Mercurial > hg
view tests/test-revlog.t @ 29447:13edc11eb7b7
sslutil: don't load default certificates when they aren't relevant
Before, we would call SSLContext.load_default_certs() when
certificate verification wasn't being used. Since
SSLContext.verify_mode == ssl.CERT_NONE, this would ideally
no-op. However, there is a slim chance the loading of system
certs could cause a failure. Furthermore, this behavior
interfered with a future patch that aims to provide a more
helpful error message when we're unable to load CAs.
The lack of test fallout is hopefully a sign that our
security code and tests are in a relatively good state.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Wed, 29 Jun 2016 19:38:24 -0700 |
parents | d9179856d732 |
children | 151cc3b3d799 |
line wrap: on
line source
Test for CVE-2016-3630 $ hg init >>> open("a.i", "w").write( ... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD ... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA==""" ... .decode("base64").decode("zlib")) $ hg debugindex a.i rev offset length delta linkrev nodeid p1 p2 0 0 19 -1 2 99e0332bd498 000000000000 000000000000 1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000 $ hg debugdata a.i 1 2>&1 | egrep 'Error:.*decoded' (mercurial.mpatch.)?mpatchError: patch cannot be decoded (re)