Mercurial Mercurial > hg / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/cgienv
author FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
Tue, 26 Mar 2013 02:28:10 +0900
changeset 18888 19d489404d79
parent 13269 aa3f726a2bdb
permissions -rw-r--r--
smtp: verify the certificate of the SMTP server for STARTTLS/SMTPS Before this patch, the certificate of the SMTP server for STARTTLS or SMTPS isn't verified. This may cause man-in-the-middle security problem (stealing authentication information), even though SMTP channel itself is encrypted by SSL. When "[smtp] tls" is configured as "smtps" or "starttls", this patch: - uses classes introduced by preceding patches instead of "SMTP" or "SMTP_SSL" of smtplib, and - verifies the certificate of the SMTP server, if "[smtp] verifycert" is configured as other than False "[smtp] verifycert" can be configured in 3 levels: - "strict": This verifies peer certificate, and aborts if: - peer certification is not valid, or - no configuration in "[hostfingerprints]" and "[web] cacerts" This is default value of "[smtp] verifycert" for security. - "loose": This verifies peer certificate, and aborts if peer certification is not valid. This just shows warning message ("certificate not verified"), if there is no configuration in "[hostfingerprints]" and "[web] cacerts". This is as same as verification for HTTPS connection. - False(no verification): Peer certificate is not verified. This is as same as the behavior before this patch series. "hg email --insecure" uses "loose" level, and ignores "[web] cacerts" as same as push/pull/etc... with --insecure. Ignoring "[web] cacerts" configuration for "hg email --insecure" is already done in "dispatch._dispatch()" by looking "insecure" up in the table of command options.

DOCUMENT_ROOT="/var/www/hg"; export DOCUMENT_ROOT
GATEWAY_INTERFACE="CGI/1.1"; export GATEWAY_INTERFACE
HTTP_ACCEPT="text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"; export HTTP_ACCEPT
HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7"; export HTTP_ACCEPT_CHARSET
HTTP_ACCEPT_ENCODING="gzip,deflate"; export HTTP_ACCEPT_ENCODING
HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.5"; export HTTP_ACCEPT_LANGUAGE
HTTP_CACHE_CONTROL="max-age=0"; export HTTP_CACHE_CONTROL
HTTP_CONNECTION="keep-alive"; export HTTP_CONNECTION
HTTP_HOST="hg.omnifarious.org"; export HTTP_HOST
HTTP_KEEP_ALIVE="300"; export HTTP_KEEP_ALIVE
HTTP_USER_AGENT="Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4"; export HTTP_USER_AGENT
PATH_INFO="/"; export PATH_INFO
PATH_TRANSLATED="/var/www/hg/index.html"; export PATH_TRANSLATED
QUERY_STRING=""; export QUERY_STRING
REMOTE_ADDR="127.0.0.2"; export REMOTE_ADDR
REMOTE_PORT="44703"; export REMOTE_PORT
REQUEST_METHOD="GET"; export REQUEST_METHOD
REQUEST_URI="/test/"; export REQUEST_URI
SCRIPT_FILENAME="/home/hopper/hg_public/test.cgi"; export SCRIPT_FILENAME
SCRIPT_NAME="/test"; export SCRIPT_NAME
SCRIPT_URI="http://hg.omnifarious.org/test/"; export SCRIPT_URI
SCRIPT_URL="/test/"; export SCRIPT_URL
SERVER_ADDR="127.0.0.1"; export SERVER_ADDR
SERVER_ADMIN="eric@localhost"; export SERVER_ADMIN
SERVER_NAME="hg.omnifarious.org"; export SERVER_NAME
SERVER_PORT="80"; export SERVER_PORT
SERVER_PROTOCOL="HTTP/1.1"; export SERVER_PROTOCOL
SERVER_SIGNATURE="<address>Apache/2.0.53 (Fedora) Server at hg.omnifarious.org Port 80</address>"; export SERVER_SIGNATURE
SERVER_SOFTWARE="Apache/2.0.53 (Fedora)"; export SERVER_SOFTWARE
Mercurial