Patchwork [4,of,5] tests: test case where default ca certs not available

login
register
mail settings
Submitter Gregory Szorc
Date June 30, 2016, 2:51 a.m.
Message ID <57e4b0fdf90f7e604fa5.1467255082@ubuntu-vm-main>
Download mbox | patch
Permalink /patch/15662/
State Accepted
Headers show

Comments

Gregory Szorc - June 30, 2016, 2:51 a.m.
# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1467254979 25200
#      Wed Jun 29 19:49:39 2016 -0700
# Node ID 57e4b0fdf90f7e604fa5c1a193d724b34cff4085
# Parent  a86fc51ac3a21db8126e1922cb8c29e62d3de7ac
tests: test case where default ca certs not available

I'm not a fan of TLS tests not testing both branches of a possible
configuration. While we have test coverage of the inability to validate
a cert later in this file, I insist that we add this branch so
our testing of security code is extra comprehensive.

Patch

diff --git a/tests/test-https.t b/tests/test-https.t
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -46,16 +46,21 @@  Test server address cannot be reused
 
 Our test cert is not signed by a trusted CA. It should fail to verify if
 we are able to load CA certs.
 
 #if defaultcacerts
   $ hg clone https://localhost:$HGPORT/ copy-pull
   abort: error: *certificate verify failed* (glob)
   [255]
+#else
+  $ hg clone https://localhost:$HGPORT/ copy-pull
+  abort: localhost certificate error: no certificate received
+  (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
+  [255]
 #endif
 
 Specifying a per-host certificate file that doesn't exist will abort
 
   $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/
   abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: /does/not/exist
   [255]