Mercurial > hg
comparison tests/test-https.t @ 22575:d7f7f1860f00
ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs
This will give PKI-secure behaviour out of the box, without any configuration.
Setting web.cacerts to any value or empty will disable this trick.
This dummy cert trick only works on OS X 10.6+, but 10.5 had Python 2.5 which
didn't have certificate validation at all.
| author | Mads Kiilerich <madski@unity3d.com> |
|---|---|
| date | Fri, 26 Sep 2014 02:19:48 +0200 |
| parents | 7a9cbb315d84 |
| children | e803186296ab |
comparison
equal
deleted
inserted
replaced
| 22574:a00a7951b20c | 22575:d7f7f1860f00 |
|---|---|
| 113 abort: cannot start server at ':$HGPORT': Address already in use | 113 abort: cannot start server at ':$HGPORT': Address already in use |
| 114 [255] | 114 [255] |
| 115 #endif | 115 #endif |
| 116 $ cd .. | 116 $ cd .. |
| 117 | 117 |
| 118 OS X has a dummy CA cert that enables use of the system CA store | |
| 119 | |
| 120 $ DISABLEOSXDUMMYCERT= | |
| 121 #if osx | |
| 122 $ hg clone https://localhost:$HGPORT/ copy-pull | |
| 123 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) | |
| 124 [255] | |
| 125 | |
| 126 $ DISABLEOSXDUMMYCERT="--config=web.cacerts=" | |
| 127 #endif | |
| 128 | |
| 118 clone via pull | 129 clone via pull |
| 119 | 130 |
| 120 $ hg clone https://localhost:$HGPORT/ copy-pull | 131 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLEOSXDUMMYCERT |
| 121 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | 132 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
| 122 requesting all changes | 133 requesting all changes |
| 123 adding changesets | 134 adding changesets |
| 124 adding manifests | 135 adding manifests |
| 125 adding file changes | 136 adding file changes |
| 141 pull without cacert | 152 pull without cacert |
| 142 | 153 |
| 143 $ cd copy-pull | 154 $ cd copy-pull |
| 144 $ echo '[hooks]' >> .hg/hgrc | 155 $ echo '[hooks]' >> .hg/hgrc |
| 145 $ echo "changegroup = python \"$TESTDIR/printenv.py\" changegroup" >> .hg/hgrc | 156 $ echo "changegroup = python \"$TESTDIR/printenv.py\" changegroup" >> .hg/hgrc |
| 146 $ hg pull | 157 $ hg pull $DISABLEOSXDUMMYCERT |
| 147 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | 158 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
| 148 pulling from https://localhost:$HGPORT/ | 159 pulling from https://localhost:$HGPORT/ |
| 149 searching for changes | 160 searching for changes |
| 150 adding changesets | 161 adding changesets |
| 151 adding manifests | 162 adding manifests |