changeset 13329:4e92ad05fe18

merge with stable
author Mads Kiilerich <mads@kiilerich.com>
date Tue, 01 Feb 2011 01:55:45 +0100
parents dc11e30b48a3 (current diff) a939f08fae9c (diff)
children 9f2c6892e004
files doc/hgrc.5.txt mercurial/commands.py mercurial/url.py
diffstat 6 files changed, 34 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/doc/hgrc.5.txt	Mon Jan 31 22:16:33 2011 +0100
+++ b/doc/hgrc.5.txt	Tue Feb 01 01:55:45 2011 +0100
@@ -1030,6 +1030,9 @@
     You can use OpenSSL's CA certificate file if your platform has one.
     On most Linux systems this will be ``/etc/ssl/certs/ca-certificates.crt``.
     Otherwise you will have to generate this file manually.
+
+    To disable SSL verification temporarily, specify ``--insecure`` from
+    command line.
 ``contact``
     Name or email address of the person in charge of the repository.
     Defaults to ui.username or ``$EMAIL`` or "unknown" if unset or empty.
--- a/mercurial/commands.py	Mon Jan 31 22:16:33 2011 +0100
+++ b/mercurial/commands.py	Tue Feb 01 01:55:45 2011 +0100
@@ -3948,6 +3948,8 @@
      _('specify ssh command to use'), _('CMD')),
     ('', 'remotecmd', '',
      _('specify hg command to run on the remote side'), _('CMD')),
+    ('', 'insecure', None,
+     _('do not verify server certificate (ignoring web.cacerts config)')),
 ]
 
 walkopts = [
--- a/mercurial/dispatch.py	Mon Jan 31 22:16:33 2011 +0100
+++ b/mercurial/dispatch.py	Tue Feb 01 01:55:45 2011 +0100
@@ -552,6 +552,9 @@
     if options['noninteractive']:
         ui.setconfig('ui', 'interactive', 'off')
 
+    if cmdoptions.get('insecure', False):
+        ui.setconfig('web', 'cacerts', '')
+
     if options['help']:
         return commands.help_(ui, cmd, options['version'])
     elif options['version']:
--- a/mercurial/url.py	Mon Jan 31 22:16:33 2011 +0100
+++ b/mercurial/url.py	Tue Feb 01 01:55:45 2011 +0100
@@ -559,8 +559,9 @@
                         ca_certs=cacerts)
                 msg = _verifycert(self.sock.getpeercert(), self.host)
                 if msg:
-                    raise util.Abort(_('%s certificate error: %s') %
-                                     (self.host, msg))
+                    raise util.Abort(_('%s certificate error: %s '
+                                       '(use --insecure to connect '
+                                       'insecurely)') % (self.host, msg))
                 self.ui.debug('%s certificate successfully verified\n' %
                               self.host)
             else:
--- a/tests/test-debugcomplete.t	Mon Jan 31 22:16:33 2011 +0100
+++ b/tests/test-debugcomplete.t	Tue Feb 01 01:55:45 2011 +0100
@@ -179,16 +179,16 @@
   $ hg debugcommands
   add: include, exclude, subrepos, dry-run
   annotate: rev, follow, no-follow, text, user, file, date, number, changeset, line-number, include, exclude
-  clone: noupdate, updaterev, rev, branch, pull, uncompressed, ssh, remotecmd
+  clone: noupdate, updaterev, rev, branch, pull, uncompressed, ssh, remotecmd, insecure
   commit: addremove, close-branch, include, exclude, message, logfile, date, user
   diff: rev, change, text, git, nodates, show-function, reverse, ignore-all-space, ignore-space-change, ignore-blank-lines, unified, stat, include, exclude, subrepos
   export: output, switch-parent, rev, text, git, nodates
   forget: include, exclude
-  init: ssh, remotecmd
+  init: ssh, remotecmd, insecure
   log: follow, follow-first, date, copies, keyword, rev, removed, only-merges, user, only-branch, branch, prune, patch, git, limit, no-merges, stat, style, template, include, exclude
   merge: force, tool, rev, preview
-  pull: update, force, rev, branch, ssh, remotecmd
-  push: force, rev, branch, new-branch, ssh, remotecmd
+  pull: update, force, rev, branch, ssh, remotecmd, insecure
+  push: force, rev, branch, new-branch, ssh, remotecmd, insecure
   remove: after, force, include, exclude
   serve: accesslog, daemon, daemon-pipefds, errorlog, port, address, prefix, name, web-conf, webdir-conf, pid-file, stdio, templates, style, ipv6, certificate
   status: all, modified, added, removed, deleted, clean, unknown, ignored, no-status, copies, print0, rev, change, include, exclude, subrepos
@@ -200,7 +200,7 @@
   bisect: reset, good, bad, skip, command, noupdate
   branch: force, clean
   branches: active, closed
-  bundle: force, rev, branch, base, all, type, ssh, remotecmd
+  bundle: force, rev, branch, base, all, type, ssh, remotecmd, insecure
   cat: output, rev, decode, include, exclude
   copy: after, force, include, exclude, dry-run
   debugancestor: 
@@ -228,10 +228,10 @@
   help: 
   identify: rev, num, id, branch, tags
   import: strip, base, force, no-commit, exact, import-branch, message, logfile, date, user, similarity
-  incoming: force, newest-first, bundle, rev, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, subrepos
+  incoming: force, newest-first, bundle, rev, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, insecure, subrepos
   locate: rev, print0, fullpath, include, exclude
   manifest: rev
-  outgoing: force, rev, newest-first, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, subrepos
+  outgoing: force, rev, newest-first, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, insecure, subrepos
   parents: rev, style, template
   paths: 
   recover: 
--- a/tests/test-https.t	Mon Jan 31 22:16:33 2011 +0100
+++ b/tests/test-https.t	Tue Feb 01 01:55:45 2011 +0100
@@ -163,15 +163,30 @@
   pulling from https://localhost:$HGPORT/
   searching for changes
   no changes found
+  $ P=`pwd` hg -R copy-pull pull --insecure
+  warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
+  pulling from https://localhost:$HGPORT/
+  searching for changes
+  no changes found
 
 cacert mismatch
 
   $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/
-  abort: 127.0.0.1 certificate error: certificate is for localhost
+  abort: 127.0.0.1 certificate error: certificate is for localhost (use --insecure to connect insecurely)
   [255]
+  $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure
+  warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
+  pulling from https://127.0.0.1:$HGPORT/
+  searching for changes
+  no changes found
   $ hg -R copy-pull pull --config web.cacerts=pub-other.pem
   abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob)
   [255]
+  $ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure
+  warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
+  pulling from https://localhost:$HGPORT/
+  searching for changes
+  no changes found
 
 Test server cert which isn't valid yet