Mercurial > hg

view tests/test-hgweb-auth.py.out @ 28525:dfb21c34e07d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: allow multiple fingerprints per host Certificate pinning via [hostfingerprints] is a useful security feature. Currently, we only support one fingerprint per hostname. This is simple but it fails in the real world: * Switching certificates breaks clients until they change the pinned certificate fingerprint. This incurs client downtime and can require massive amounts of coordination to perform certificate changes. * Some servers operate with multiple certificates on the same hostname. This patch adds support for defining multiple certificate fingerprints per host. This overcomes the deficiencies listed above. I anticipate the primary use case of this feature will be to define both the old and new certificate so a certificate transition can occur with minimal interruption, so this scenario has been called out in the help documentation.
author Gregory Szorc <gregory.szorc@gmail.com>
date Sun, 13 Mar 2016 14:03:58 -0700
parents 0f1311e829c9
children 31c37e703cee
line wrap: on
line source


*** Test in-uri schemes

CFG: {x.prefix: http://example.org}
URI: http://example.org/foo
     ('x', 'x')
URI: http://example.org/foo/bar
     ('x', 'x')
URI: http://example.org/bar
     ('x', 'x')
URI: https://example.org/foo
     abort
URI: https://example.org/foo/bar
     abort
URI: https://example.org/bar
     abort
URI: https://x@example.org/bar
     abort
URI: https://y@example.org/bar
     abort
CFG: {x.prefix: https://example.org}
URI: http://example.org/foo
     abort
URI: http://example.org/foo/bar
     abort
URI: http://example.org/bar
     abort
URI: https://example.org/foo
     ('x', 'x')
URI: https://example.org/foo/bar
     ('x', 'x')
URI: https://example.org/bar
     ('x', 'x')
URI: https://x@example.org/bar
     ('x', 'x')
URI: https://y@example.org/bar
     abort
CFG: {x.prefix: http://example.org, x.schemes: https}
URI: http://example.org/foo
     ('x', 'x')
URI: http://example.org/foo/bar
     ('x', 'x')
URI: http://example.org/bar
     ('x', 'x')
URI: https://example.org/foo
     abort
URI: https://example.org/foo/bar
     abort
URI: https://example.org/bar
     abort
URI: https://x@example.org/bar
     abort
URI: https://y@example.org/bar
     abort
CFG: {x.prefix: https://example.org, x.schemes: http}
URI: http://example.org/foo
     abort
URI: http://example.org/foo/bar
     abort
URI: http://example.org/bar
     abort
URI: https://example.org/foo
     ('x', 'x')
URI: https://example.org/foo/bar
     ('x', 'x')
URI: https://example.org/bar
     ('x', 'x')
URI: https://x@example.org/bar
     ('x', 'x')
URI: https://y@example.org/bar
     abort

*** Test separately configured schemes

CFG: {x.prefix: example.org, x.schemes: http}
URI: http://example.org/foo
     ('x', 'x')
URI: http://example.org/foo/bar
     ('x', 'x')
URI: http://example.org/bar
     ('x', 'x')
URI: https://example.org/foo
     abort
URI: https://example.org/foo/bar
     abort
URI: https://example.org/bar
     abort
URI: https://x@example.org/bar
     abort
URI: https://y@example.org/bar
     abort
CFG: {x.prefix: example.org, x.schemes: https}
URI: http://example.org/foo
     abort
URI: http://example.org/foo/bar
     abort
URI: http://example.org/bar
     abort
URI: https://example.org/foo
     ('x', 'x')
URI: https://example.org/foo/bar
     ('x', 'x')
URI: https://example.org/bar
     ('x', 'x')
URI: https://x@example.org/bar
     ('x', 'x')
URI: https://y@example.org/bar
     abort
CFG: {x.prefix: example.org, x.schemes: http https}
URI: http://example.org/foo
     ('x', 'x')
URI: http://example.org/foo/bar
     ('x', 'x')
URI: http://example.org/bar
     ('x', 'x')
URI: https://example.org/foo
     ('x', 'x')
URI: https://example.org/foo/bar
     ('x', 'x')
URI: https://example.org/bar
     ('x', 'x')
URI: https://x@example.org/bar
     ('x', 'x')
URI: https://y@example.org/bar
     abort

*** Test prefix matching

CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/bar}
URI: http://example.org/foo
     ('x', 'x')
URI: http://example.org/foo/bar
     ('x', 'x')
URI: http://example.org/bar
     ('y', 'y')
URI: https://example.org/foo
     abort
URI: https://example.org/foo/bar
     abort
URI: https://example.org/bar
     abort
URI: https://x@example.org/bar
     abort
URI: https://y@example.org/bar
     abort
CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/foo/bar}
URI: http://example.org/foo
     ('x', 'x')
URI: http://example.org/foo/bar
     ('y', 'y')
URI: http://example.org/bar
     abort
URI: https://example.org/foo
     abort
URI: https://example.org/foo/bar
     abort
URI: https://example.org/bar
     abort
URI: https://x@example.org/bar
     abort
URI: https://y@example.org/bar
     abort
CFG: {x.prefix: *, y.prefix: https://example.org/bar}
URI: http://example.org/foo
     abort
URI: http://example.org/foo/bar
     abort
URI: http://example.org/bar
     abort
URI: https://example.org/foo
     ('x', 'x')
URI: https://example.org/foo/bar
     ('x', 'x')
URI: https://example.org/bar
     ('y', 'y')
URI: https://x@example.org/bar
     ('x', 'x')
URI: https://y@example.org/bar
     ('y', 'y')

*** Test user matching

CFG: {x.password: xpassword, x.prefix: http://example.org/foo, x.username: None}
URI: http://y@example.org/foo
     ('y', 'xpassword')
CFG: {x.password: xpassword, x.prefix: http://example.org/foo, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y}
URI: http://y@example.org/foo
     ('y', 'ypassword')
CFG: {x.password: xpassword, x.prefix: http://example.org/foo/bar, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y}
URI: http://y@example.org/foo/bar
     ('y', 'xpassword')

*** Test urllib2 and util.url

URIs: http://user@example.com:8080/foo http://example.com:8080/foo
('user', '')