Mercurial > hg
changeset 29331:1e02d9576194
tests: extract SSL certificates from test-https.t
They can be reused in SMTPS tests.
author | Yuya Nishihara <yuya@tcha.org> |
---|---|
date | Fri, 27 May 2016 22:40:09 +0900 |
parents | 12c97985ddeb |
children | 2bb0ddd8267b |
files | tests/sslcerts/README tests/sslcerts/client-cert.pem tests/sslcerts/client-key-decrypted.pem tests/sslcerts/client-key.pem tests/sslcerts/priv.pem tests/sslcerts/pub-expired.pem tests/sslcerts/pub-not-yet.pem tests/sslcerts/pub-other.pem tests/sslcerts/pub.pem tests/test-https.t |
diffstat | 10 files changed, 142 insertions(+), 144 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/sslcerts/README Fri May 27 22:40:09 2016 +0900 @@ -0,0 +1,26 @@ +Certificates created with: + printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \ + openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem +Can be dumped with: + openssl x509 -in pub.pem -text + + - priv.pem + - pub.pem + - pub-other.pem + +pub.pem patched with other notBefore / notAfter: + + - pub-not-yet.pem + - pub-expired.pem + +Client certificates created with: + openssl genrsa -aes128 -passout pass:1234 -out client-key.pem 512 + openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem + printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \ + openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem + openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \ + -set_serial 01 -out client-cert.pem + + - client-key.pem + - client-key-decrypted.pem + - client-cert.pem
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/sslcerts/client-cert.pem Fri May 27 22:40:09 2016 +0900 @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBPjCB6QIBATANBgkqhkiG9w0BAQsFADAxMRIwEAYDVQQDDAlsb2NhbGhvc3Qx +GzAZBgkqhkiG9w0BCQEWDGhnQGxvY2FsaG9zdDAeFw0xNTA1MDcwNjI5NDVaFw0z +OTEyMjcwNjI5NDVaMCQxIjAgBgkqhkiG9w0BCQEWE2hnLWNsaWVudEBsb2NhbGhv +c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAmzgtLeCUBhT3ZuDmQ+BE81bzh7AH +R9Yl8ApxwKnUAIcB1k95opsUKKdUxgoBVtWoGTKtn9PKvxpJ8zPjE7j4qwIDAQAB +MA0GCSqGSIb3DQEBCwUAA0EAfBTqBG5pYhuGk+ZnyUufgS+d7Nk/sZAZjNdCAEj/ +NFPo5fR1jM6jlEWoWbeg298+SkjV7tfO+2nt0otUFkdM6A== +-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/sslcerts/client-key-decrypted.pem Fri May 27 22:40:09 2016 +0900 @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBAJs4LS3glAYU92bg5kPgRPNW84ewB0fWJfAKccCp1ACHAdZPeaKb +FCinVMYKAVbVqBkyrZ/Tyr8aSfMz4xO4+KsCAwEAAQJAeKDr25+Q6jkZHEbkLRP6 +AfMtR+Ixhk6TJT24sbZKIC2V8KuJTDEvUhLU0CAr1nH79bDqiSsecOiVCr2HHyfT +AQIhAM2C5rHbTs9R3PkywFEqq1gU3ztCnpiWglO7/cIkuGBhAiEAwVpMSAf77kop +4h/1kWsgMALQTJNsXd4CEUK4BOxvJIsCIQCbarVAKBQvoT81jfX27AfscsxnKnh5 ++MjSvkanvdFZwQIgbbcTefwt1LV4trtz2SR0i0nNcOZmo40Kl0jIquKO3qkCIH01 +mJHzZr3+jQqeIFtr5P+Xqi30DJxgrnEobbJ0KFjY +-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/sslcerts/client-key.pem Fri May 27 22:40:09 2016 +0900 @@ -0,0 +1,12 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,C8B8F103A61A336FB0716D1C0F8BB2E8 + +JolMlCFjEW3q3JJjO9z99NJWeJbFgF5DpUOkfSCxH56hxxtZb9x++rBvBZkxX1bF +BAIe+iI90+jdCLwxbILWuFcrJUaLC5WmO14XDKYVmr2eW9e4MiCYOlO0Q6a9rDFS +jctRCfvubOXFHbBGLH8uKEMpXEkP7Lc60FiIukqjuQEivJjrQirVtZCGwyk3qUi7 +Eyh4Lo63IKGu8T1Bkmn2kaMvFhu7nC/CQLBjSq0YYI1tmCOkVb/3tPrz8oqgDJp2 +u7bLS3q0xDNZ52nVrKIoZC/UlRXGlPyzPpa70/jPIdfCbkwDaBpRVXc+62Pj2n5/ +CnO2xaKwfOG6pDvanBhFD72vuBOkAYlFZPiEku4sc2WlNggsSWCPCIFwzmiHjKIl +bWmdoTq3nb7sNfnBbV0OCa7fS1dFwCm4R1NC7ELENu0= +-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/sslcerts/priv.pem Fri May 27 22:40:09 2016 +0900 @@ -0,0 +1,10 @@ +-----BEGIN PRIVATE KEY----- +MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH +aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8 +j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc +EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG +MF1ACazQO7PYE8M0qfECIQDONHHP0SKZzz/ZwBZcAveC5K61f/v9hONFwbeYulzR ++wIgc9SvbtgB/5Yzpp//4ZAEnR7oh5SClCvyB+KSx52K3nECICbhQphhoXmI10wy +aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh +HY8gUVkVRVs= +-----END PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/sslcerts/pub-expired.pem Fri May 27 22:40:09 2016 +0900 @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs +aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx +NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv +c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK +EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA ++ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt +2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ= +-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/sslcerts/pub-not-yet.pem Fri May 27 22:40:09 2016 +0900 @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs +aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw +NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv +c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK +EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA ++ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb +/12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0= +-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/sslcerts/pub-other.pem Fri May 27 22:40:09 2016 +0900 @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV +BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw +MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0 +MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL +ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo +K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN +y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6 +bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig= +-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/sslcerts/pub.pem Fri May 27 22:40:09 2016 +0900 @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV +BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw +MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0 +MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL +ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX +6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm +r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl +t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c= +-----END CERTIFICATE-----
--- a/tests/test-https.t Tue May 31 21:49:49 2016 +0900 +++ b/tests/test-https.t Fri May 27 22:40:09 2016 +0900 @@ -2,131 +2,13 @@ Proper https client requires the built-in ssl from Python 2.6. -Certificates created with: - printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \ - openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem -Can be dumped with: - openssl x509 -in pub.pem -text - - $ cat << EOT > priv.pem - > -----BEGIN PRIVATE KEY----- - > MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH - > aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8 - > j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc - > EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG - > MF1ACazQO7PYE8M0qfECIQDONHHP0SKZzz/ZwBZcAveC5K61f/v9hONFwbeYulzR - > +wIgc9SvbtgB/5Yzpp//4ZAEnR7oh5SClCvyB+KSx52K3nECICbhQphhoXmI10wy - > aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh - > HY8gUVkVRVs= - > -----END PRIVATE KEY----- - > EOT - - $ cat << EOT > pub.pem - > -----BEGIN CERTIFICATE----- - > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV - > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw - > MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0 - > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL - > ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX - > 6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm - > r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw - > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl - > t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c= - > -----END CERTIFICATE----- - > EOT - $ cat priv.pem pub.pem >> server.pem - $ PRIV=`pwd`/server.pem - - $ cat << EOT > pub-other.pem - > -----BEGIN CERTIFICATE----- - > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV - > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw - > MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0 - > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL - > ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo - > K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN - > y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw - > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6 - > bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig= - > -----END CERTIFICATE----- - > EOT - -pub.pem patched with