Mercurial > hg
comparison mercurial/dummycert.pem @ 22575:d7f7f1860f00
ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs
This will give PKI-secure behaviour out of the box, without any configuration.
Setting web.cacerts to any value or empty will disable this trick.
This dummy cert trick only works on OS X 10.6+, but 10.5 had Python 2.5 which
didn't have certificate validation at all.
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Fri, 26 Sep 2014 02:19:48 +0200 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
22574:a00a7951b20c | 22575:d7f7f1860f00 |
---|---|
1 A dummy certificate that will make OS X 10.6+ Python use the system CA | |
2 certificate store: | |
3 | |
4 -----BEGIN CERTIFICATE----- | |
5 MIIBIzCBzgIJANjmj39sb3FmMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNVBAMTDmhn | |
6 LmV4YW1wbGUuY29tMB4XDTE0MDgzMDA4NDU1OVoXDTE0MDgyOTA4NDU1OVowGTEX | |
7 MBUGA1UEAxMOaGcuZXhhbXBsZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA | |
8 mh/ZySGlcq0ALNLmA1gZqt61HruywPrRk6WyrLJRgt+X7OP9FFlEfl2tzHfzqvmK | |
9 CtSQoPINWOdAJMekBYFgKQIDAQABMA0GCSqGSIb3DQEBBQUAA0EAF9h49LkSqJ6a | |
10 IlpogZuUHtihXeKZBsiktVIDlDccYsNy0RSh9XxUfhk+XMLw8jBlYvcltSXdJ7We | |
11 aKdQRekuMQ== | |
12 -----END CERTIFICATE----- | |
13 | |
14 This certificate was generated to be syntactically valid but never be usable; | |
15 it expired before it became valid. | |
16 | |
17 Created as: | |
18 | |
19 $ cat > cn.conf << EOT | |
20 > [req] | |
21 > distinguished_name = req_distinguished_name | |
22 > [req_distinguished_name] | |
23 > commonName = Common Name | |
24 > commonName_default = no.example.com | |
25 > EOT | |
26 $ openssl req -nodes -new -x509 -keyout /dev/null \ | |
27 > -out dummycert.pem -days -1 -config cn.conf -subj '/CN=hg.example.com' | |
28 | |
29 To verify the content of this certificate: | |
30 | |
31 $ openssl x509 -in dummycert.pem -noout -text | |
32 Certificate: | |
33 Data: | |
34 Version: 1 (0x0) | |
35 Serial Number: 15629337334278746470 (0xd8e68f7f6c6f7166) | |
36 Signature Algorithm: sha1WithRSAEncryption | |
37 Issuer: CN=hg.example.com | |
38 Validity | |
39 Not Before: Aug 30 08:45:59 2014 GMT | |
40 Not After : Aug 29 08:45:59 2014 GMT | |
41 Subject: CN=hg.example.com | |
42 Subject Public Key Info: | |
43 Public Key Algorithm: rsaEncryption | |
44 Public-Key: (512 bit) | |
45 Modulus: | |
46 00:9a:1f:d9:c9:21:a5:72:ad:00:2c:d2:e6:03:58: | |
47 19:aa:de:b5:1e:bb:b2:c0:fa:d1:93:a5:b2:ac:b2: | |
48 51:82:df:97:ec:e3:fd:14:59:44:7e:5d:ad:cc:77: | |
49 f3:aa:f9:8a:0a:d4:90:a0:f2:0d:58:e7:40:24:c7: | |
50 a4:05:81:60:29 | |
51 Exponent: 65537 (0x10001) | |
52 Signature Algorithm: sha1WithRSAEncryption | |
53 17:d8:78:f4:b9:12:a8:9e:9a:22:5a:68:81:9b:94:1e:d8:a1: | |
54 5d:e2:99:06:c8:a4:b5:52:03:94:37:1c:62:c3:72:d1:14:a1: | |
55 f5:7c:54:7e:19:3e:5c:c2:f0:f2:30:65:62:f7:25:b5:25:dd: | |
56 27:b5:9e:68:a7:50:45:e9:2e:31 |