https://bz.mercurial-scm.org/show_bug.cgi?id=6645
Bug ID: 6645
Summary: test-https.t: compatibility warnings break test
Product: Mercurial
Version: 6.0.2
Hardware: All
OS: NetBSD
Status: UNCONFIRMED
Severity: bug
Priority: wish
Component: Mercurial
Assignee: bugzi...@mercurial-scm.org
Reporter: t...@giga.or.at
CC: mercurial-devel@mercurial-scm.org
Python Version: ---
In 6.0.2 with python 3.10 on NetBSD, the test test-https.t fails with:
--- /scratch/devel/py-mercurial/work/mercurial-6.0.2/tests/test-https.t
+++ /scratch/devel/py-mercurial/work/mercurial-6.0.2/tests/test-https.t.err
@@ -29,6 +29,8 @@
adding foo.d/baR.d.hg/bAR
adding foo.d/foo
$ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(protocol)
$ cat ../hg0.pid >> $DAEMON_PIDS
cacert not found
@@ -50,6 +52,10 @@
#if no-defaultcacertsloaded
$ hg clone https://localhost:$HGPORT/ copy-pull
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
(an attempt was made to load CA certificates but none were loaded; see
https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial
to avoid this error)
abort: error: *certificate verify failed* (glob)
[100]
@@ -73,6 +79,10 @@
$ echo baddata > badca.pem
$ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone
https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: error loading CA file badca.pem: * (glob)
(file is empty or malformed?)
[255]
@@ -81,14 +91,22 @@
(modern ssl is able to discern whether the loaded cert is a CA cert)
$ hg --config
hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone
https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ (the full certificate chain may not be available locally; see "hg help
debugssl") (windows !)
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
(an attempt was made to load CA certificates but none were loaded; see
https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial
to avoid this error)
- (the full certificate chain may not be available locally; see "hg help
debugssl") (windows !)
abort: error: *certificate verify failed* (glob)
[100]
A per-host certificate matching the server's cert will be accepted
$ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem"
clone -U https://localhost:$HGPORT/ perhostgood1
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
requesting all changes
adding changesets
adding manifests
@@ -100,6 +118,10 @@
$ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem
$ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U
https://localhost:$HGPORT/ perhostgood2
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
requesting all changes
adding changesets
adding manifests
@@ -111,6 +133,10 @@
$ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem"
--config
hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
clone -U https://localhost:$HGPORT/ caandfingerwarning
(hostsecurity.localhost:verifycertsfile ignored when host fingerprints
defined; using host fingerprints for verification)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
requesting all changes
adding changesets
adding manifests
@@ -123,11 +149,17 @@
Inability to verify peer certificate will result in abort
$ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: unable to verify security of localhost (no loaded CA certificates);
refusing to connect
(see https://mercurial-scm.org/wiki/SecureConnections for how to configure
Mercurial to avoid this error or set
hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
to trust this server)
[150]
$ hg clone --insecure https://localhost:$HGPORT/ copy-pull
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
warning: connection security to localhost is disabled per current settings;
communication is susceptible to eavesdropping and tampering
requesting all changes
adding changesets
@@ -158,12 +190,18 @@
> EOF
$ hg pull $DISABLECACERTS
pulling from https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: unable to verify security of localhost (no loaded CA certificates);
refusing to connect
(see https://mercurial-scm.org/wiki/SecureConnections for how to configure
Mercurial to avoid this error or set
hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
to trust this server)
[150]
$ hg pull --insecure
pulling from https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
warning: connection security to localhost is disabled per current settings;
communication is susceptible to eavesdropping and tampering
searching for changes
adding changesets
@@ -191,6 +229,10 @@
$ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc
$ hg -R copy-pull pull
pulling from https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
searching for changes
no changes found
$ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
@@ -202,10 +244,16 @@
$ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
$ P="$CERTSDIR" hg -R copy-pull pull
pulling from https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
searching for changes
no changes found
$ P="$CERTSDIR" hg -R copy-pull pull --insecure
pulling from https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
warning: connection security to localhost is disabled per current settings;
communication is susceptible to eavesdropping and tampering
searching for changes
no changes found
@@ -216,6 +264,10 @@
$ hg --config web.cacerts=emptycafile -R copy-pull pull
pulling from https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: error loading CA file emptycafile: * (glob)
(file is empty or malformed?)
