Mercurial > hg

view tests/test-trusted.py.out @ 29555:121d11814c62

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgweb: use sslutil.wrapserversocket() This patch transitions the built-in HTTPS server to use sslutil for creating the server socket. As part of this transition, we implement developer-only config options to control CA loading and whether to require client certificates. This eliminates the need for the custom extension in test-https.t to define these. There is a slight change in behavior with regards to protocol selection. Before, we would always use the TLS 1.0 constant to define the protocol version. This would *only* use TLS 1.0. sslutil defaults to TLS 1.0+. So this patch improves the security of `hg serve` out of the box by allowing it to use TLS 1.1 and 1.2 (if available).
author Gregory Szorc <gregory.szorc@gmail.com>
date Tue, 12 Jul 2016 23:12:03 -0700
parents c4040a35b5d9
children 75e4bae56068
line wrap: on
line source

# same user, same group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# same user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, same group
not trusting file .hg/hgrc from untrusted user abc, group bar
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, same group, but we trust the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group, but we trust the user
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group, but we trust the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group, but we trust the user and the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we trust all users
# different user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we trust all groups
# different user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we trust all users and groups
# different user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we don't get confused by users and groups with the same name
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# list of user names
# different user, different group, but we trust the user
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# list of group names
# different user, different group, but we trust the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# Can't figure out the name of the user running this process
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# prints debug warnings
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
ignoring untrusted configuration option paths.local = /another/path
    global = /some/path
untrusted
. . global = /some/path
. ignoring untrusted configuration option paths.local = /another/path
. local = /another/path

# report_untrusted enabled without debug hides warnings
# different user, different group
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# report_untrusted enabled with debug shows warnings
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
ignoring untrusted configuration option paths.local = /another/path
    global = /some/path
untrusted
. . global = /some/path
. ignoring untrusted configuration option paths.local = /another/path
. local = /another/path

# ui.readconfig sections
quux

# read trusted, untrusted, new ui, trusted
not trusting file foobar from untrusted user abc, group def
trusted:
ignoring untrusted configuration option foobar.baz = quux
None
untrusted:
quux

# error handling
# file doesn't exist
# same user, same group
# different user, different group

# parse error
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
('foo', '.hg/hgrc:1')
# same user, same group
('foo', '.hg/hgrc:1')