Mercurial > hg
view tests/test-run-tests.py @ 29258:6315c1e14f75
sslutil: introduce a function for determining host-specific settings
This patch marks the beginning of a series that introduces a new,
more configurable, per-host security settings mechanism. Currently,
we have global settings (like web.cacerts and the --insecure argument).
We also have per-host settings via [hostfingerprints].
Global security settings are good for defaults, but they don't
provide the amount of control often wanted. For example, an
organization may want to require a particular CA is used for a
particular hostname.
[hostfingerprints] is nice. But it currently assumes SHA-1.
Furthermore, there is no obvious place to put additional per-host
settings.
Subsequent patches will be introducing new mechanisms for defining
security settings, some on a per-host basis. This commits starts
the transition to that world by introducing the _hostsettings
function. It takes a ui and hostname and returns a dict of security
settings. Currently, it limits itself to returning host fingerprint
info.
We foreshadow the future support of non-SHA1 hashing algorithms
for verifying the host fingerprint by making the "certfingerprints"
key a list of tuples instead of a list of hashes.
We add this dict to the hgstate property on the socket and use it
during socket validation for checking fingerprints. There should be
no change in behavior.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sat, 28 May 2016 11:12:02 -0700 |
| parents | f798ffe7cb08 |
| children | eeed23508383 |
line wrap: on
line source
"""test line matching with some failing examples and some which warn run-test.t only checks positive matches and can not see warnings (both by design) """ from __future__ import absolute_import, print_function import doctest import os import re # this is hack to make sure no escape characters are inserted into the output if 'TERM' in os.environ: del os.environ['TERM'] run_tests = __import__('run-tests') def prn(ex): m = ex.args[0] if isinstance(m, str): print(m) else: print(m.decode('utf-8')) def lm(expected, output): r"""check if output matches expected does it generally work? >>> lm(b'H*e (glob)\n', b'Here\n') True fail on bad test data >>> try: lm(b'a\n',b'a') ... except AssertionError as ex: print(ex) missing newline >>> try: lm(b'single backslash\n', b'single \backslash\n') ... except AssertionError as ex: prn(ex) single backslash or unknown char """ assert (expected.endswith(b'\n') and output.endswith(b'\n')), 'missing newline' assert not re.search(br'[^ \w\\/\r\n()*?]', expected + output), \ b'single backslash or unknown char' match = run_tests.TTest.linematch(expected, output) if isinstance(match, str): return 'special: ' + match elif isinstance(match, bytes): return 'special: ' + match.decode('utf-8') else: return bool(match) # do not return match object def wintests(): r"""test matching like running on windows enable windows matching on any os >>> _osaltsep = os.altsep >>> os.altsep = True valid match on windows >>> lm(b'g/a*/d (glob)\n', b'g\\abc/d\n') True direct matching, glob unnecessary >>> lm(b'g/b (glob)\n', b'g/b\n') 'special: -glob' missing glob >>> lm(b'/g/c/d/fg\n', b'\\g\\c\\d/fg\n') 'special: +glob' restore os.altsep >>> os.altsep = _osaltsep """ pass def otherostests(): r"""test matching like running on non-windows os disable windows matching on any os >>> _osaltsep = os.altsep >>> os.altsep = False backslash does not match slash >>> lm(b'h/a* (glob)\n', b'h\\ab\n') False direct matching glob can not be recognized >>> lm(b'h/b (glob)\n', b'h/b\n') True missing glob can not not be recognized >>> lm(b'/h/c/df/g/\n', b'\\h/c\\df/g\\\n') False restore os.altsep >>> os.altsep = _osaltsep """ pass if __name__ == '__main__': doctest.testmod()