smtp: verify the certificate of the SMTP server for STARTTLS/SMTPS
Before this patch, the certificate of the SMTP server for STARTTLS or
SMTPS isn't verified.
This may cause man-in-the-middle security problem (stealing
authentication information), even though SMTP channel itself is
encrypted by SSL.
When "[smtp] tls" is configured as "smtps" or "starttls", this patch:
- uses classes introduced by preceding patches instead of "SMTP" or
"SMTP_SSL" of smtplib, and
- verifies the certificate of the SMTP server, if "[smtp]
verifycert" is configured as other than False
"[smtp] verifycert" can be configured in 3 levels:
- "strict":
This verifies peer certificate, and aborts if:
- peer certification is not valid, or
- no configuration in "[hostfingerprints]" and "[web] cacerts"
This is default value of "[smtp] verifycert" for security.
- "loose":
This verifies peer certificate, and aborts if peer certification is
not valid.
This just shows warning message ("certificate not verified"), if
there is no configuration in "[hostfingerprints]" and "[web]
cacerts".
This is as same as verification for HTTPS connection.
- False(no verification):
Peer certificate is not verified.
This is as same as the behavior before this patch series.
"hg email --insecure" uses "loose" level, and ignores "[web] cacerts"
as same as push/pull/etc... with --insecure.
Ignoring "[web] cacerts" configuration for "hg email --insecure" is
already done in "dispatch._dispatch()" by looking "insecure" up in the
table of command options.
setup repo
$ hg init t
$ cd t
$ echo a > a
$ hg commit -Am'add a'
adding a
$ hg verify
checking changesets
checking manifests
crosschecking files in changesets and manifests
checking files
1 files, 1 changesets, 1 total revisions
$ hg parents
changeset: 0:1f0dee641bb7
tag: tip
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: add a
rollback to null revision
$ hg status
$ hg rollback
repository tip rolled back to revision -1 (undo commit)
working directory now based on revision -1
$ hg verify
checking changesets
checking manifests
crosschecking files in changesets and manifests
checking files
0 files, 0 changesets, 0 total revisions
$ hg parents
$ hg status
A a
Two changesets this time so we rollback to a real changeset
$ hg commit -m'add a again'
$ echo a >> a
$ hg commit -m'modify a'
Test issue 902 (current branch is preserved)
$ hg branch test
marked working directory as branch test
(branches are permanent and global, did you want a bookmark?)
$ hg rollback
repository tip rolled back to revision 0 (undo commit)
working directory now based on revision 0
$ hg branch
default
Test issue 1635 (commit message saved)
$ cat .hg/last-message.txt ; echo
modify a
Test rollback of hg before issue 902 was fixed
$ hg commit -m "test3"
$ hg branch test
marked working directory as branch test
(branches are permanent and global, did you want a bookmark?)
$ rm .hg/undo.branch
$ hg rollback
repository tip rolled back to revision 0 (undo commit)
named branch could not be reset: current branch is still 'test'
working directory now based on revision 0
$ hg branch
test
working dir unaffected by rollback: do not restore dirstate et. al.
$ hg log --template '{rev} {branch} {desc|firstline}\n'
0 default add a again
$ hg status
M a
$ hg bookmark foo
$ hg commit -m'modify a again'
$ echo b > b
$ hg commit -Am'add b'
adding b
$ hg log --template '{rev} {branch} {desc|firstline}\n'
2 test add b
1 test modify a again
0 default add a again
$ hg update default
1 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ hg bookmark bar
$ cat .hg/undo.branch ; echo
test
$ hg rollback -f
repository tip rolled back to revision 1 (undo commit)
$ hg id -n
0
$ hg branch
default
$ cat .hg/bookmarks.current ; echo
bar
$ hg bookmark --delete foo
rollback by pretxncommit saves commit message (issue 1635)
$ echo a >> a
$ hg --config hooks.pretxncommit=false commit -m"precious commit message"
transaction abort!
rollback completed
abort: pretxncommit hook exited with status * (glob)
[255]
$ cat .hg/last-message.txt ; echo
precious commit message
same thing, but run $EDITOR
$ cat > editor.sh << '__EOF__'
> echo "another precious commit message" > "$1"
> __EOF__
$ HGEDITOR="\"sh\" \"`pwd`/editor.sh\"" hg --config hooks.pretxncommit=false commit 2>&1
transaction abort!
rollback completed
note: commit message saved in .hg/last-message.txt
abort: pretxncommit hook exited with status * (glob)
[255]
$ cat .hg/last-message.txt
another precious commit message
test rollback on served repository
#if serve
$ hg commit -m "precious commit message"
$ hg serve -p $HGPORT -d --pid-file=hg.pid -A access.log -E errors.log
$ cat hg.pid >> $DAEMON_PIDS
$ cd ..
$ hg clone http://localhost:$HGPORT u
requesting all changes
adding changesets
adding manifests
adding file changes
added 3 changesets with 2 changes to 1 files (+1 heads)
updating to branch default
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ cd u
$ hg id default
068774709090
now rollback and observe that 'hg serve' reloads the repository and
presents the correct tip changeset:
$ hg -R ../t rollback
repository tip rolled back to revision 1 (undo commit)
working directory now based on revision 0
$ hg id default
791dd2169706
#endif
update to older changeset and then refuse rollback, because
that would lose data (issue2998)
$ cd ../t
$ hg -q update
$ rm `hg status -un`
$ template='{rev}:{node|short} [{branch}] {desc|firstline}\n'
$ echo 'valuable new file' > b
$ echo 'valuable modification' >> a
$ hg commit -A -m'a valuable change'
adding b
$ hg update 0
1 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ hg rollback
abort: rollback of last commit while not checked out may lose data
(use -f to force)
[255]
$ hg tip -q
2:4d9cd3795eea
$ hg rollback -f
repository tip rolled back to revision 1 (undo commit)
$ hg status
$ hg log --removed b # yep, it's gone
same again, but emulate an old client that doesn't write undo.desc
$ hg -q update
$ echo 'valuable modification redux' >> a
$ hg commit -m'a valuable change redux'
$ rm .hg/undo.desc
$ hg update 0
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ hg rollback
rolling back unknown transaction
$ cat a
a
$ cd ..