Mercurial > hg
view tests/test-hgweb-auth.py.out @ 29258:6315c1e14f75
sslutil: introduce a function for determining host-specific settings
This patch marks the beginning of a series that introduces a new,
more configurable, per-host security settings mechanism. Currently,
we have global settings (like web.cacerts and the --insecure argument).
We also have per-host settings via [hostfingerprints].
Global security settings are good for defaults, but they don't
provide the amount of control often wanted. For example, an
organization may want to require a particular CA is used for a
particular hostname.
[hostfingerprints] is nice. But it currently assumes SHA-1.
Furthermore, there is no obvious place to put additional per-host
settings.
Subsequent patches will be introducing new mechanisms for defining
security settings, some on a per-host basis. This commits starts
the transition to that world by introducing the _hostsettings
function. It takes a ui and hostname and returns a dict of security
settings. Currently, it limits itself to returning host fingerprint
info.
We foreshadow the future support of non-SHA1 hashing algorithms
for verifying the host fingerprint by making the "certfingerprints"
key a list of tuples instead of a list of hashes.
We add this dict to the hgstate property on the socket and use it
during socket validation for checking fingerprints. There should be
no change in behavior.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Sat, 28 May 2016 11:12:02 -0700 |
parents | 0f1311e829c9 |
children | 31c37e703cee |
line wrap: on
line source
*** Test in-uri schemes CFG: {x.prefix: http://example.org} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: https://example.org} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort CFG: {x.prefix: http://example.org, x.schemes: https} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: https://example.org, x.schemes: http} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort *** Test separately configured schemes CFG: {x.prefix: example.org, x.schemes: http} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: example.org, x.schemes: https} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort CFG: {x.prefix: example.org, x.schemes: http https} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort *** Test prefix matching CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/bar} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('y', 'y') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/foo/bar} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('y', 'y') URI: http://example.org/bar abort URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: *, y.prefix: https://example.org/bar} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('y', 'y') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar ('y', 'y') *** Test user matching CFG: {x.password: xpassword, x.prefix: http://example.org/foo, x.username: None} URI: http://y@example.org/foo ('y', 'xpassword') CFG: {x.password: xpassword, x.prefix: http://example.org/foo, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y} URI: http://y@example.org/foo ('y', 'ypassword') CFG: {x.password: xpassword, x.prefix: http://example.org/foo/bar, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y} URI: http://y@example.org/foo/bar ('y', 'xpassword') *** Test urllib2 and util.url URIs: http://user@example.com:8080/foo http://example.com:8080/foo ('user', '')