Mercurial > hg

diff tests/test-patchbomb-tls.t @ 29526:9d02bed8477b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests: regenerate x509 test certificates The old x509 test certificates were using cryptographic settings that are ancient by today's standards, namely 512 bit RSA keys. To put things in perspective, browsers have been dropping support for 1024 bit RSA keys. I think it is important that tests match the realities of the times. And 2048 bit RSA keys with SHA-2 hashing are what the world is moving to. This patch replaces all the x509 certificates with new versions using modern best practices. In addition, the docs for generating the keys have been updated, as the existing docs left out a few steps, namely how to generate certs that were not active yet or expired.
author Gregory Szorc <gregory.szorc@gmail.com>
date Tue, 12 Jul 2016 22:26:04 -0700
parents 4b16a5bd9948
children 1a782fabf80d
line wrap: on
line diff
--- a/tests/test-patchbomb-tls.t	Tue Jul 12 15:09:07 2016 +0200
+++ b/tests/test-patchbomb-tls.t	Tue Jul 12 22:26:04 2016 -0700
@@ -97,7 +97,7 @@
   sending mail: smtp host localhost, port * (glob)
   (verifying remote certificate)
   abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
-  (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 to trust this server)
+  (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
   [255]
 
 With global certificates: