Mercurial > hg
view tests/test-merge10.t @ 28525:dfb21c34e07d
sslutil: allow multiple fingerprints per host
Certificate pinning via [hostfingerprints] is a useful security
feature. Currently, we only support one fingerprint per hostname.
This is simple but it fails in the real world:
* Switching certificates breaks clients until they change the
pinned certificate fingerprint. This incurs client downtime
and can require massive amounts of coordination to perform
certificate changes.
* Some servers operate with multiple certificates on the same
hostname.
This patch adds support for defining multiple certificate
fingerprints per host. This overcomes the deficiencies listed
above. I anticipate the primary use case of this feature will
be to define both the old and new certificate so a certificate
transition can occur with minimal interruption, so this scenario
has been called out in the help documentation.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Sun, 13 Mar 2016 14:03:58 -0700 |
parents | f2719b387380 |
children | eb586ed5d8ce |
line wrap: on
line source
Test for changeset 9fe267f77f56ff127cf7e65dc15dd9de71ce8ceb (merge correctly when all the files in a directory are moved but then local changes are added in the same directory) $ hg init a $ cd a $ mkdir -p testdir $ echo a > testdir/a $ hg add testdir/a $ hg commit -m a $ cd .. $ hg clone a b updating to branch default 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ cd a $ echo alpha > testdir/a $ hg commit -m remote-change $ cd .. $ cd b $ mkdir testdir/subdir $ hg mv testdir/a testdir/subdir/a $ hg commit -m move $ mkdir newdir $ echo beta > newdir/beta $ hg add newdir/beta $ hg commit -m local-addition $ hg pull ../a pulling from ../a searching for changes adding changesets adding manifests adding file changes added 1 changesets with 1 changes to 1 files (+1 heads) (run 'hg heads' to see heads, 'hg merge' to merge) $ hg up -C 2 0 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg merge merging testdir/subdir/a and testdir/a to testdir/subdir/a 0 files updated, 1 files merged, 0 files removed, 0 files unresolved (branch merge, don't forget to commit) $ hg stat M testdir/subdir/a $ hg diff --nodates diff -r bc21c9773bfa testdir/subdir/a --- a/testdir/subdir/a +++ b/testdir/subdir/a @@ -1,1 +1,1 @@ -a +alpha $ cd ..