--- a/tests/test-https.t Thu Jan 27 17:21:23 2011 -0600
+++ b/tests/test-https.t Fri Jan 28 02:57:59 2011 +0100
@@ -106,7 +106,7 @@
clone via pull
$ hg clone https://localhost:$HGPORT/ copy-pull
- warning: localhost certificate not verified (check web.cacerts config setting)
+ warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
requesting all changes
adding changesets
adding manifests
@@ -132,7 +132,7 @@
$ echo '[hooks]' >> .hg/hgrc
$ echo "changegroup = python '$TESTDIR'/printenv.py changegroup" >> .hg/hgrc
$ hg pull
- warning: localhost certificate not verified (check web.cacerts config setting)
+ warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_URL=https://localhost:$HGPORT/
pulling from https://localhost:$HGPORT/
searching for changes
@@ -188,3 +188,22 @@
$ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob)
[255]
+
+Fingerprints
+
+ $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
+ $ echo "localhost = 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca" >> copy-pull/.hg/hgrc
+ $ echo "127.0.0.1 = 914f1aff87249c09b6859b88b1906d30756491ca" >> copy-pull/.hg/hgrc
+
+- works without cacerts
+ $ hg -R copy-pull id https://localhost:$HGPORT/ --config web.cacerts=
+ 5fed3813f7f5
+
+- fails when cert doesn't match hostname (port is ignored)
+ $ hg -R copy-pull id https://localhost:$HGPORT1/
+ abort: invalid certificate for localhost with fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
+ [255]
+
+- ignores that certificate doesn't match hostname
+ $ hg -R copy-pull id https://127.0.0.1:$HGPORT/
+ 5fed3813f7f5