equal
deleted
inserted
replaced
6 printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \ |
6 printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \ |
7 openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem |
7 openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem |
8 Can be dumped with: |
8 Can be dumped with: |
9 openssl x509 -in pub.pem -text |
9 openssl x509 -in pub.pem -text |
10 |
10 |
11 $ cat << EOT > priv.pem |
11 $ cat << EOT > priv.pem |
12 > -----BEGIN PRIVATE KEY----- |
12 > -----BEGIN PRIVATE KEY----- |
13 > MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH |
13 > MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH |
14 > aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8 |
14 > aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8 |
15 > j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc |
15 > j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc |
16 > EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG |
16 > EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG |
19 > aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh |
19 > aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh |
20 > HY8gUVkVRVs= |
20 > HY8gUVkVRVs= |
21 > -----END PRIVATE KEY----- |
21 > -----END PRIVATE KEY----- |
22 > EOT |
22 > EOT |
23 |
23 |
24 $ cat << EOT > pub.pem |
24 $ cat << EOT > pub.pem |
25 > -----BEGIN CERTIFICATE----- |
25 > -----BEGIN CERTIFICATE----- |
26 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV |
26 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV |
27 > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw |
27 > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw |
28 > MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0 |
28 > MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0 |
29 > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL |
29 > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL |
35 > -----END CERTIFICATE----- |
35 > -----END CERTIFICATE----- |
36 > EOT |
36 > EOT |
37 $ cat priv.pem pub.pem >> server.pem |
37 $ cat priv.pem pub.pem >> server.pem |
38 $ PRIV=`pwd`/server.pem |
38 $ PRIV=`pwd`/server.pem |
39 |
39 |
40 $ cat << EOT > pub-other.pem |
40 $ cat << EOT > pub-other.pem |
41 > -----BEGIN CERTIFICATE----- |
41 > -----BEGIN CERTIFICATE----- |
42 > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV |
42 > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV |
43 > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw |
43 > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw |
44 > MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0 |
44 > MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0 |
45 > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL |
45 > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL |
51 > -----END CERTIFICATE----- |
51 > -----END CERTIFICATE----- |
52 > EOT |
52 > EOT |
53 |
53 |
54 pub.pem patched with other notBefore / notAfter: |
54 pub.pem patched with other notBefore / notAfter: |
55 |
55 |
56 $ cat << EOT > pub-not-yet.pem |
56 $ cat << EOT > pub-not-yet.pem |
57 > -----BEGIN CERTIFICATE----- |
57 > -----BEGIN CERTIFICATE----- |
58 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs |
58 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs |
59 > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw |
59 > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw |
60 > NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv |
60 > NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv |
61 > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK |
61 > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK |
65 > /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0= |
65 > /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0= |
66 > -----END CERTIFICATE----- |
66 > -----END CERTIFICATE----- |
67 > EOT |
67 > EOT |
68 $ cat priv.pem pub-not-yet.pem > server-not-yet.pem |
68 $ cat priv.pem pub-not-yet.pem > server-not-yet.pem |
69 |
69 |
70 $ cat << EOT > pub-expired.pem |
70 $ cat << EOT > pub-expired.pem |
71 > -----BEGIN CERTIFICATE----- |
71 > -----BEGIN CERTIFICATE----- |
72 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs |
72 > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs |
73 > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx |
73 > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx |
74 > NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv |
74 > NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv |
75 > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK |
75 > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK |
196 searching for changes |
196 searching for changes |
197 no changes found |
197 no changes found |
198 |
198 |
199 Test server cert which isn't valid yet |
199 Test server cert which isn't valid yet |
200 |
200 |
201 $ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem |
201 $ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem |
202 $ cat hg1.pid >> $DAEMON_PIDS |
202 $ cat hg1.pid >> $DAEMON_PIDS |
203 $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/ |
203 $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/ |
204 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
204 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
205 [255] |
205 [255] |
206 |
206 |
207 Test server cert which no longer is valid |
207 Test server cert which no longer is valid |
208 |
208 |
209 $ hg -R test serve -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem |
209 $ hg -R test serve -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem |
210 $ cat hg2.pid >> $DAEMON_PIDS |
210 $ cat hg2.pid >> $DAEMON_PIDS |
211 $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ |
211 $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ |
212 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
212 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
213 [255] |
213 [255] |
214 |
214 |