[255]
@@ -225,23 +277,35 @@
$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
> https://$LOCALIP:$HGPORT/
pulling from https://*:$HGPORT/ (glob)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: $LOCALIP certificate error: certificate is for localhost (glob)
(set
hostsecurity.$LOCALIP:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
config setting or use --insecure to connect insecurely)
[150]
$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
> https://$LOCALIP:$HGPORT/ --insecure
pulling from https://*:$HGPORT/ (glob)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
warning: connection security to $LOCALIP is disabled per current settings;
communication is susceptible to eavesdropping and tampering (glob)
searching for changes
no changes found
$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
pulling from https://localhost:$HGPORT/
(the full certificate chain may not be available locally; see "hg help
debugssl") (windows !)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: error: *certificate verify failed* (glob)
[100]
$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
> --insecure
pulling from https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
warning: connection security to localhost is disabled per current settings;
communication is susceptible to eavesdropping and tampering
searching for changes
no changes found
@@ -249,32 +313,52 @@
Test server cert which isn't valid yet
$ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid
--certificate=server-not-yet.pem
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(protocol)
$ cat hg1.pid >> $DAEMON_PIDS
$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \
> https://localhost:$HGPORT1/
pulling from https://localhost:$HGPORT1/
(the full certificate chain may not be available locally; see "hg help
debugssl") (windows !)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: error: *certificate verify failed* (glob)
[100]
Test server cert which no longer is valid
$ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid
--certificate=server-expired.pem
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(protocol)
$ cat hg2.pid >> $DAEMON_PIDS
$ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \
> https://localhost:$HGPORT2/
pulling from https://localhost:$HGPORT2/
(the full certificate chain may not be available locally; see "hg help
debugssl") (windows !)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: error: *certificate verify failed* (glob)
[100]
Setting ciphers to an invalid value aborts
$ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id
https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: could not set ciphers: No cipher can be selected.
(change cipher string (invalid) in config)
[255]
$ P="$CERTSDIR" hg --config hostsecurity.localhost:ciphers=invalid -R
copy-pull id https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: could not set ciphers: No cipher can be selected.
(change cipher string (invalid) in config)
[255]
@@ -282,52 +366,88 @@
Changing the cipher string works
$ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id
https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
5fed3813f7f5
Fingerprints
- works without cacerts (hostfingerprints)
$ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config
hostfingerprints.localhost=ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
(SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section;
if you trust this fingerprint, remove the old SHA-1 fingerprint from
[hostfingerprints] and add the following entry to the new [hostsecurity]
section:
localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
5fed3813f7f5
- works without cacerts (hostsecurity)
$ hg -R copy-pull id https://localhost:$HGPORT/ --config
hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
5fed3813f7f5
$ hg -R copy-pull id https://localhost:$HGPORT/ --config
hostsecurity.localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
5fed3813f7f5
- multiple fingerprints specified and first matches
$ hg --config
'hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03,
deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id
https://localhost:$HGPORT/ --insecure
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
(SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section;
if you trust this fingerprint, remove the old SHA-1 fingerprint from
[hostfingerprints] and add the following entry to the new [hostsecurity]
section:
localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
5fed3813f7f5
$ hg --config
'hostsecurity.localhost:fingerprints=sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03,
sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id
https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
5fed3813f7f5
- multiple fingerprints specified and last matches
$ hg --config
'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef,
ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id
https://localhost:$HGPORT/ --insecure
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
(SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section;
if you trust this fingerprint, remove the old SHA-1 fingerprint from
[hostfingerprints] and add the following entry to the new [hostsecurity]
section:
localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
5fed3813f7f5
$ hg --config
'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef,
sha1:ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03' -R copy-pull id
https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
5fed3813f7f5
- multiple fingerprints specified and none match
$ hg --config
'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef,
aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id
