# HG changeset patch # User Mads Kiilerich <m...@kiilerich.com> # Date 1679500739 -3600 # Wed Mar 22 16:58:59 2023 +0100 # Branch stable # Node ID 7c544bc71aaca594998649ae02d35fb4dd7606b4 # Parent d641581ee136281971555adc05049b826e995fed tests: skip test-https.t TLSv1 testing when system doesn't support it
The test failed on Fedora with the default security policy, unless degrading system with: # update-crypto-policies --set LEGACY diff --git a/tests/hghave.py b/tests/hghave.py --- a/tests/hghave.py +++ b/tests/hghave.py @@ -701,6 +701,14 @@ def has_defaultcacertsloaded(): return len(ctx.get_ca_certs()) > 0 +@check("tls1.0", "TLS 1 protocol support") +def has_tls1_0(): + import ssl + + ctx = ssl.create_default_context() + return ctx.minimum_version <= ssl.TLSVersion.TLSv1 + + @check("tls1.2", "TLS 1.2 protocol support") def has_tls1_2(): from mercurial import sslutil diff --git a/tests/test-https.t b/tests/test-https.t --- a/tests/test-https.t +++ b/tests/test-https.t @@ -356,10 +356,12 @@ Start servers running supported TLS vers Clients talking same TLS versions work +#if tls1.0 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT/ 5fed3813f7f5 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT1/ 5fed3813f7f5 +#endif $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/ 5fed3813f7f5 @@ -391,6 +393,8 @@ Clients requiring newer TLS version than abort: error: .*(unsupported protocol|wrong ssl version|alert protocol version).* (re) [100] +#if tls1.0 + --insecure will allow TLS 1.0 connections and override configs $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/ @@ -405,6 +409,8 @@ The per-host config option overrides the > --config hostsecurity.localhost:minimumprotocol=tls1.0 5fed3813f7f5 +#endif + The per-host config option by itself works $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ _______________________________________________ Mercurial-devel mailing list Mercurial-devel@lists.mercurial-scm.org https://lists.mercurial-scm.org/mailman/listinfo/mercurial-devel