1.pid >> $DAEMON_PIDS |