Mercurial > hg
changeset 40024:86b22a4cfab1
wireprotov2: client support for advertising redirect targets
With the server now able to emit a redirect target descriptor, we can
start to teach the client to recognize it.
This commit implements support for filtering the advertised
redirect targets against supported features and for advertising
compatible redirect targets as part of command requests. It also
adds the minimal boilerplate required to fail when a content
redirect is seen.
The server doesn't yet do anything with the advertised redirect
targets. And the client can't yet follow redirects if it did. But
at least we're putting bytes on the wire.
Differential Revision: https://phab.mercurial-scm.org/D4776
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Wed, 26 Sep 2018 15:02:19 -0700 |
parents | 10cf8b116dd8 |
children | b099e6032f38 |
files | mercurial/httppeer.py mercurial/wireprotoframing.py mercurial/wireprotov2peer.py tests/test-wireproto-clientreactor.py tests/test-wireproto-content-redirects.t |
diffstat | 5 files changed, 712 insertions(+), 17 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/httppeer.py Wed Sep 26 17:46:48 2018 -0700 +++ b/mercurial/httppeer.py Wed Sep 26 15:02:19 2018 -0700 @@ -508,7 +508,8 @@ def _abort(self, exception): raise exception -def sendv2request(ui, opener, requestbuilder, apiurl, permission, requests): +def sendv2request(ui, opener, requestbuilder, apiurl, permission, requests, + redirect): reactor = wireprotoframing.clientreactor(hasmultiplesend=False, buffersends=True) @@ -525,7 +526,8 @@ for command, args, f in requests: ui.debug('sending command %s: %s\n' % ( command, stringutil.pprint(args, indent=2))) - assert not list(handler.callcommand(command, args, f)) + assert not list(handler.callcommand(command, args, f, + redirect=redirect)) # TODO stream this. body = b''.join(map(bytes, handler.flushcommands())) @@ -567,12 +569,14 @@ @interfaceutil.implementer(repository.ipeercommandexecutor) class httpv2executor(object): - def __init__(self, ui, opener, requestbuilder, apiurl, descriptor): + def __init__(self, ui, opener, requestbuilder, apiurl, descriptor, + redirect): self._ui = ui self._opener = opener self._requestbuilder = requestbuilder self._apiurl = apiurl self._descriptor = descriptor + self._redirect = redirect self._sent = False self._closed = False self._neededpermissions = set() @@ -672,7 +676,7 @@ handler, resp = sendv2request( self._ui, self._opener, self._requestbuilder, self._apiurl, - permission, calls) + permission, calls, self._redirect) # TODO we probably want to validate the HTTP code, media type, etc. @@ -734,6 +738,8 @@ self._requestbuilder = requestbuilder self._descriptor = apidescriptor + self._redirect = wireprotov2peer.supportedredirects(ui, apidescriptor) + # Start of ipeerconnection. def url(self): @@ -791,7 +797,7 @@ def commandexecutor(self): return httpv2executor(self.ui, self._opener, self._requestbuilder, - self._apiurl, self._descriptor) + self._apiurl, self._descriptor, self._redirect) # Registry of API service names to metadata about peers that handle it. #
--- a/mercurial/wireprotoframing.py Wed Sep 26 17:46:48 2018 -0700 +++ b/mercurial/wireprotoframing.py Wed Sep 26 15:02:19 2018 -0700 @@ -280,7 +280,8 @@ payload) def createcommandframes(stream, requestid, cmd, args, datafh=None, - maxframesize=DEFAULT_MAX_FRAME_SIZE): + maxframesize=DEFAULT_MAX_FRAME_SIZE, + redirect=None): """Create frames necessary to transmit a request to run a command. This is a generator of bytearrays. Each item represents a frame @@ -290,6 +291,9 @@ if args: data[b'args'] = args + if redirect: + data[b'redirect'] = redirect + data = b''.join(cborutil.streamencode(data)) offset = 0 @@ -1135,11 +1139,12 @@ class commandrequest(object): """Represents a request to run a command.""" - def __init__(self, requestid, name, args, datafh=None): + def __init__(self, requestid, name, args, datafh=None, redirect=None): self.requestid = requestid self.name = name self.args = args self.datafh = datafh + self.redirect = redirect self.state = 'pending' class clientreactor(object): @@ -1178,7 +1183,7 @@ self._activerequests = {} self._incomingstreams = {} - def callcommand(self, name, args, datafh=None): + def callcommand(self, name, args, datafh=None, redirect=None): """Request that a command be executed. Receives the command name, a dict of arguments to pass to the command, @@ -1192,7 +1197,8 @@ requestid = self._nextrequestid self._nextrequestid += 2 - request = commandrequest(requestid, name, args, datafh=datafh) + request = commandrequest(requestid, name, args, datafh=datafh, + redirect=redirect) if self._buffersends: self._pendingrequests.append(request) @@ -1256,7 +1262,8 @@ request.requestid, request.name, request.args, - request.datafh) + datafh=request.datafh, + redirect=request.redirect) for frame in res: yield frame
--- a/mercurial/wireprotov2peer.py Wed Sep 26 17:46:48 2018 -0700 +++ b/mercurial/wireprotov2peer.py Wed Sep 26 15:02:19 2018 -0700 @@ -13,6 +13,7 @@ from . import ( encoding, error, + sslutil, wireprotoframing, ) from .utils import ( @@ -34,6 +35,74 @@ return b''.join(chunks) +SUPPORTED_REDIRECT_PROTOCOLS = { + b'http', + b'https', +} + +SUPPORTED_CONTENT_HASHES = { + b'sha1', + b'sha256', +} + +def redirecttargetsupported(ui, target): + """Determine whether a redirect target entry is supported. + + ``target`` should come from the capabilities data structure emitted by + the server. + """ + if target.get(b'protocol') not in SUPPORTED_REDIRECT_PROTOCOLS: + ui.note(_('(remote redirect target %s uses unsupported protocol: %s)\n') + % (target[b'name'], target.get(b'protocol', b''))) + return False + + if target.get(b'snirequired') and not sslutil.hassni: + ui.note(_('(redirect target %s requires SNI, which is unsupported)\n') % + target[b'name']) + return False + + if b'tlsversions' in target: + tlsversions = set(target[b'tlsversions']) + supported = set() + + for v in sslutil.supportedprotocols: + assert v.startswith(b'tls') + supported.add(v[3:]) + + if not tlsversions & supported: + ui.note(_('(remote redirect target %s requires unsupported TLS ' + 'versions: %s)\n') % ( + target[b'name'], b', '.join(sorted(tlsversions)))) + return False + + ui.note(_('(remote redirect target %s is compatible)\n') % target[b'name']) + + return True + +def supportedredirects(ui, apidescriptor): + """Resolve the "redirect" command request key given an API descriptor. + + Given an API descriptor returned by the server, returns a data structure + that can be used in hte "redirect" field of command requests to advertise + support for compatible redirect targets. + + Returns None if no redirect targets are remotely advertised or if none are + supported. + """ + if not apidescriptor or b'redirect' not in apidescriptor: + return None + + targets = [t[b'name'] for t in apidescriptor[b'redirect'][b'targets'] + if redirecttargetsupported(ui, t)] + + hashes = [h for h in apidescriptor[b'redirect'][b'hashes'] + if h in SUPPORTED_CONTENT_HASHES] + + return { + b'targets': targets, + b'hashes': hashes, + } + class commandresponse(object): """Represents the response to a command request. @@ -87,9 +156,12 @@ def _handleinitial(self, o): self._seeninitial = True - if o[b'status'] == 'ok': + if o[b'status'] == b'ok': return + elif o[b'status'] == b'redirect': + raise error.Abort(_('redirect responses not yet supported')) + atoms = [{'msg': o[b'error'][b'message']}] if b'args' in o[b'error']: atoms[0]['args'] = o[b'error'][b'args'] @@ -150,12 +222,13 @@ self._responses = {} self._frameseof = False - def callcommand(self, command, args, f): + def callcommand(self, command, args, f, redirect=None): """Register a request to call a command. Returns an iterable of frames that should be sent over the wire. """ - request, action, meta = self._reactor.callcommand(command, args) + request, action, meta = self._reactor.callcommand(command, args, + redirect=redirect) if action != 'noop': raise error.ProgrammingError('%s not yet supported' % action)
--- a/tests/test-wireproto-clientreactor.py Wed Sep 26 17:46:48 2018 -0700 +++ b/tests/test-wireproto-clientreactor.py Wed Sep 26 15:02:19 2018 -0700 @@ -139,6 +139,29 @@ ffs(b'%d 0 0 command-response eos bar' % request.requestid)) self.assertEqual(action, b'responsedata') +class RedirectTests(unittest.TestCase): + def testredirect(self): + reactor = framing.clientreactor(buffersends=False) + + redirect = { + b'targets': [b'a', b'b'], + b'hashes': [b'sha256'], + } + + request, action, meta = reactor.callcommand( + b'foo', {}, redirect=redirect) + + self.assertEqual(action, b'sendframes') + + frames = list(meta[b'framegen']) + self.assertEqual(len(frames), 1) + + self.assertEqual(frames[0], + ffs(b'1 1 stream-begin command-request new ' + b"cbor:{b'name': b'foo', " + b"b'redirect': {b'targets': [b'a', b'b'], " + b"b'hashes': [b'sha256']}}")) + if __name__ == '__main__': import silenttestrunner silenttestrunner.main(__name__)
