Mercurial Mercurial > hg / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/sslcerts/README
author Jun Wu <quark@fb.com>
Mon, 17 Jul 2017 23:19:11 -0700
changeset 33832 539541779010
parent 29579 43f3c0df2fab
permissions -rw-r--r--
phabricator: add a small language to query Differential Revisions Previously, `phabread` can only be used to read a single patch, or a single stack of patches. In the future, we want to have more complex queries like filtering with status (open, accepted, closed, etc), or maybe more complex like filtering by reviewers etc. The command line flag approach won't scale with that. Besides, we might want to have other commands to update Differential Revision status in batch, like accepting a stack using a single command. Therefore, this patch adds a small language. It has basic set operations: `&`, `+`, `-` and an ancestor operator to support `--stack`. Test Plan: Try querying this Phabricator instance: hg phabread 1+2 # 1, 2 hg phabread D2+D1 # 2, 1 hg phabread ':118-115+:2-1' # 114, 116, 117, 118, 2 hg phabread '((:118-(D115+117)))&:117' # 114, 116 hg phabread ':2&:117' --debug # differential.query is called only once Make sure the output is expected and prefetch works. Differential Revision: https://phab.mercurial-scm.org/D125

Generate a private key (priv.pem):

  $ openssl genrsa -out priv.pem 2048

Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):

  $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
    -out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
  $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
    -out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

Now generate an expired certificate by turning back the system time:

  $ faketime 2016-01-01T00:00:00Z \
    openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
    -out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

Generate a certificate not yet active by advancing the system time:

  $ faketime 2030-01-1T00:00:00Z \
    openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
    -out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'

Generate a passphrase protected client certificate private key:

  $ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048

Create a copy of the private key without a passphrase:

  $ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem

Create a CSR and sign the key using the server keypair:

  $ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \
    openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
  $ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
    -set_serial 01 -out client-cert.pem

When replacing the certificates, references to certificate fingerprints will
need to be updated in test files.

Fingerprints for certs can be obtained by running:

  $ openssl x509 -in pub.pem -noout -sha1 -fingerprint
  $ openssl x509 -in pub.pem -noout -sha256 -fingerprint
Mercurial