Mercurial > hg
view tests/test-branch-tag-confict.t @ 28525:dfb21c34e07d
sslutil: allow multiple fingerprints per host
Certificate pinning via [hostfingerprints] is a useful security
feature. Currently, we only support one fingerprint per hostname.
This is simple but it fails in the real world:
* Switching certificates breaks clients until they change the
pinned certificate fingerprint. This incurs client downtime
and can require massive amounts of coordination to perform
certificate changes.
* Some servers operate with multiple certificates on the same
hostname.
This patch adds support for defining multiple certificate
fingerprints per host. This overcomes the deficiencies listed
above. I anticipate the primary use case of this feature will
be to define both the old and new certificate so a certificate
transition can occur with minimal interruption, so this scenario
has been called out in the help documentation.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Sun, 13 Mar 2016 14:03:58 -0700 |
parents | f2719b387380 |
children |
line wrap: on
line source
Initial setup. $ hg init repo $ cd repo $ touch thefile $ hg ci -A -m 'Initial commit.' adding thefile Create a tag. $ hg tag branchortag Create a branch with the same name as the tag. $ hg branch branchortag marked working directory as branch branchortag (branches are permanent and global, did you want a bookmark?) $ hg ci -m 'Create a branch with the same name as a tag.' This is what we have: $ hg log changeset: 2:10519b3f489a branch: branchortag tag: tip user: test date: Thu Jan 01 00:00:00 1970 +0000 summary: Create a branch with the same name as a tag. changeset: 1:2635c45ca99b user: test date: Thu Jan 01 00:00:00 1970 +0000 summary: Added tag branchortag for changeset f57387372b5d changeset: 0:f57387372b5d tag: branchortag user: test date: Thu Jan 01 00:00:00 1970 +0000 summary: Initial commit. Update to the tag: $ hg up 'tag(branchortag)' 0 files updated, 0 files merged, 1 files removed, 0 files unresolved $ hg parents changeset: 0:f57387372b5d tag: branchortag user: test date: Thu Jan 01 00:00:00 1970 +0000 summary: Initial commit. Updating to the branch: $ hg up 'branch(branchortag)' 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg parents changeset: 2:10519b3f489a branch: branchortag tag: tip user: test date: Thu Jan 01 00:00:00 1970 +0000 summary: Create a branch with the same name as a tag. $ cd ..