other notBefore / notAfter: +Make server certificates: - $ cat << EOT > pub-not-yet.pem - > -----BEGIN CERTIFICATE----- - > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs - > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw - > NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv - > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK - > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA - > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T - > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb - > /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0= - > -----END CERTIFICATE----- - > EOT - $ cat priv.pem pub-not-yet.pem > server-not-yet.pem - - $ cat << EOT > pub-expired.pem - > -----BEGIN CERTIFICATE----- - > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs - > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx - > NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv - > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK - > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA - > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T - > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt - > 2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ= - > -----END CERTIFICATE----- - > EOT - $ cat priv.pem pub-expired.pem > server-expired.pem - -Client certificates created with: - openssl genrsa -aes128 -passout pass:1234 -out client-key.pem 512 - openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem - printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \ - openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem - openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \ - -set_serial 01 -out client-cert.pem - - $ cat << EOT > client-key.pem - > -----BEGIN RSA PRIVATE KEY----- - > Proc-Type: 4,ENCRYPTED - > DEK-Info: AES-128-CBC,C8B8F103A61A336FB0716D1C0F8BB2E8 - > - > JolMlCFjEW3q3JJjO9z99NJWeJbFgF5DpUOkfSCxH56hxxtZb9x++rBvBZkxX1bF - > BAIe+iI90+jdCLwxbILWuFcrJUaLC5WmO14XDKYVmr2eW9e4MiCYOlO0Q6a9rDFS - > jctRCfvubOXFHbBGLH8uKEMpXEkP7Lc60FiIukqjuQEivJjrQirVtZCGwyk3qUi7 - > Eyh4Lo63IKGu8T1Bkmn2kaMvFhu7nC/CQLBjSq0YYI1tmCOkVb/3tPrz8oqgDJp2 - > u7bLS3q0xDNZ52nVrKIoZC/UlRXGlPyzPpa70/jPIdfCbkwDaBpRVXc+62Pj2n5/ - > CnO2xaKwfOG6pDvanBhFD72vuBOkAYlFZPiEku4sc2WlNggsSWCPCIFwzmiHjKIl - > bWmdoTq3nb7sNfnBbV0OCa7fS1dFwCm4R1NC7ELENu0= - > -----END RSA PRIVATE KEY----- - > EOT - - $ cat << EOT > client-key-decrypted.pem - > -----BEGIN RSA PRIVATE KEY----- - > MIIBOgIBAAJBAJs4LS3glAYU92bg5kPgRPNW84ewB0fWJfAKccCp1ACHAdZPeaKb - > FCinVMYKAVbVqBkyrZ/Tyr8aSfMz4xO4+KsCAwEAAQJAeKDr25+Q6jkZHEbkLRP6 - > AfMtR+Ixhk6TJT24sbZKIC2V8KuJTDEvUhLU0CAr1nH79bDqiSsecOiVCr2HHyfT - > AQIhAM2C5rHbTs9R3PkywFEqq1gU3ztCnpiWglO7/cIkuGBhAiEAwVpMSAf77kop - > 4h/1kWsgMALQTJNsXd4CEUK4BOxvJIsCIQCbarVAKBQvoT81jfX27AfscsxnKnh5 - > +MjSvkanvdFZwQIgbbcTefwt1LV4trtz2SR0i0nNcOZmo40Kl0jIquKO3qkCIH01 - > mJHzZr3+jQqeIFtr5P+Xqi30DJxgrnEobbJ0KFjY - > -----END RSA PRIVATE KEY----- - > EOT - - $ cat << EOT > client-cert.pem - > -----BEGIN CERTIFICATE----- - > MIIBPjCB6QIBATANBgkqhkiG9w0BAQsFADAxMRIwEAYDVQQDDAlsb2NhbGhvc3Qx - > GzAZBgkqhkiG9w0BCQEWDGhnQGxvY2FsaG9zdDAeFw0xNTA1MDcwNjI5NDVaFw0z - > OTEyMjcwNjI5NDVaMCQxIjAgBgkqhkiG9w0BCQEWE2hnLWNsaWVudEBsb2NhbGhv - > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAmzgtLeCUBhT3ZuDmQ+BE81bzh7AH - > R9Yl8ApxwKnUAIcB1k95opsUKKdUxgoBVtWoGTKtn9PKvxpJ8zPjE7j4qwIDAQAB - > MA0GCSqGSIb3DQEBCwUAA0EAfBTqBG5pYhuGk+ZnyUufgS+d7Nk/sZAZjNdCAEj/ - > NFPo5fR1jM6jlEWoWbeg298+SkjV7tfO+2nt0otUFkdM6A== - > -----END CERTIFICATE----- - > EOT + $ CERTSDIR="$TESTDIR/sslcerts" + $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem + $ PRIV=`pwd`/server.pem + $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem + $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem $ hg init test $ cd test @@ -217,7 +99,7 @@ $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu $ echo "[web]" >> copy-pull/.hg/hgrc - $ echo "cacerts=`pwd`/pub.pem" >> copy-pull/.hg/hgrc + $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc $ hg -R copy-pull pull --traceback pulling from https://localhost:$HGPORT/ searching for changes @@ -229,11 +111,11 @@ $ echo "[web]" >> $HGRCPATH $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH - $ P=`pwd` hg -R copy-pull