view tests/test-confused-revert.t @ 28525:dfb21c34e07d

sslutil: allow multiple fingerprints per host Certificate pinning via [hostfingerprints] is a useful security feature. Currently, we only support one fingerprint per hostname. This is simple but it fails in the real world: * Switching certificates breaks clients until they change the pinned certificate fingerprint. This incurs client downtime and can require massive amounts of coordination to perform certificate changes. * Some servers operate with multiple certificates on the same hostname. This patch adds support for defining multiple certificate fingerprints per host. This overcomes the deficiencies listed above. I anticipate the primary use case of this feature will be to define both the old and new certificate so a certificate transition can occur with minimal interruption, so this scenario has been called out in the help documentation.
author Gregory Szorc <gregory.szorc@gmail.com>
date Sun, 13 Mar 2016 14:03:58 -0700
parents a934b9249574
children fc1d75e7a98d
line wrap: on
line source

  $ hg init
  $ echo foo > a
  $ hg add a
  $ hg commit -m "1"

  $ echo bar > b
  $ hg add b
  $ hg remove a

Should show a removed and b added:

  $ hg status
  A b
  R a

  $ hg revert --all
  undeleting a
  forgetting b

Should show b unknown and a back to normal:

  $ hg status
  ? b

  $ rm b

  $ hg co -C 0
  0 files updated, 0 files merged, 0 files removed, 0 files unresolved
  $ echo foo-a > a
  $ hg commit -m "2a"

  $ hg co -C 0
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
  $ echo foo-b > a
  $ hg commit -m "2b"
  created new head

  $ HGMERGE=true hg merge 1
  merging a
  0 files updated, 1 files merged, 0 files removed, 0 files unresolved
  (branch merge, don't forget to commit)

Should show foo-b:

  $ cat a
  foo-b

  $ echo bar > b
  $ hg add b
  $ rm a
  $ hg remove a

Should show a removed and b added:

  $ hg status
  A b
  R a

Revert should fail:

  $ hg revert
  abort: uncommitted merge with no revision specified
  (use "hg update" or see "hg help revert")
  [255]

Revert should be ok now:

  $ hg revert -r2 --all
  undeleting a
  forgetting b

Should show b unknown and a marked modified (merged):

  $ hg status
  M a
  ? b

Should show foo-b:

  $ cat a
  foo-b