Patchwork [09,of,15] tests: remove "sslcontext" check

login
register
mail settings
Submitter Manuel Jacob
Date May 30, 2020, 5:52 a.m.
Message ID <13922e383d20ca51752a.1590817941@tmp>
Download mbox | patch
Permalink /patch/46404/
State New
Headers show

Comments

Manuel Jacob - May 30, 2020, 5:52 a.m.
# HG changeset patch
# User Manuel Jacob <me@manueljacob.de>
# Date 1590809273 -7200
#      Sat May 30 05:27:53 2020 +0200
# Node ID 13922e383d20ca51752a2c3bd16429a5b0e30397
# Parent  9ae0e1b1a499dfce1807e3c9ec5c03714c6f154a
# EXP-Topic require_modern_ssl
tests: remove "sslcontext" check

Now that we require the presence of ssl.SSLContext in setup.py, the check
would always return `True`.
Yuya Nishihara - May 30, 2020, 1:10 p.m.
On Sat, 30 May 2020 07:52:21 +0200, Manuel Jacob wrote:
> # HG changeset patch
> # User Manuel Jacob <me@manueljacob.de>
> # Date 1590809273 -7200
> #      Sat May 30 05:27:53 2020 +0200
> # Node ID 13922e383d20ca51752a2c3bd16429a5b0e30397
> # Parent  9ae0e1b1a499dfce1807e3c9ec5c03714c6f154a
> # EXP-Topic require_modern_ssl
> tests: remove "sslcontext" check

Queued up to this patch, thanks.

Patch

diff --git a/tests/hghave.py b/tests/hghave.py
--- a/tests/hghave.py
+++ b/tests/hghave.py
@@ -645,25 +645,11 @@  def has_ssl():
         return False
 
 
-@check("sslcontext", "python >= 2.7.9 ssl")
-def has_sslcontext():
-    try:
-        import ssl
-
-        ssl.SSLContext
-        return True
-    except (ImportError, AttributeError):
-        return False
-
-
 @check("defaultcacertsloaded", "detected presence of loaded system CA certs")
 def has_defaultcacertsloaded():
     import ssl
     from mercurial import sslutil, ui as uimod
 
-    if not has_sslcontext():
-        return False
-
     ui = uimod.ui.load()
     cafile = sslutil._defaultcacerts(ui)
     ctx = ssl.create_default_context()
diff --git a/tests/test-clonebundles.t b/tests/test-clonebundles.t
--- a/tests/test-clonebundles.t
+++ b/tests/test-clonebundles.t
@@ -255,7 +255,8 @@  Automatic fallback when all entries are 
   added 2 changesets with 2 changes to 2 files
   new changesets 53245c60e682:aaff8d2ffbbf
 
-URLs requiring SNI are filtered in Python <2.7.9
+We require a Python version that supports SNI. Therefore, URLs requiring SNI
+are not filtered.
 
   $ cp full.hg sni.hg
   $ cat > server/.hg/clonebundles.manifest << EOF
@@ -263,9 +264,6 @@  URLs requiring SNI are filtered in Pytho
   > http://localhost:$HGPORT1/full.hg
   > EOF
 
-#if sslcontext
-Python 2.7.9+ support SNI
-
   $ hg clone -U http://localhost:$HGPORT sni-supported
   applying clone bundle from http://localhost:$HGPORT1/sni.hg
   adding changesets
@@ -276,20 +274,6 @@  Python 2.7.9+ support SNI
   searching for changes
   no changes found
   2 local changesets published
-#else
-Python <2.7.9 will filter SNI URLs
-
-  $ hg clone -U http://localhost:$HGPORT sni-unsupported
-  applying clone bundle from http://localhost:$HGPORT1/full.hg
-  adding changesets
-  adding manifests
-  adding file changes
-  added 2 changesets with 2 changes to 2 files
-  finished applying clone bundle
-  searching for changes
-  no changes found
-  2 local changesets published
-#endif
 
 Stream clone bundles are supported
 
diff --git a/tests/test-https.t b/tests/test-https.t
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -49,38 +49,13 @@  Test server address cannot be reused
 Our test cert is not signed by a trusted CA. It should fail to verify if
 we are able to load CA certs.
 
