Mercurial > hg
view tests/test-diff-reverse.t @ 28525:dfb21c34e07d
sslutil: allow multiple fingerprints per host
Certificate pinning via [hostfingerprints] is a useful security
feature. Currently, we only support one fingerprint per hostname.
This is simple but it fails in the real world:
* Switching certificates breaks clients until they change the
pinned certificate fingerprint. This incurs client downtime
and can require massive amounts of coordination to perform
certificate changes.
* Some servers operate with multiple certificates on the same
hostname.
This patch adds support for defining multiple certificate
fingerprints per host. This overcomes the deficiencies listed
above. I anticipate the primary use case of this feature will
be to define both the old and new certificate so a certificate
transition can occur with minimal interruption, so this scenario
has been called out in the help documentation.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Sun, 13 Mar 2016 14:03:58 -0700 |
parents | c586cb50872b |
children | 55c6ebd11cb9 |
line wrap: on
line source
$ hg init $ cat > a <<EOF > a > b > c > EOF $ hg ci -Am adda adding a $ cat > a <<EOF > d > e > f > EOF $ hg ci -m moda $ hg diff --reverse -r0 -r1 diff -r 2855cdcfcbb7 -r 8e1805a3cf6e a --- a/a Thu Jan 01 00:00:00 1970 +0000 +++ b/a Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +1,3 @@ -d -e -f +a +b +c $ cat >> a <<EOF > g > h > EOF $ hg diff --reverse --nodates diff -r 2855cdcfcbb7 a --- a/a +++ b/a @@ -1,5 +1,3 @@ d e f -g -h should show removed file 'a' as being added $ hg revert a $ hg rm a $ hg diff --reverse --nodates a diff -r 2855cdcfcbb7 a --- /dev/null +++ b/a @@ -0,0 +1,3 @@ +d +e +f should show added file 'b' as being removed $ echo b >> b $ hg add b $ hg diff --reverse --nodates b diff -r 2855cdcfcbb7 b --- a/b +++ /dev/null @@ -1,1 +0,0 @@ -b