Mercurial > hg
view tests/test-newercgi.t @ 28525:dfb21c34e07d
sslutil: allow multiple fingerprints per host
Certificate pinning via [hostfingerprints] is a useful security
feature. Currently, we only support one fingerprint per hostname.
This is simple but it fails in the real world:
* Switching certificates breaks clients until they change the
pinned certificate fingerprint. This incurs client downtime
and can require massive amounts of coordination to perform
certificate changes.
* Some servers operate with multiple certificates on the same
hostname.
This patch adds support for defining multiple certificate
fingerprints per host. This overcomes the deficiencies listed
above. I anticipate the primary use case of this feature will
be to define both the old and new certificate so a certificate
transition can occur with minimal interruption, so this scenario
has been called out in the help documentation.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Sun, 13 Mar 2016 14:03:58 -0700 |
parents | 7a9cbb315d84 |
children | b6776b34e44e |
line wrap: on
line source
#require no-msys # MSYS will translate web paths as if they were file paths This is a rudimentary test of the CGI files as of d74fc8dec2b4. $ hg init test $ cat >hgweb.cgi <<HGWEB > #!/usr/bin/env python > # > # An example CGI script to use hgweb, edit as necessary > > import cgitb > cgitb.enable() > > from mercurial import demandimport; demandimport.enable() > from mercurial.hgweb import hgweb > from mercurial.hgweb import wsgicgi > > application = hgweb("test", "Empty test repository") > wsgicgi.launch(application) > HGWEB $ chmod 755 hgweb.cgi $ cat >hgweb.config <<HGWEBDIRCONF > [paths] > test = test > HGWEBDIRCONF $ cat >hgwebdir.cgi <<HGWEBDIR > #!/usr/bin/env python > # > # An example CGI script to export multiple hgweb repos, edit as necessary > > import cgitb > cgitb.enable() > > from mercurial import demandimport; demandimport.enable() > from mercurial.hgweb import hgwebdir > from mercurial.hgweb import wsgicgi > > application = hgwebdir("hgweb.config") > wsgicgi.launch(application) > HGWEBDIR $ chmod 755 hgwebdir.cgi $ . "$TESTDIR/cgienv" $ python hgweb.cgi > page1 $ python hgwebdir.cgi > page2 $ PATH_INFO="/test/" $ PATH_TRANSLATED="/var/something/test.cgi" $ REQUEST_URI="/test/test/" $ SCRIPT_URI="http://hg.omnifarious.org/test/test/" $ SCRIPT_URL="/test/test/" $ python hgwebdir.cgi > page3 $ grep -i error page1 page2 page3 [1]