https://localhost:$HGPORT/ --insecure
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
abort: certificate for localhost has unexpected fingerprint
ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
(check hostfingerprint configuration)
[150]
$ hg --config
'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef,
sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id
https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: certificate for localhost has unexpected fingerprint
sha1:ec:d8:7c:d6:b3:86:d0:4f:c1:b8:b4:1c:9d:8f:5e:16:8e:ef:1c:03
(check hostsecurity configuration)
[150]
- fails when cert doesn't match hostname (port is ignored)
$ hg -R copy-pull id https://localhost:$HGPORT1/ --config
hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: certificate for localhost has unexpected fingerprint
f4:2f:5a:0c:3e:52:5b:db:e7:24:a8:32:1d:18:97:6d:69:b5:87:84
(check hostfingerprint configuration)
[150]
@@ -335,6 +455,10 @@
- ignores that certificate doesn't match hostname
$ hg -R copy-pull id https://$LOCALIP:$HGPORT/ --config
hostfingerprints.$LOCALIP=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
(SHA-1 fingerprint for $LOCALIP found in legacy [hostfingerprints] section;
if you trust this fingerprint, remove the old SHA-1 fingerprint from
[hostfingerprints] and add the following entry to the new [hostsecurity]
section:
$LOCALIP:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
5fed3813f7f5
@@ -350,73 +474,101 @@
$ cd test
$ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
> --config devel.serverexactprotocol=tls1.0
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536:
DeprecationWarning: ssl.PROTOCOL_TLSv1 is deprecated
+ sslcontext = ssl.SSLContext(protocol)
$ cat ../hg0.pid >> $DAEMON_PIDS
$ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
> --config devel.serverexactprotocol=tls1.1
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536:
DeprecationWarning: ssl.PROTOCOL_TLSv1_1 is deprecated
+ sslcontext = ssl.SSLContext(protocol)
$ cat ../hg1.pid >> $DAEMON_PIDS
$ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
> --config devel.serverexactprotocol=tls1.2
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536:
DeprecationWarning: ssl.PROTOCOL_TLSv1_2 is deprecated
+ sslcontext = ssl.SSLContext(protocol)
$ cat ../hg2.pid >> $DAEMON_PIDS
$ cd ..
Clients talking same TLS versions work
$ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id
https://localhost:$HGPORT/
- 5fed3813f7f5
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake
failure (_ssl.c:997)
+ [100]
$ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id
https://localhost:$HGPORT1/
- 5fed3813f7f5
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
+ abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake
failure (_ssl.c:997)
+ [100]
$ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id
https://localhost:$HGPORT2/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
5fed3813f7f5
Clients requiring newer TLS version than what server supports fail
$ P="$CERTSDIR" hg id https://localhost:$HGPORT/
- (could not negotiate a common security protocol (tls1.1+) with localhost;
the likely cause is Mercurial is configured to be more secure than the server
can support)
- (consider contacting the operator of this server and ask them to support
modern TLS protocol versions; or, set
hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less
secure protocols when communicating with this server)
- (see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
+ abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake
failure (_ssl.c:997)
[100]
$ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id
https://localhost:$HGPORT/
- (could not negotiate a common security protocol (tls1.1+) with localhost;
the likely cause is Mercurial is configured to be more secure than the server
can support)
- (consider contacting the operator of this server and ask them to support
modern TLS protocol versions; or, set
hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less
secure protocols when communicating with this server)
- (see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
+ abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake
failure (_ssl.c:997)
[100]
$ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id
https://localhost:$HGPORT/
- (could not negotiate a common security protocol (tls1.2+) with localhost;
the likely cause is Mercurial is configured to be more secure than the server
can support)
- (consider contacting the operator of this server and ask them to support
modern TLS protocol versions; or, set
hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less
secure protocols when communicating with this server)
- (see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
+ abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake
failure (_ssl.c:997)
[100]
$ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id
https://localhost:$HGPORT1/
- (could not negotiate a common security protocol (tls1.2+) with localhost;
the likely cause is Mercurial is configured to be more secure than the server
can support)
- (consider contacting the operator of this server and ask them to support
modern TLS protocol versions; or, set
hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less
secure protocols when communicating with this server)
- (see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
+ abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake
failure (_ssl.c:997)
[100]
--insecure will allow TLS 1.0 connections and override configs
$ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure
https://localhost:$HGPORT1/
- warning: connection security to localhost is disabled per current settings;
communication is susceptible to eavesdropping and tampering
