mirror of
https://github.com/facebook/sapling.git
synced 2024-10-09 08:18:15 +03:00
4a7b28d08b
Summary: Previously `hg server` uses `HGPORT` that might be in use. This patch uses `-p 0 --port-file ...` so `hg server` always gets assigned a free port. The change was first made by the following Ruby script: ``` re = /^ \$ hg serve(.*) -p \$(HGPORT[12]?) (.*[^\\])$\n \$/ Dir['*.t'].each do |path| old = File.read(path) new = old.lines.map do |l| next l if l[/\(glob\)/] or not l['$HGPORT'] or l[/^ [$>]/] "#{l.chomp} (glob)\n" end.join.gsub re, <<-'EOS'.chomp $ hg serve\1 -p 0 --port-file $TESTTMP/.port \3 $ \2=`cat $TESTTMP/.port` $ EOS File.write(path, new) if old != new end ``` Then there are some manual changes: run-tests.py: It now treats `$HGPORT` in output as glob pattern `*`, since it does not know the assigned value in tests. test-bookmarks-pushpull.t, test-https.t: Some `hg pull`s were changed to use explicit paths instead of relying on `.hgrc` since the test restarts the server and `.hg/hgrc` having an outdated URL. test-schemes.t: The test writes `$HGPORT` to `.hgrc` before assigning it. Changed the order so the correct `$HGPORT` is written. test-patchbomb-tls.t: Changed `(?) (glob)` to `(glob) (?)`. Reviewed By: DurhamG Differential Revision: D6925398 fbshipit-source-id: d5c10476f43ce23f9e99618807580cf8ba92595c
127 lines
4.4 KiB
Perl
127 lines
4.4 KiB
Perl
#require serve ssl
|
|
|
|
Set up SMTP server:
|
|
|
|
$ CERTSDIR="$TESTDIR/sslcerts"
|
|
$ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
|
|
|
|
$ $PYTHON "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \
|
|
> --tls smtps --certificate `pwd`/server.pem
|
|
listening at localhost:$HGPORT (glob) (?)
|
|
$ cat a.pid >> $DAEMON_PIDS
|
|
|
|
Set up repository:
|
|
|
|
$ hg init t
|
|
$ cd t
|
|
$ cat <<EOF >> .hg/hgrc
|
|
> [extensions]
|
|
> patchbomb =
|
|
> [email]
|
|
> method = smtp
|
|
> [smtp]
|
|
> host = localhost
|
|
> port = $HGPORT
|
|
> tls = smtps
|
|
> EOF
|
|
|
|
$ echo a > a
|
|
$ hg commit -Ama -d '1 0'
|
|
adding a
|
|
|
|
Utility functions:
|
|
|
|
$ DISABLECACERTS=
|
|
$ try () {
|
|
> hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"
|
|
> }
|
|
|
|
Our test cert is not signed by a trusted CA. It should fail to verify if
|
|
we are able to load CA certs:
|
|
|
|
#if sslcontext defaultcacerts no-defaultcacertsloaded
|
|
$ try
|
|
this patch series consists of 1 patches.
|
|
|
|
|
|
(an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
|
|
(?i)abort: .*?certificate.verify.failed.* (re)
|
|
[255]
|
|
#endif
|
|
|
|
#if no-sslcontext defaultcacerts
|
|
$ try
|
|
this patch series consists of 1 patches.
|
|
|
|
|
|
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
|
|
(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
|
|
(?i)abort: .*?certificate.verify.failed.* (re)
|
|
[255]
|
|
#endif
|
|
|
|
#if defaultcacertsloaded
|
|
$ try
|
|
this patch series consists of 1 patches.
|
|
|
|
|
|
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
|
|
(using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
|
|
(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
|
|
(?i)abort: .*?certificate.verify.failed.* (re)
|
|
[255]
|
|
|
|
#endif
|
|
|
|
#if no-defaultcacerts
|
|
$ try
|
|
this patch series consists of 1 patches.
|
|
|
|
|
|
(unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
|
|
abort: localhost certificate error: no certificate received
|
|
(set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
|
|
[255]
|
|
#endif
|
|
|
|
$ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
|
|
|
|
Without certificates:
|
|
|
|
$ try --debug
|
|
this patch series consists of 1 patches.
|
|
|
|
|
|
(using smtps)
|
|
sending mail: smtp host localhost, port * (glob)
|
|
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
|
|
(verifying remote certificate)
|
|
abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
|
|
(see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server)
|
|
[255]
|
|
|
|
With global certificates:
|
|
|
|
$ try --debug --config web.cacerts="$CERTSDIR/pub.pem"
|
|
this patch series consists of 1 patches.
|
|
|
|
|
|
(using smtps)
|
|
sending mail: smtp host localhost, port * (glob)
|
|
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
|
|
(verifying remote certificate)
|
|
sending [PATCH] a ...
|
|
|
|
With invalid certificates:
|
|
|
|
$ try --config web.cacerts="$CERTSDIR/pub-other.pem"
|
|
this patch series consists of 1 patches.
|
|
|
|
|
|
warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
|
|
(the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
|
|
(?i)abort: .*?certificate.verify.failed.* (re)
|
|
[255]
|
|
|
|
$ cd ..
|