--- a/tests/test-wireproto-content-redirects.t Wed Sep 26 17:46:48 2018 -0700 +++ b/tests/test-wireproto-content-redirects.t Wed Sep 26 15:02:19 2018 -0700 @@ -57,16 +57,17 @@ s> Content-Length: 1970\r\n s> \r\n s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa5DnameHtarget-aHprotocolDhttpKsnirequired\xf4Ktlsversions\x82C1.2C1.3Duris\x81Shttp://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash + (remote redirect target target-a is compatible) sending capabilities command s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n s> Accept-Encoding: identity\r\n s> accept: application/mercurial-exp-framing-0005\r\n s> content-type: application/mercurial-exp-framing-0005\r\n - s> content-length: 27\r\n + s> content-length: 75\r\n s> host: $LOCALIP:$HGPORT\r\n (glob) s> user-agent: Mercurial debugwireproto\r\n s> \r\n - s> \x13\x00\x00\x01\x00\x01\x01\x11\xa1DnameLcapabilities + s> C\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81Htarget-a s> makefile('rb', None) s> HTTP/1.1 200 OK\r\n s> Server: testing stub value\r\n @@ -308,6 +309,8 @@ } ] +Unknown protocol is filtered from compatible targets + $ cat > redirects.py << EOF > [ > { @@ -344,16 +347,18 @@ s> Content-Length: 1997\r\n s> \r\n s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x82\xa3DnameHtarget-aHprotocolDhttpDuris\x81Shttp://example.com/\xa3DnameHtarget-bHprotocolGunknownDuris\x81Vunknown://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash + (remote redirect target target-a is compatible) + (remote redirect target target-b uses unsupported protocol: unknown) sending capabilities command s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n s> Accept-Encoding: identity\r\n s> accept: application/mercurial-exp-framing-0005\r\n s> content-type: application/mercurial-exp-framing-0005\r\n - s> content-length: 27\r\n + s> content-length: 75\r\n s> host: $LOCALIP:$HGPORT\r\n (glob) s> user-agent: Mercurial debugwireproto\r\n s> \r\n - s> \x13\x00\x00\x01\x00\x01\x01\x11\xa1DnameLcapabilities + s> C\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81Htarget-a s> makefile('rb', None) s> HTTP/1.1 200 OK\r\n s> Server: testing stub value\r\n @@ -597,5 +602,586 @@ } ] +Missing SNI support filters targets that require SNI + + $ cat > nosni.py << EOF + > from mercurial import sslutil + > sslutil.hassni = False + > EOF + $ cat >> $HGRCPATH << EOF + > [extensions] + > nosni=`pwd`/nosni.py + > EOF + + $ cat > redirects.py << EOF + > [ + > { + > b'name': b'target-bad-tls', + > b'protocol': b'https', + > b'uris': [b'https://example.com/'], + > b'snirequired': True, + > }, + > ] + > EOF + + $ sendhttpv2peerhandshake << EOF + > command capabilities + > EOF + creating http peer for wire protocol version 2 + s> GET /?cmd=capabilities HTTP/1.1\r\n + s> Accept-Encoding: identity\r\n + s> vary: X-HgProto-1,X-HgUpgrade-1\r\n + s> x-hgproto-1: cbor\r\n + s> x-hgupgrade-1: exp-http-v2-0002\r\n + s> accept: application/mercurial-0.1\r\n + s> host: $LOCALIP:$HGPORT\r\n (glob) + s> user-agent: Mercurial debugwireproto\r\n + s> \r\n + s> makefile('rb', None) + s> HTTP/1.1 200 OK\r\n + s> Server: testing stub value\r\n + s> Date: $HTTP_DATE$\r\n + s> Content-Type: application/mercurial-cbor\r\n + s> Content-Length: 1957\r\n + s> \r\n + s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKsnirequired\xf5Duris\x81Thttps://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash + (redirect target target-bad-tls requires SNI, which is unsupported) + sending capabilities command + s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n + s> Accept-Encoding: identity\r\n + s> accept: application/mercurial-exp-framing-0005\r\n + s> content-type: application/mercurial-exp-framing-0005\r\n + s> content-length: 66\r\n + s> host: $LOCALIP:$HGPORT\r\n (glob) + s> user-agent: Mercurial debugwireproto\r\n + s> \r\n + s> :\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x80 + s> makefile('rb', None) + s> HTTP/1.1 200 OK\r\n + s> Server: testing stub value\r\n + s> Date: $HTTP_DATE$\r\n + s> Content-Type: application/mercurial-exp-framing-0005\r\n + s> Transfer-Encoding: chunked\r\n + s> \r\n + s> 13\r\n + s> \x0b\x00\x00\x01\x00\x02\x011 + s> \xa1FstatusBok + s> \r\n + received frame(size=11; request=1; stream=2; streamflags=stream-begin; type=command-response; flags=continuation) + s> 59e\r\n + s> \x96\x05\x00\x01\x00\x02\x001 + s> \xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKsnirequired\xf5Duris\x81Thttps://example.com/ + s> \r\n + received frame(size=1430; request=1; stream=2; streamflags=; type=command-response; flags=continuation) + s> 8\r\n + s> \x00\x00\x00\x01\x00\x02\x002 + s> \r\n + s> 0\r\n + s> \r\n + received frame(size=0; request=1; stream=2; streamflags=; type=command-response; flags=eos) + response: gen[ + { + b'commands': { + b'branchmap': { + b'args': {}, + b'permissions': [ + b'pull' + ] + }, + b'capabilities': { + b'args': {}, + b'permissions': [ + b'pull' + ] + }, + b'changesetdata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'bookmarks', + b'parents', + b'phase', + b'revision' + ]) + }, + b'noderange': { + b'default': None, + b'required': False, + b'type': b'list' + }, + b'nodes': { + b'default': None, + b'required': False, + b'type': b'list' + }, + b'nodesdepth': { + b'default': None, + b'required': False, + b'type': b'int' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'filedata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'parents', + b'revision' + ]) + }, + b'haveparents': { + b'default': False, + b'required': False, + b'type': b'bool' + }, + b'nodes': { + b'required': True, + b'type': b'list' + }, + b'path': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'heads': { + b'args': { + b'publiconly': { + b'default': False, + b'required': False, + b'type': b'bool' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'known': { + b'args': { + b'nodes': { + b'default': [], + b'required': False, + b'type': b'list' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'listkeys': { + b'args': { + b'namespace': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'lookup': { + b'args': { + b'key': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'manifestdata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'parents', + b'revision' + ]) + }, + b'haveparents': { + b'default': False, + b'required': False, + b'type': b'bool' + }, + b'nodes': { + b'required': True, + b'type': b'list' + }, + b'tree': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'pushkey': { + b'args': { + b'key': { + b'required': True, + b'type': b'bytes' + }, + b'namespace': { + b'required': True, + b'type': b'bytes' + }, + b'new': { + b'required': True, + b'type': b'bytes' + }, + b'old': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'push' + ] + } + }, + b'compression': [ + { + b'name': b'zstd' + }, + { + b'name': b'zlib' + } + ], + b'framingmediatypes': [ + b'application/mercurial-exp-framing-0005' + ], + b'pathfilterprefixes': set([ + b'path:', + b'rootfilesin:' + ]), + b'rawrepoformats': [ + b'generaldelta', + b'revlogv1' + ], + b'redirect': { + b'hashes': [ + b'sha256', + b'sha1' + ], + b'targets': [ + { + b'name': b'target-bad-tls', + b'protocol': b'https', + b'snirequired': True, + b'uris': [ + b'https://example.com/' + ] + } + ] + } + } + ] + + $ cat >> $HGRCPATH << EOF + > [extensions] + > nosni=! + > EOF + +Unknown tls value is filtered from compatible targets + + $ cat > redirects.py << EOF + > [ + > { + > b'name': b'target-bad-tls', + > b'protocol': b'https', + > b'uris': [b'https://example.com/'], + > b'tlsversions': [b'42', b'39'], + > }, + > ] + > EOF + + $ sendhttpv2peerhandshake << EOF + > command capabilities + > EOF + creating http peer for wire protocol version 2 + s> GET /?cmd=capabilities HTTP/1.1\r\n + s> Accept-Encoding: identity\r\n + s> vary: X-HgProto-1,X-HgUpgrade-1\r\n + s> x-hgproto-1: cbor\r\n + s> x-hgupgrade-1: exp-http-v2-0002\r\n + s> accept: application/mercurial-0.1\r\n + s> host: $LOCALIP:$HGPORT\r\n (glob) + s> user-agent: Mercurial debugwireproto\r\n + s> \r\n + s> makefile('rb', None) + s> HTTP/1.1 200 OK\r\n + s> Server: testing stub value\r\n + s> Date: $HTTP_DATE$\r\n + s> Content-Type: