Mercurial > hg
view tests/test-subrepo-paths.t @ 28525:dfb21c34e07d
sslutil: allow multiple fingerprints per host
Certificate pinning via [hostfingerprints] is a useful security
feature. Currently, we only support one fingerprint per hostname.
This is simple but it fails in the real world:
* Switching certificates breaks clients until they change the
pinned certificate fingerprint. This incurs client downtime
and can require massive amounts of coordination to perform
certificate changes.
* Some servers operate with multiple certificates on the same
hostname.
This patch adds support for defining multiple certificate
fingerprints per host. This overcomes the deficiencies listed
above. I anticipate the primary use case of this feature will
be to define both the old and new certificate so a certificate
transition can occur with minimal interruption, so this scenario
has been called out in the help documentation.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Sun, 13 Mar 2016 14:03:58 -0700 |
parents | ee07f9d142c9 |
children | 4441705b7111 |
line wrap: on
line source
$ hg init outer $ cd outer $ echo '[paths]' >> .hg/hgrc $ echo 'default = http://example.net/' >> .hg/hgrc hg debugsub with no remapping $ echo 'sub = libfoo' > .hgsub $ hg add .hgsub $ hg debugsub path sub source libfoo revision hg debugsub with remapping $ echo '[subpaths]' >> .hg/hgrc $ printf 'http://example.net/lib(.*) = C:\\libs\\\\1-lib\\\n' >> .hg/hgrc $ hg debugsub path sub source C:\libs\foo-lib\ revision test cumulative remapping, the $HGRCPATH file is loaded first $ echo '[subpaths]' >> $HGRCPATH $ echo 'libfoo = libbar' >> $HGRCPATH $ hg debugsub path sub source C:\libs\bar-lib\ revision test absolute source path -- testing with a URL is important since standard os.path.join wont treat that as an absolute path $ echo 'abs = http://example.net/abs' > .hgsub $ hg debugsub path abs source http://example.net/abs revision $ echo 'abs = /abs' > .hgsub $ hg debugsub path abs source /abs revision test bad subpaths pattern $ cat > .hg/hgrc <<EOF > [subpaths] > .* = \1 > EOF $ hg debugsub abort: bad subrepository pattern in $TESTTMP/outer/.hg/hgrc:2: invalid group reference (glob) [255] $ cd ..