pull + $ P="$CERTSDIR" hg -R copy-pull pull pulling from https://localhost:$HGPORT/ searching for changes no changes found - $ P=`pwd` hg -R copy-pull pull --insecure + $ P="$CERTSDIR" hg -R copy-pull pull --insecure pulling from https://localhost:$HGPORT/ warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering searching for changes @@ -241,21 +123,24 @@ cacert mismatch - $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ + $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ + > https://127.0.0.1:$HGPORT/ pulling from https://127.0.0.1:$HGPORT/ abort: 127.0.0.1 certificate error: certificate is for localhost (set hostsecurity.127.0.0.1:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely) [255] - $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure + $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ + > https://127.0.0.1:$HGPORT/ --insecure pulling from https://127.0.0.1:$HGPORT/ warning: connection security to 127.0.0.1 is disabled per current settings; communication is susceptible to eavesdropping and tampering searching for changes no changes found - $ hg -R copy-pull pull --config web.cacerts=pub-other.pem + $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" pulling from https://localhost:$HGPORT/ abort: error: *certificate verify failed* (glob) [255] - $ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure + $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \ + > --insecure pulling from https://localhost:$HGPORT/ warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering searching for changes @@ -265,7 +150,8 @@ $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem $ cat hg1.pid >> $DAEMON_PIDS - $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/ + $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \ + > https://localhost:$HGPORT1/ pulling from https://localhost:$HGPORT1/ abort: error: *certificate verify failed* (glob) [255] @@ -274,7 +160,8 @@ $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem $ cat hg2.pid >> $DAEMON_PIDS - $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ + $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \ + > https://localhost:$HGPORT2/ pulling from https://localhost:$HGPORT2/ abort: error: *certificate verify failed* (glob) [255] @@ -353,7 +240,8 @@ Test https with cacert and fingerprint through proxy - $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub.pem + $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ + > --config web.cacerts="$CERTSDIR/pub.pem" pulling from https://localhost:$HGPORT/ searching for changes no changes found @@ -364,11 +252,13 @@ Test https with cert problems through proxy - $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-other.pem + $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ + > --config web.cacerts="$CERTSDIR/pub-other.pem" pulling from https://localhost:$HGPORT/ abort: error: *certificate verify failed* (glob) [255] - $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ + $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ + > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/ pulling from https://localhost:$HGPORT2/ abort: error: *certificate verify failed* (glob) [255] @@ -403,7 +293,7 @@ without client certificate: - $ P=`pwd` hg id https://localhost:$HGPORT/ + $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ abort: error: *handshake failure* (glob) [255] @@ -412,19 +302,19 @@ $ cat << EOT >> $HGRCPATH > [auth] > l.prefix = localhost - > l.cert = client-cert.pem - > l.key = client-key.pem + > l.cert = $CERTSDIR/client-cert.pem + > l.key = $CERTSDIR/client-key.pem > EOT - $ P=`pwd` hg id https://localhost:$HGPORT/ \ - > --config auth.l.key=client-key-decrypted.pem + $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ + > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem" 5fed3813f7f5 - $ printf '1234\n' | env P=`pwd` hg id https://localhost:$HGPORT/ \ + $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ > --config ui.interactive=True --config ui.nontty=True - passphrase for client-key.pem: 5fed3813f7f5 + passphrase for */client-key.pem: 5fed3813f7f5 (glob) - $ env P=`pwd` hg id https://localhost:$HGPORT/ + $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/ abort: error: * (glob) [255]