- 5fed3813f7f5
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake
failure (_ssl.c:997)
+ [100]
The per-host config option overrides the default
$ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
> --config hostsecurity.minimumprotocol=tls1.2 \
> --config hostsecurity.localhost:minimumprotocol=tls1.0
- 5fed3813f7f5
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake
failure (_ssl.c:997)
+ [100]
The per-host config option by itself works
$ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
> --config hostsecurity.localhost:minimumprotocol=tls1.2
- (could not negotiate a common security protocol (tls1.2+) with localhost;
the likely cause is Mercurial is configured to be more secure than the server
can support)
- (consider contacting the operator of this server and ask them to support
modern TLS protocol versions; or, set
hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less
secure protocols when communicating with this server)
- (see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
+ abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake
failure (_ssl.c:997)
[100]
.hg/hgrc file [hostsecurity] settings are applied to remote ui instances
(issue5305)
@@ -426,10 +578,11 @@
> localhost:minimumprotocol=tls1.2
> EOF
$ P="$CERTSDIR" hg -R copy-pull id https://localhost:$HGPORT/
- (could not negotiate a common security protocol (tls1.2+) with localhost;
the likely cause is Mercurial is configured to be more secure than the server
can support)
- (consider contacting the operator of this server and ask them to support
modern TLS protocol versions; or, set
hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less
secure protocols when communicating with this server)
- (see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
+ abort: error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake
failure (_ssl.c:997)
[100]
$ killdaemons.py hg0.pid
@@ -440,8 +593,12 @@
Prepare for connecting through proxy
$ hg serve -R test -p $HGPORT -d --pid-file=hg0.pid --certificate=$PRIV
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(protocol)
$ cat hg0.pid >> $DAEMON_PIDS
$ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid
--certificate=server-expired.pem
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(protocol)
$ cat hg2.pid >> $DAEMON_PIDS
tinyproxy.py doesn't fully detach, so killing it may result in extra output
from the shell. So don't kill it.
@@ -458,6 +615,8 @@
$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure
pulling from https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
warning: connection security to localhost is disabled per current settings;
communication is susceptible to eavesdropping and tampering
searching for changes
no changes found
@@ -467,10 +626,18 @@
$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
> --config web.cacerts="$CERTSDIR/pub.pem"
pulling from https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
searching for changes
no changes found
$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull
https://localhost:$HGPORT/ --config
hostfingerprints.localhost=ecd87cd6b386d04fc1b8b41c9d8f5e168eef1c03 --trace
pulling from https://*:$HGPORT/ (glob)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
(SHA-1 fingerprint for localhost found in legacy [hostfingerprints] section;
if you trust this fingerprint, remove the old SHA-1 fingerprint from
[hostfingerprints] and add the following entry to the new [hostsecurity]
section:
localhost:fingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e)
searching for changes
no changes found
@@ -481,12 +648,20 @@
> --config web.cacerts="$CERTSDIR/pub-other.pem"
pulling from https://localhost:$HGPORT/
(the full certificate chain may not be available locally; see "hg help
debugssl") (windows !)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: error: *certificate verify failed* (glob)
[100]
$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
> --config web.cacerts="$CERTSDIR/pub-expired.pem"
https://localhost:$HGPORT2/
pulling from https://localhost:$HGPORT2/
(the full certificate chain may not be available locally; see "hg help
debugssl") (windows !)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: error: *certificate verify failed* (glob)
[100]
@@ -511,12 +686,18 @@
$ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
> --config devel.servercafile=$PRIV --config devel.serverrequirecert=true
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:536:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(protocol)
$ cat ../hg0.pid >> $DAEMON_PIDS
$ cd ..
without client certificate:
$ P="$CERTSDIR" hg id https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: error: .*(\$ECONNRESET\$|certificate required|handshake failure).*
(re)
[100]
@@ -531,13 +712,25 @@
$ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
> --config auth.l.key="$CERTSDIR/client-key-decrypted.pem"
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
5fed3813f7f5
$ printf '1234\n' | env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
> --config ui.interactive=True --config ui.nontty=True
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
passphrase for */client-key.pem: 5fed3813f7f5 (glob)
$ env P="$CERTSDIR" hg id https://localhost:$HGPORT/
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:310:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
+ sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ /tmp/hgtests.2d_twpz0/install/lib/python/mercurial/sslutil.py:311:
DeprecationWarning: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
+ sslcontext.options |= commonssloptions(settings[b'minimumprotocol'])
abort: error: * (glob)
[100]
ERROR: test-https.t output changed
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
