Mercurial > hg
view tests/test-hgweb-auth.py.out @ 31290:f819aa9dbbf9
sslutil: issue warning when [hostfingerprint] is used
Mercurial 3.9 added the [hostsecurity] section, which is better
than [hostfingerprints] in every way.
One of the ways that [hostsecurity] is better is that it supports
SHA-256 and SHA-512 fingerprints, not just SHA-1 fingerprints.
The world is moving away from SHA-1 because it is borderline
secure. Mercurial should be part of that movement.
This patch adds a warning when a valid SHA-1 fingerprint from
the [hostfingerprints] section is being used. The warning informs
users to switch to [hostsecurity]. It even prints the config
option they should set. It uses the SHA-256 fingerprint because
recommending a SHA-1 fingerprint in 2017 would be ill-advised.
The warning will print itself on every connection to a server until
it is fixed. There is no way to suppress the warning. I admit this
is annoying. But given the security implications of sticking with
SHA-1, I think this is justified. If this patch is accepted,
I'll likely send a follow-up to start warning on SHA-1
certificates in [hostsecurity] as well. Then sometime down
the road, we can drop support for SHA-1 fingerprints.
Credit for this idea comes from timeless in issue 5466.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Thu, 09 Mar 2017 20:33:29 -0800 |
| parents | 0f1311e829c9 |
| children | 31c37e703cee |
line wrap: on
line source
*** Test in-uri schemes CFG: {x.prefix: http://example.org} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: https://example.org} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort CFG: {x.prefix: http://example.org, x.schemes: https} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: https://example.org, x.schemes: http} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort *** Test separately configured schemes CFG: {x.prefix: example.org, x.schemes: http} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: example.org, x.schemes: https} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort CFG: {x.prefix: example.org, x.schemes: http https} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('x', 'x') URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('x', 'x') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar abort *** Test prefix matching CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/bar} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('x', 'x') URI: http://example.org/bar ('y', 'y') URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/foo/bar} URI: http://example.org/foo ('x', 'x') URI: http://example.org/foo/bar ('y', 'y') URI: http://example.org/bar abort URI: https://example.org/foo abort URI: https://example.org/foo/bar abort URI: https://example.org/bar abort URI: https://x@example.org/bar abort URI: https://y@example.org/bar abort CFG: {x.prefix: *, y.prefix: https://example.org/bar} URI: http://example.org/foo abort URI: http://example.org/foo/bar abort URI: http://example.org/bar abort URI: https://example.org/foo ('x', 'x') URI: https://example.org/foo/bar ('x', 'x') URI: https://example.org/bar ('y', 'y') URI: https://x@example.org/bar ('x', 'x') URI: https://y@example.org/bar ('y', 'y') *** Test user matching CFG: {x.password: xpassword, x.prefix: http://example.org/foo, x.username: None} URI: http://y@example.org/foo ('y', 'xpassword') CFG: {x.password: xpassword, x.prefix: http://example.org/foo, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y} URI: http://y@example.org/foo ('y', 'ypassword') CFG: {x.password: xpassword, x.prefix: http://example.org/foo/bar, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y} URI: http://y@example.org/foo/bar ('y', 'xpassword') *** Test urllib2 and util.url URIs: http://user@example.com:8080/foo http://example.com:8080/foo ('user', '')