application/mercurial-cbor\r\n + s> Content-Length: 1963\r\n + s> \r\n + s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKtlsversions\x82B42B39Duris\x81Thttps://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash + (remote redirect target target-bad-tls requires unsupported TLS versions: 39, 42) + sending capabilities command + s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n + s> Accept-Encoding: identity\r\n + s> accept: application/mercurial-exp-framing-0005\r\n + s> content-type: application/mercurial-exp-framing-0005\r\n + s> content-length: 66\r\n + s> host: $LOCALIP:$HGPORT\r\n (glob) + s> user-agent: Mercurial debugwireproto\r\n + s> \r\n + s> :\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x80 + s> makefile('rb', None) + s> HTTP/1.1 200 OK\r\n + s> Server: testing stub value\r\n + s> Date: $HTTP_DATE$\r\n + s> Content-Type: application/mercurial-exp-framing-0005\r\n + s> Transfer-Encoding: chunked\r\n + s> \r\n + s> 13\r\n + s> \x0b\x00\x00\x01\x00\x02\x011 + s> \xa1FstatusBok + s> \r\n + received frame(size=11; request=1; stream=2; streamflags=stream-begin; type=command-response; flags=continuation) + s> 5a4\r\n + s> \x9c\x05\x00\x01\x00\x02\x001 + s> \xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKtlsversions\x82B42B39Duris\x81Thttps://example.com/ + s> \r\n + received frame(size=1436; request=1; stream=2; streamflags=; type=command-response; flags=continuation) + s> 8\r\n + s> \x00\x00\x00\x01\x00\x02\x002 + s> \r\n + s> 0\r\n + s> \r\n + received frame(size=0; request=1; stream=2; streamflags=; type=command-response; flags=eos) + response: gen[ + { + b'commands': { + b'branchmap': { + b'args': {}, + b'permissions': [ + b'pull' + ] + }, + b'capabilities': { + b'args': {}, + b'permissions': [ + b'pull' + ] + }, + b'changesetdata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'bookmarks', + b'parents', + b'phase', + b'revision' + ]) + }, + b'noderange': { + b'default': None, + b'required': False, + b'type': b'list' + }, + b'nodes': { + b'default': None, + b'required': False, + b'type': b'list' + }, + b'nodesdepth': { + b'default': None, + b'required': False, + b'type': b'int' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'filedata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'parents', + b'revision' + ]) + }, + b'haveparents': { + b'default': False, + b'required': False, + b'type': b'bool' + }, + b'nodes': { + b'required': True, + b'type': b'list' + }, + b'path': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'heads': { + b'args': { + b'publiconly': { + b'default': False, + b'required': False, + b'type': b'bool' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'known': { + b'args': { + b'nodes': { + b'default': [], + b'required': False, + b'type': b'list' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'listkeys': { + b'args': { + b'namespace': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'lookup': { + b'args': { + b'key': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'manifestdata': { + b'args': { + b'fields': { + b'default': set([]), + b'required': False, + b'type': b'set', + b'validvalues': set([ + b'parents', + b'revision' + ]) + }, + b'haveparents': { + b'default': False, + b'required': False, + b'type': b'bool' + }, + b'nodes': { + b'required': True, + b'type': b'list' + }, + b'tree': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'pull' + ] + }, + b'pushkey': { + b'args': { + b'key': { + b'required': True, + b'type': b'bytes' + }, + b'namespace': { + b'required': True, + b'type': b'bytes' + }, + b'new': { + b'required': True, + b'type': b'bytes' + }, + b'old': { + b'required': True, + b'type': b'bytes' + } + }, + b'permissions': [ + b'push' + ] + } + }, + b'compression': [ + { + b'name': b'zstd' + }, + { + b'name': b'zlib' + } + ], + b'framingmediatypes': [ + b'application/mercurial-exp-framing-0005' + ], + b'pathfilterprefixes': set([ + b'path:', + b'rootfilesin:' + ]), + b'rawrepoformats': [ + b'generaldelta', + b'revlogv1' + ], + b'redirect': { + b'hashes': [ + b'sha256', + b'sha1' + ], + b'targets': [ + { + b'name': b'target-bad-tls', + b'protocol': b'https', + b'tlsversions': [ + b'42', + b'39' + ], + b'uris': [ + b'https://example.com/' + ] + } + ] + } + } + ] + $ cat error.log $ killdaemons.py