Mercurial > hg
changeset 12741:949dfdb3ad2d
test-https: test web.cacerts functionality
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Sun, 17 Oct 2010 04:13:50 +0200 |
parents | b86c6954ec4c |
children | 6ab4a7d3c179 |
files | tests/test-https.t |
diffstat | 1 files changed, 73 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/tests/test-https.t Sun Oct 17 04:13:35 2010 +0200 +++ b/tests/test-https.t Sun Oct 17 04:13:50 2010 +0200 @@ -42,6 +42,50 @@ $ cat priv.pem pub.pem >> server.pem $ PRIV=`pwd`/server.pem + $ cat << EOT > pub-other.pem + > -----BEGIN CERTIFICATE----- + > MIIBqzCCAVWgAwIBAgIJALwZS731c/ORMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV + > BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw + > MTAxNDIwNDUxNloXDTM1MDYwNTIwNDUxNlowMTESMBAGA1UEAwwJbG9jYWxob3N0 + > MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL + > ADBIAkEAsxsapLbHrqqUKuQBxdpK4G3m2LjtyrTSdpzzzFlecxd5yhNP6AyWrufo + > K4VMGo2xlu9xOo88nDSUNSKPuD09MwIDAQABo1AwTjAdBgNVHQ4EFgQUoIB1iMhN + > y868rpQ2qk9dHnU6ebswHwYDVR0jBBgwFoAUoIB1iMhNy868rpQ2qk9dHnU6ebsw + > DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJ544f125CsE7J2t55PdFaF6 + > bBlNBb91FCywBgSjhBjf+GG3TNPwrPdc3yqeq+hzJiuInqbOBv9abmMyq8Wsoig= + > -----END CERTIFICATE----- + > EOT + +pub.pem patched with other notBefore / notAfter: + + $ cat << EOT > pub-not-yet.pem + > -----BEGIN CERTIFICATE----- + > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs + > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTM1MDYwNTIwMzAxNFoXDTM1MDYw + > NTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv + > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK + > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA + > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T + > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJXV41gWnkgC7jcpPpFRSUSZaxyzrXmD1CIqQf0WgVDb + > /12E0vR2DuZitgzUYtBaofM81aTtc0a2/YsrmqePGm0= + > -----END CERTIFICATE----- + > EOT + $ cat priv.pem pub-not-yet.pem > server-not-yet.pem + + $ cat << EOT > pub-expired.pem + > -----BEGIN CERTIFICATE----- + > MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNVBAMMCWxvY2Fs + > aG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEwMTAxNDIwMzAxNFoXDTEwMTAx + > NDIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhv + > c3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnK + > EUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA + > +ammr24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQwDAYDVR0T + > BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJfk57DTRf2nUbYaMSlVAARxMNbFGOjQhAUtY400GhKt + > 2uiKCNGKXVXD3AHWe13yHc5KttzbHQStE5Nm/DlWBWQ= + > -----END CERTIFICATE----- + > EOT + $ cat priv.pem pub-expired.pem > server-expired.pem + $ hg init test $ cd test $ echo foo>foo @@ -101,3 +145,32 @@ added 1 changesets with 1 changes to 1 files (run 'hg update' to get a working copy) $ cd .. + +cacert + + $ hg -R copy-pull pull --config web.cacerts=pub.pem + pulling from https://localhost:$HGPORT/ + searching for changes + no changes found + $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ + abort: 127.0.0.1 certificate error: certificate is for localhost + [255] + $ hg -R copy-pull pull --config web.cacerts=pub-other.pem + abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) + [255] + +Test server cert which isn't valid yet + + $ hg -R test serve -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem + $ cat hg1.pid >> $DAEMON_PIDS + $ hg -R copy-pull pull --config web.cacerts=pub-not-yet.pem https://localhost:$HGPORT1/ + abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) + [255] + +Test server cert which no longer is valid + + $ hg -R test serve -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem + $ cat hg2.pid >> $DAEMON_PIDS + $ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/ + abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) + [255]