-#if sslcontext no-defaultcacertsloaded
+#if no-defaultcacertsloaded
   $ hg clone https://localhost:$HGPORT/ copy-pull
   (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
   abort: error: *certificate verify failed* (glob)
   [255]
 #endif
 
-#if no-sslcontext
-  $ hg clone https://localhost:$HGPORT/ copy-pull
-  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-  (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
-  abort: error: *certificate verify failed* (glob)
-  [255]
-#endif
-
-#if no-sslcontext windows
-  $ hg clone https://localhost:$HGPORT/ copy-pull
-  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-  (unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
-  abort: error: *certificate verify failed* (glob)
-  [255]
-#endif
-
-#if no-sslcontext osx
-  $ hg clone https://localhost:$HGPORT/ copy-pull
-  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-  (unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
-  abort: localhost certificate error: no certificate received
-  (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
-  [255]
-#endif
-
 #if defaultcacertsloaded
   $ hg clone https://localhost:$HGPORT/ copy-pull
   warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
@@ -101,35 +76,21 @@  C:/path/to/msysroot will print on Window
 A malformed per-host certificate file will raise an error
 
   $ echo baddata > badca.pem
-#if sslcontext
   $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
   warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
   abort: error loading CA file badca.pem: * (glob)
   (file is empty or malformed?)
   [255]
-#else
-  $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
-  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-  abort: error: * (glob)
-  [255]
-#endif
 
 A per-host certificate mismatching the server will fail verification
 
 (modern ssl is able to discern whether the loaded cert is a CA cert)
-#if sslcontext
   $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
   warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
   (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
   (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
   abort: error: *certificate verify failed* (glob)
   [255]
-#else
-  $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
-  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-  abort: error: *certificate verify failed* (glob)
-  [255]
-#endif
 
 A per-host certificate matching the server's cert will be accepted
 
@@ -269,20 +230,12 @@  empty cacert file
 
   $ touch emptycafile
 
-#if sslcontext
   $ hg --config web.cacerts=emptycafile -R copy-pull pull
   pulling from https://localhost:$HGPORT/
   warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
   abort: error loading CA file emptycafile: * (glob)
   (file is empty or malformed?)
   [255]
-#else
-  $ hg --config web.cacerts=emptycafile -R copy-pull pull
-  pulling from https://localhost:$HGPORT/
-  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-  abort: error: * (glob)
-  [255]
-#endif
 
 cacert mismatch
 
@@ -344,20 +297,6 @@  Disabling the TLS 1.0 warning works
   > --config hostsecurity.disabletls10warning=true
   5fed3813f7f5
 
-Error message for setting ciphers is different depending on SSLContext support
-
-#if no-sslcontext
-  $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
-  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-  abort: *No cipher can be selected. (glob)
-  [255]
-
-  $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
-  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-  5fed3813f7f5
-#endif
-
-#if sslcontext
 Setting ciphers to an invalid value aborts
   $ P="$CERTSDIR" hg --config hostsecurity.ciphers=invalid -R copy-pull id https://localhost:$HGPORT/
   warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
@@ -376,7 +315,6 @@  Changing the cipher string works
   $ P="$CERTSDIR" hg --config hostsecurity.ciphers=HIGH -R copy-pull id https://localhost:$HGPORT/
   warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
   5fed3813f7f5
-#endif
 
 Fingerprints
 
@@ -449,7 +387,7 @@  Ports used by next test. Kill servers.
   $ killdaemons.py hg1.pid
   $ killdaemons.py hg2.pid
 
-#if sslcontext tls1.2
+#if tls1.2
 Start servers running supported TLS versions
 
   $ cd test
@@ -603,8 +541,6 @@  Test https with cert problems through pr
 
   $ killdaemons.py hg0.pid
 
-#if sslcontext
-
   $ cd test
 
 Missing certificate file(s) are detected
@@ -668,5 +604,3 @@  Missing certficate and key files result 
   abort: certificate file (*/missing/key) does not exist; cannot connect to localhost (glob)
   (restore missing file or fix references in Mercurial config)
   [255]
-
-#endif
diff --git a/tests/test-patchbomb-tls.t b/tests/test-patchbomb-tls.t
--- a/tests/test-patchbomb-tls.t
+++ b/tests/test-patchbomb-tls.t
@@ -39,7 +39,7 @@  Utility functions:
 Our test cert is not signed by a trusted CA. It should fail to verify if
 we are able to load CA certs:
 
-#if sslcontext no-defaultcacertsloaded
+#if no-defaultcacertsloaded
   $ try
   this patch series consists of 1 patches.
   
@@ -49,17 +49,6 @@  we are able to load CA certs:
   [255]
 #endif
 
-#if no-sslcontext
-  $ try
-  this patch series consists of 1 patches.
-  
-  
-  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
-  (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
-  (?i)abort: .*?certificate.verify.failed.* (re)
-  [255]
-#endif
-
 #if defaultcacertsloaded
   $ try
   this patch series consists of 1 patches.