[PATCH 4 of 4] tests: add basic tests for SMTP over SSL
Gregory Szorc
gregory.szorc at gmail.com
Wed Jun 8 18:03:44 EDT 2016
On Wed, Jun 8, 2016 at 7:23 AM, Yuya Nishihara <yuya at tcha.org> wrote:
> # HG changeset patch
> # User Yuya Nishihara <yuya at tcha.org>
> # Date 1464358718 -32400
> # Fri May 27 23:18:38 2016 +0900
> # Node ID 597e8dac9badd05a66333fbbee66a584f17d0c3e
> # Parent 85f6121625534279562bee84a97886c54af5a7d5
> tests: add basic tests for SMTP over SSL
>
> SSL handling in mail.py wasn't covered by our test suite, therefore it was
> sometimes broken. This patch introduces pretty minimal tests that only
> cover
> the default path. We can extend it later.
>
> Tested with python 2.6.9 and 2.7.11 on Debian sid.
>
This series LGTM. It likely bitrots test-https.t in the patch I sent last
night. I think this series should take precedence. I'll rebase my work when
this is pushed to somewhere I can pull from.
>
> diff --git a/tests/test-patchbomb-tls.t b/tests/test-patchbomb-tls.t
> new file mode 100644
> --- /dev/null
> +++ b/tests/test-patchbomb-tls.t
> @@ -0,0 +1,89 @@
> +#require serve ssl
> +
> +Set up SMTP server:
> +
> + $ CERTSDIR="$TESTDIR/sslcerts"
> + $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
> +
> + $ python "$TESTDIR/dummysmtpd.py" -p $HGPORT --pid-file a.pid -d \
> + > --tls smtps --certificate `pwd`/server.pem
> + listening at localhost:$HGPORT
> + $ cat a.pid >> $DAEMON_PIDS
> +
> +Ensure hg email output is sent to stdout:
> +
> + $ unset PAGER
> +
> +Set up repository:
> +
> + $ hg init t
> + $ cd t
> + $ cat <<EOF >> .hg/hgrc
> + > [extensions]
> + > patchbomb =
> + > [email]
> + > method = smtp
> + > [smtp]
> + > host = localhost
> + > port = $HGPORT
> + > tls = smtps
> + > EOF
> +
> + $ echo a > a
> + $ hg commit -Ama -d '1 0'
> + adding a
> +
> +Utility functions:
> +
> + $ DISABLECACERTS=
> + $ try () {
> + > hg email $DISABLECACERTS -f quux -t foo -c bar -r tip "$@"
> + > }
> +
> +Our test cert is not signed by a trusted CA. It should fail to verify if
> +we are able to load CA certs:
> +
> +#if defaultcacerts
> + $ try
> + this patch series consists of 1 patches.
> +
> +
> + (?i)abort: .*?certificate.verify.failed.* (re)
> + [255]
> +#endif
> +
> + $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
> +
> +Without certificates:
> +
> + $ try --debug
> + this patch series consists of 1 patches.
> +
> +
> + (using smtps)
> + sending mail: smtp host localhost, port * (glob)
> + (verifying remote certificate)
> + warning: certificate for localhost not verified (set
> hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30
> or web.cacerts config settings)
> + sending [PATCH] a ...
> +
> +With global certificates:
> +
> + $ try --debug --config web.cacerts="$CERTSDIR/pub.pem"
> + this patch series consists of 1 patches.
> +
> +
> + (using smtps)
> + sending mail: smtp host localhost, port * (glob)
> + (verifying remote certificate)
> + sending [PATCH] a ...
> +
> +With invalid certificates:
> +
> + $ try --config web.cacerts="$CERTSDIR/pub-other.pem"
> + this patch series consists of 1 patches.
> +
> +
> + (?i)abort: .*?certificate.verify.failed.* (re)
> + [255]
> +
> + $ cd ..
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at mercurial-scm.org
> https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mercurial-scm.org/pipermail/mercurial-devel/attachments/20160608/4d5c9406/attachment.html>
More information about the Mercurial-devel
mailing list