https://bz.mercurial-scm.org/show_bug.cgi?id=6645
Bug ID: 6645 Summary: test-https.t: compatibility warnings break test Product: Mercurial Version: 6.0.2 Hardware: All OS: NetBSD Status: UNCONFIRMED Severity: bug Priority: wish Component: Mercurial Assignee: bugzi...@mercurial-scm.org Reporter: t...@giga.or.at CC: mercurial-devel@mercurial-scm.org Python Version: --- In 6.0.2 with python 3.10 on NetBSD, the test test-https.t fails with: --- /scratch/devel/py-mercurial/work/mercurial-6.0.2/tests/test-https.t +++ /scratch/devel/py-mercurial/work/mercurial-6.0.2/tests/test-https.t.err @@ -29,6 +29,8 @@ adding foo.d/baR.d.hg/bAR adding foo.d/foo $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(protocol) $ cat ../hg0.pid >> $DAEMON_PIDS cacert not found @@ -50,6 +52,10 @@ #if no-defaultcacertsloaded $ hg clone https://localhost:$HGPORT/ copy-pull + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) abort: error: *certificate verify failed* (glob) [100] @@ -73,6 +79,10 @@ $ echo baddata > badca.pem $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: error loading CA file badca.pem: * (glob) (file is empty or malformed?) [255] @@ -81,14 +91,22 @@ (modern ssl is able to discern whether the loaded cert is a CA cert) $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) - (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) abort: error: *certificate verify failed* (glob) [100] A per-host certificate matching the server's cert will be accepted $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) requesting all changes adding changesets adding manifests @@ -100,6 +118,10 @@ $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) requesting all changes adding changesets adding manifests @@ -111,6 +133,10 @@ $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 clone -U https://localhost:$HGPORT/ caandfingerwarning (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) requesting all changes adding changesets adding manifests @@ -123,11 +149,17 @@ Inability to verify peer certificate will result in abort $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) [150] $ hg clone --insecure https://localhost:$HGPORT/ copy-pull + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering requesting all changes adding changesets @@ -158,12 +190,18 @@ > EOF $ hg pull $DISABLECACERTS pulling from https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e to trust this server) [150] $ hg pull --insecure pulling from https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering searching for changes adding changesets @@ -191,6 +229,10 @@ $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc $ hg -R copy-pull pull pulling from https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) searching for changes no changes found $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc @@ -202,10 +244,16 @@ $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH $ P="$CERTSDIR" hg -R copy-pull pull pulling from https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) searching for changes no changes found $ P="$CERTSDIR" hg -R copy-pull pull --insecure pulling from https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering searching for changes no changes found @@ -216,6 +264,10 @@ $ hg --config web.cacerts=emptycafile -R copy-pull pull pulling from https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: error loading CA file emptycafile: * (glob) (file is empty or malformed?) [255] @@ -225,23 +277,35 @@ $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ > https://$LOCALIP:$HGPORT/ pulling from https://*:$HGPORT/ (glob) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: $LOCALIP certificate error: certificate is for localhost (glob) (set hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely) [150] $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \ > https://$LOCALIP:$HGPORT/ --insecure pulling from https://*:$HGPORT/ (glob) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) warning: connection security to $LOCALIP is disabled per current settings; communication is susceptible to eavesdropping and tampering (glob) searching for changes no changes found $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" pulling from https://localhost:$HGPORT/ (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: error: *certificate verify failed* (glob) [100] $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \ > --insecure pulling from https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering searching for changes no changes found @@ -249,32 +313,52 @@ Test server cert which isn't valid yet $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(protocol) $ cat hg1.pid >> $DAEMON_PIDS $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \ > https://localhost:$HGPORT1/ pulling from https://localhost:$HGPORT1/ (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: error: *certificate verify failed* (glob) [100] Test server cert which no longer is valid $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(protocol) $ cat hg2.pid >> $DAEMON_PIDS $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \ > https://localhost:$HGPORT2/ pulling from https://localhost:$HGPORT2/ (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: error: *certificate verify failed* (glob) [100] Setting ciphers to an invalid value aborts $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: could not set ciphers: No cipher can be selected. (change cipher string (invalid) in config) [255] $ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R copy-pull id https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: could not set ciphers: No cipher can be selected. (change cipher string (invalid) in config) [255] @@ -282,52 +366,88 @@ Changing the cipher string works $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) 5fed3813f7f5 Fingerprints - works without cacerts (hostfingerprints) $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) 5fed3813f7f5 - works without cacerts (hostsecurity) $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) 5fed3813f7f5 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) 5fed3813f7f5 - multiple fingerprints specified and first matches $ hg --config 'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) 5fed3813f7f5 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) 5fed3813f7f5 - multiple fingerprints specified and last matches $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ --insecure + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) 5fed3813f7f5 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) 5fed3813f7f5 - multiple fingerprints specified and none match $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) abort: certificate for localhost has unexpected fingerprint ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 (check hostfingerprint configuration) [150] $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: certificate for localhost has unexpected fingerprint sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03 (check hostsecurity configuration) [150] - fails when cert doesn't match hostname (port is ignored) $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: certificate for localhost has unexpected fingerprint f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84 (check hostfingerprint configuration) [150] @@ -335,6 +455,10 @@ - ignores that certificate doesn't match hostname $ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) (SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: $LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) 5fed3813f7f5 @@ -350,73 +474,101 @@ $ cd test $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ > --config devel.serverexactprotocol=tls1.0 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536: DeprecationWarning: ssl.PROTOCOL_TLSv1 is deprecated + sslcontext = ssl.SSLContext(protocol) $ cat ../hg0.pid >> $DAEMON_PIDS $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \ > --config devel.serverexactprotocol=tls1.1 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536: DeprecationWarning: ssl.PROTOCOL_TLSv1_1 is deprecated + sslcontext = ssl.SSLContext(protocol) $ cat ../hg1.pid >> $DAEMON_PIDS $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \ > --config devel.serverexactprotocol=tls1.2 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536: DeprecationWarning: ssl.PROTOCOL_TLSv1_2 is deprecated + sslcontext = ssl.SSLContext(protocol) $ cat ../hg2.pid >> $DAEMON_PIDS $ cd .. Clients talking same TLS versions work $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/ - 5fed3813f7f5 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997) + [100] $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/ - 5fed3813f7f5 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) + abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997) + [100] $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) 5fed3813f7f5 Clients requiring newer TLS version than what server supports fail $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ - (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) - (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) - (see https://mercurial-scm.org/wiki/SecureConnections for more info) - abort: error: .*(unsupported protocol|wrong ssl version).* (re) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) + abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997) [100] $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/ - (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) - (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) - (see https://mercurial-scm.org/wiki/SecureConnections for more info) - abort: error: .*(unsupported protocol|wrong ssl version).* (re) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) + abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997) [100] $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/ - (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) - (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) - (see https://mercurial-scm.org/wiki/SecureConnections for more info) - abort: error: .*(unsupported protocol|wrong ssl version).* (re) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) + abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997) [100] $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/ - (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) - (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) - (see https://mercurial-scm.org/wiki/SecureConnections for more info) - abort: error: .*(unsupported protocol|wrong ssl version).* (re) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) + abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997) [100] --insecure will allow TLS 1.0 connections and override configs $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/ - warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering - 5fed3813f7f5 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997) + [100] The per-host config option overrides the default $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ > --config hostsecurity.minimumprotocol=tls1.2 \ > --config hostsecurity.localhost:minimumprotocol=tls1.0 - 5fed3813f7f5 + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997) + [100] The per-host config option by itself works $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ > --config hostsecurity.localhost:minimumprotocol=tls1.2 - (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) - (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) - (see https://mercurial-scm.org/wiki/SecureConnections for more info) - abort: error: .*(unsupported protocol|wrong ssl version).* (re) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) + abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997) [100] .hg/hgrc file [hostsecurity] settings are applied to remote ui instances (issue5305) @@ -426,10 +578,11 @@ > localhost:minimumprotocol=tls1.2 > EOF $ P="$CERTSDIR" hg -R copy-pull id https://localhost:$HGPORT/ - (could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) - (consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server) - (see https://mercurial-scm.org/wiki/SecureConnections for more info) - abort: error: .*(unsupported protocol|wrong ssl version).* (re) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) + abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997) [100] $ killdaemons.py hg0.pid @@ -440,8 +593,12 @@ Prepare for connecting through proxy $ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(protocol) $ cat hg0.pid >> $DAEMON_PIDS $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(protocol) $ cat hg2.pid >> $DAEMON_PIDS tinyproxy.py doesn't fully detach, so killing it may result in extra output from the shell. So don't kill it. @@ -458,6 +615,8 @@ $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure pulling from https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering searching for changes no changes found @@ -467,10 +626,18 @@ $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ > --config web.cacerts="$CERTSDIR/pub.pem" pulling from https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) searching for changes no changes found $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://localhost:$HGPORT/ --config hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace pulling from https://*:$HGPORT/ (glob) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) (SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section; if you trust this fingerprint, remove the old SHA-1 fingerprint from [hostfingerprints] and add the following entry to the new [hostsecurity] section: localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e) searching for changes no changes found @@ -481,12 +648,20 @@ > --config web.cacerts="$CERTSDIR/pub-other.pem" pulling from https://localhost:$HGPORT/ (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: error: *certificate verify failed* (glob) [100] $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \ > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/ pulling from https://localhost:$HGPORT2/ (the full certificate chain may not be available locally; see "hg help debugssl") (windows !) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: error: *certificate verify failed* (glob) [100] @@ -511,12 +686,18 @@ $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(protocol) $ cat ../hg0.pid >> $DAEMON_PIDS $ cd .. without client certificate: $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: error: .*(\$ECONNRESET\$|certificate required|handshake failure).* (re) [100] @@ -531,13 +712,25 @@ $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem" + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) 5fed3813f7f5 $ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ > --config ui.interactive=True --config ui.nontty=True + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) passphrase for */client-key.pem: 5fed3813f7f5 (glob) $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/ + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311: DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated + sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) abort: error: * (glob) [100] ERROR: test-https.t output changed -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel