Show More
@@ -224,15 +224,23 b' class _httprequesthandlerssl(_httpreques' | |||||
224 | @staticmethod |
|
224 | @staticmethod | |
225 | def preparehttpserver(httpserver, ui): |
|
225 | def preparehttpserver(httpserver, ui): | |
226 | try: |
|
226 | try: | |
227 | import ssl |
|
227 | from .. import sslutil | |
228 |
ssl. |
|
228 | sslutil.modernssl | |
229 | except ImportError: |
|
229 | except ImportError: | |
230 | raise error.Abort(_("SSL support is unavailable")) |
|
230 | raise error.Abort(_("SSL support is unavailable")) | |
231 |
|
231 | |||
232 | certfile = ui.config('web', 'certificate') |
|
232 | certfile = ui.config('web', 'certificate') | |
233 | httpserver.socket = ssl.wrap_socket( |
|
233 | ||
234 | httpserver.socket, server_side=True, |
|
234 | # These config options are currently only meant for testing. Use | |
235 | certfile=certfile, ssl_version=ssl.PROTOCOL_TLSv1) |
|
235 | # at your own risk. | |
|
236 | cafile = ui.config('devel', 'servercafile') | |||
|
237 | reqcert = ui.configbool('devel', 'serverrequirecert') | |||
|
238 | ||||
|
239 | httpserver.socket = sslutil.wrapserversocket(httpserver.socket, | |||
|
240 | ui, | |||
|
241 | certfile=certfile, | |||
|
242 | cafile=cafile, | |||
|
243 | requireclientcert=reqcert) | |||
236 |
|
244 | |||
237 | def setup(self): |
|
245 | def setup(self): | |
238 | self.connection = self.request |
|
246 | self.connection = self.request |
@@ -397,27 +397,11 b' Test https with cert problems through pr' | |||||
397 |
|
397 | |||
398 | #if sslcontext |
|
398 | #if sslcontext | |
399 |
|
399 | |||
400 |
Start |
|
400 | Start hgweb that requires client certificates: | |
401 |
|
401 | |||
402 | $ cat << EOT > reqclientcert.py |
|
|||
403 | > import ssl |
|
|||
404 | > from mercurial.hgweb import server |
|
|||
405 | > class _httprequesthandlersslclientcert(server._httprequesthandlerssl): |
|
|||
406 | > @staticmethod |
|
|||
407 | > def preparehttpserver(httpserver, ui): |
|
|||
408 | > certfile = ui.config('web', 'certificate') |
|
|||
409 | > sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1) |
|
|||
410 | > sslcontext.verify_mode = ssl.CERT_REQUIRED |
|
|||
411 | > sslcontext.load_cert_chain(certfile) |
|
|||
412 | > # verify clients by server certificate |
|
|||
413 | > sslcontext.load_verify_locations(certfile) |
|
|||
414 | > httpserver.socket = sslcontext.wrap_socket(httpserver.socket, |
|
|||
415 | > server_side=True) |
|
|||
416 | > server._httprequesthandlerssl = _httprequesthandlersslclientcert |
|
|||
417 | > EOT |
|
|||
418 | $ cd test |
|
402 | $ cd test | |
419 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ |
|
403 | $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ | |
420 | > --config extensions.reqclientcert=../reqclientcert.py |
|
404 | > --config devel.servercafile=$PRIV --config devel.serverrequirecert=true | |
421 | $ cat ../hg0.pid >> $DAEMON_PIDS |
|
405 | $ cat ../hg0.pid >> $DAEMON_PIDS | |
422 | $ cd .. |
|
406 | $ cd .. | |
423 |
|
407 |
General Comments 0
You need to be logged in to leave comments.
Login now