[PATCH 07 of 15] tests: remove "defaultcacerts" check

Sat May 30 05:52:19 UTC 2020

# HG changeset patch
# User Manuel Jacob <me at manueljacob.de>
# Date 1590808082 -7200
#      Sat May 30 05:08:02 2020 +0200
# Node ID 992db2b7bd11431df9145abc35dca2eba73b9972
# Parent  0f3d341877afb1bb05ec8abc5e4bbc5d318a6d41
# EXP-Topic require_modern_ssl
tests: remove "defaultcacerts" check

`sslutil._canloaddefaultcerts` is always true (and will be removed).

diff --git a/tests/hghave.py b/tests/hghave.py
--- a/tests/hghave.py
+++ b/tests/hghave.py
@@ -656,21 +656,11 @@ def has_sslcontext():
         return False
 
 
- at check("defaultcacerts", "can verify SSL certs by system's CA certs store")
-def has_defaultcacerts():
-    from mercurial import sslutil, ui as uimod
-
-    ui = uimod.ui.load()
-    return sslutil._defaultcacerts(ui) or sslutil._canloaddefaultcerts
-
-
 @check("defaultcacertsloaded", "detected presence of loaded system CA certs")
 def has_defaultcacertsloaded():
     import ssl
     from mercurial import sslutil, ui as uimod
 
-    if not has_defaultcacerts():
-        return False
     if not has_sslcontext():
         return False
 
diff --git a/tests/test-https.t b/tests/test-https.t
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -49,14 +49,14 @@ Test server address cannot be reused
 Our test cert is not signed by a trusted CA. It should fail to verify if
 we are able to load CA certs.
 
-#if sslcontext defaultcacerts no-defaultcacertsloaded
+#if sslcontext no-defaultcacertsloaded
   $ hg clone https://localhost:$HGPORT/ copy-pull
   (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
   abort: error: *certificate verify failed* (glob)
   [255]
 #endif
 
-#if no-sslcontext defaultcacerts
+#if no-sslcontext
   $ hg clone https://localhost:$HGPORT/ copy-pull
   warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
   (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
@@ -90,15 +90,6 @@ we are able to load CA certs.
   [255]
 #endif
 
-#if no-defaultcacerts
-  $ hg clone https://localhost:$HGPORT/ copy-pull
-  warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
-  (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
-  abort: localhost certificate error: no certificate received
-  (set hostsecurity.localhost:certfingerprints=sha256:20:de:b3:ad:b4:cd:a5:42:f0:74:41:1c:a2:70:1e:da:6e:c0:5c:16:9e:e7:22:0f:f1:b7:e5:6e:e4:92:af:7e config setting or use --insecure to connect insecurely)
-  [255]
-#endif
-
 Specifying a per-host certificate file that doesn't exist will abort.  The full
 C:/path/to/msysroot will print on Windows.
 
diff --git a/tests/test-patchbomb-tls.t b/tests/test-patchbomb-tls.t
--- a/tests/test-patchbomb-tls.t
+++ b/tests/test-patchbomb-tls.t
@@ -39,7 +39,7 @@ Utility functions:
 Our test cert is not signed by a trusted CA. It should fail to verify if
 we are able to load CA certs:
 
-#if sslcontext defaultcacerts no-defaultcacertsloaded
+#if sslcontext no-defaultcacertsloaded
   $ try
   this patch series consists of 1 patches.
   
@@ -49,7 +49,7 @@ we are able to load CA certs:
   [255]
 #endif
 
-#if no-sslcontext defaultcacerts
+#if no-sslcontext
   $ try
   this patch series consists of 1 patches.
   
@@ -73,17 +73,6 @@ we are able to load CA certs:
 
 #endif
 
-#if no-defaultcacerts
-  $ try
-  this patch series consists of 1 patches.
-  
-  
-  (unable to load * certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
-  abort: localhost certificate error: no certificate received
-  (set hostsecurity.localhost:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
-  [255]
-#endif
-
   $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
 
 Without certificates:


