upstream/mercurial-mirror Commit - r29108:16021d58

1

# sslutil.py - SSL handling for mercurial

1

# sslutil.py - SSL handling for mercurial

2

#

2

#

3

4

5

6

#

6

#

7

# This software may be used and distributed according to the terms of the

7

# This software may be used and distributed according to the terms of the

8

# GNU General Public License version 2 or any later version.

8

# GNU General Public License version 2 or any later version.

9

10

from __future__ import absolute_import

10

from __future__ import absolute_import

11

12

import os

12

import os

13

import ssl

13

import ssl

14

import sys

14

import sys

15

16

from .i18n import _

16

from .i18n import _

17

from . import (

17

from . import (

18

error,

18

error,

19

util,

19

util,

20

)

20

)

21

22

# Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added

22

# Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added

23

# support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are

23

# support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are

24

# all exposed via the "ssl" module.

24

# all exposed via the "ssl" module.

25

#

25

#

26

# Depending on the version of Python being used, SSL/TLS support is either

26

# Depending on the version of Python being used, SSL/TLS support is either

27

# modern/secure or legacy/insecure. Many operations in this module have

27

# modern/secure or legacy/insecure. Many operations in this module have

28

# separate code paths depending on support in Python.

28

# separate code paths depending on support in Python.

29

30

hassni = getattr(ssl, 'HAS_SNI', False)

30

hassni = getattr(ssl, 'HAS_SNI', False)

31

32

try:

32

try:

33

OP_NO_SSLv2 = ssl.OP_NO_SSLv2

33

OP_NO_SSLv2 = ssl.OP_NO_SSLv2

34

OP_NO_SSLv3 = ssl.OP_NO_SSLv3

34

OP_NO_SSLv3 = ssl.OP_NO_SSLv3

35

except AttributeError:

35

except AttributeError:

36

OP_NO_SSLv2 = 0x1000000

36

OP_NO_SSLv2 = 0x1000000

37

OP_NO_SSLv3 = 0x2000000

37

OP_NO_SSLv3 = 0x2000000

38

39

try:

39

try:

40

# ssl.SSLContext was added in 2.7.9 and presence indicates modern

40

# ssl.SSLContext was added in 2.7.9 and presence indicates modern

41

# SSL/TLS features are available.

41

# SSL/TLS features are available.

42

SSLContext = ssl.SSLContext

42

SSLContext = ssl.SSLContext

43

modernssl = True

43

modernssl = True

44

_canloaddefaultcerts = util.safehasattr(SSLContext, 'load_default_certs')

44

_canloaddefaultcerts = util.safehasattr(SSLContext, 'load_default_certs')

45

except AttributeError:

45

except AttributeError:

46

modernssl = False

46

modernssl = False

47

_canloaddefaultcerts = False

47

_canloaddefaultcerts = False

48

49

# We implement SSLContext using the interface from the standard library.

49

# We implement SSLContext using the interface from the standard library.

50

class SSLContext(object):

50

class SSLContext(object):

51

# ssl.wrap_socket gained the "ciphers" named argument in 2.7.

51

# ssl.wrap_socket gained the "ciphers" named argument in 2.7.

52

_supportsciphers = sys.version_info >= (2, 7)

52

_supportsciphers = sys.version_info >= (2, 7)

53

54

def __init__(self, protocol):

54

def __init__(self, protocol):

55

# From the public interface of SSLContext

55

# From the public interface of SSLContext

56

self.protocol = protocol

56

self.protocol = protocol

57

self.check_hostname = False

57

self.check_hostname = False

58

self.options = 0

58

self.options = 0

59

self.verify_mode = ssl.CERT_NONE

59

self.verify_mode = ssl.CERT_NONE

60

61

# Used by our implementation.

61

# Used by our implementation.

62

self._certfile = None

62

self._certfile = None

63

self._keyfile = None

63

self._keyfile = None

64

self._certpassword = None

64

self._certpassword = None

65

self._cacerts = None

65

self._cacerts = None

66

self._ciphers = None

66

self._ciphers = None

67

68

def load_cert_chain(self, certfile, keyfile=None, password=None):

68

def load_cert_chain(self, certfile, keyfile=None, password=None):

69

self._certfile = certfile

69

self._certfile = certfile

70

self._keyfile = keyfile

70

self._keyfile = keyfile

71

self._certpassword = password

71

self._certpassword = password

72

73

def load_default_certs(self, purpose=None):

73

def load_default_certs(self, purpose=None):

74

pass

74

pass

75

76

def load_verify_locations(self, cafile=None, capath=None, cadata=None):

76

def load_verify_locations(self, cafile=None, capath=None, cadata=None):

77

if capath:

77

if capath:

78

raise error.Abort('capath not supported')

78

raise error.Abort('capath not supported')

79

if cadata:

79

if cadata:

80

raise error.Abort('cadata not supported')

80

raise error.Abort('cadata not supported')

81

82

self._cacerts = cafile

82

self._cacerts = cafile

83

84

def set_ciphers(self, ciphers):

84

def set_ciphers(self, ciphers):

85

if not self._supportsciphers:

85

if not self._supportsciphers:

86

raise error.Abort('setting ciphers not supported')

86

raise error.Abort('setting ciphers not supported')

87

88

self._ciphers = ciphers

88

self._ciphers = ciphers

89

90

def wrap_socket(self, socket, server_hostname=None, server_side=False):

90

def wrap_socket(self, socket, server_hostname=None, server_side=False):

91

# server_hostname is unique to SSLContext.wrap_socket and is used

91

# server_hostname is unique to SSLContext.wrap_socket and is used

92

# for SNI in that context. So there's nothing for us to do with it

92

# for SNI in that context. So there's nothing for us to do with it

93

# in this legacy code since we don't support SNI.

93

# in this legacy code since we don't support SNI.

94

95

args = {

95

args = {

96

'keyfile': self._keyfile,

96

'keyfile': self._keyfile,

97

'certfile': self._certfile,

97

'certfile': self._certfile,

98

'server_side': server_side,

98

'server_side': server_side,

99

'cert_reqs': self.verify_mode,

99

'cert_reqs': self.verify_mode,

100

'ssl_version': self.protocol,

100

'ssl_version': self.protocol,

101

'ca_certs': self._cacerts,

101

'ca_certs': self._cacerts,

102

}

102

}

103

104

if self._supportsciphers:

104

if self._supportsciphers:

105

args['ciphers'] = self._ciphers

105

args['ciphers'] = self._ciphers

106

107

return ssl.wrap_socket(socket, **args)

107

return ssl.wrap_socket(socket, **args)

108

109

def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE,

109

def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE,

110

ca_certs=None, serverhostname=None):

110

ca_certs=None, serverhostname=None):

111

"""Add SSL/TLS to a socket.

111

"""Add SSL/TLS to a socket.

112

113

This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane

113

This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane

114

choices based on what security options are available.

114

choices based on what security options are available.

115

116

In addition to the arguments supported by ``ssl.wrap_socket``, we allow

116

In addition to the arguments supported by ``ssl.wrap_socket``, we allow

117

the following additional arguments:

117

the following additional arguments:

118

119

* serverhostname - The expected hostname of the remote server. If the

119

* serverhostname - The expected hostname of the remote server. If the

120

server (and client) support SNI, this tells the server which certificate

120

server (and client) support SNI, this tells the server which certificate

121

to use.

121

to use.

122

"""

122

"""

123

# Despite its name, PROTOCOL_SSLv23 selects the highest protocol

123

# Despite its name, PROTOCOL_SSLv23 selects the highest protocol

124

# that both ends support, including TLS protocols. On legacy stacks,

124

# that both ends support, including TLS protocols. On legacy stacks,

125

# the highest it likely goes in TLS 1.0. On modern stacks, it can

125

# the highest it likely goes in TLS 1.0. On modern stacks, it can

126

# support TLS 1.2.

126

# support TLS 1.2.

127

#

127

#

128

# The PROTOCOL_TLSv* constants select a specific TLS version

128

# The PROTOCOL_TLSv* constants select a specific TLS version

129

# only (as opposed to multiple versions). So the method for

129

# only (as opposed to multiple versions). So the method for

130

# supporting multiple TLS versions is to use PROTOCOL_SSLv23 and

130

# supporting multiple TLS versions is to use PROTOCOL_SSLv23 and

131

# disable protocols via SSLContext.options and OP_NO_* constants.

131

# disable protocols via SSLContext.options and OP_NO_* constants.

132

# However, SSLContext.options doesn't work unless we have the

132

# However, SSLContext.options doesn't work unless we have the

133

# full/real SSLContext available to us.

133

# full/real SSLContext available to us.

134

#

134

#

135

# SSLv2 and SSLv3 are broken. We ban them outright.

135

# SSLv2 and SSLv3 are broken. We ban them outright.

136

if modernssl:

136

if modernssl:

137

protocol = ssl.PROTOCOL_SSLv23

137

protocol = ssl.PROTOCOL_SSLv23

138

else:

138

else:

139

protocol = ssl.PROTOCOL_TLSv1

139

protocol = ssl.PROTOCOL_TLSv1

140

141

# TODO use ssl.create_default_context() on modernssl.

141

# TODO use ssl.create_default_context() on modernssl.

142

sslcontext = SSLContext(protocol)

142

sslcontext = SSLContext(protocol)

143

144

# This is a no-op on old Python.

144

# This is a no-op on old Python.

145

sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3

145

sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3

146

147

# This still works on our fake SSLContext.

147

# This still works on our fake SSLContext.

148

sslcontext.verify_mode = cert_reqs

148

sslcontext.verify_mode = cert_reqs

149

150

if certfile is not None:

150

if certfile is not None:

151

def password():

151

def password():

152

f = keyfile or certfile

152

f = keyfile or certfile

153

return ui.getpass(_('passphrase for %s: ') % f, '')

153

return ui.getpass(_('passphrase for %s: ') % f, '')

154

sslcontext.load_cert_chain(certfile, keyfile, password)

154

sslcontext.load_cert_chain(certfile, keyfile, password)

155

156

if ca_certs is not None:

156

if ca_certs is not None:

157

sslcontext.load_verify_locations(cafile=ca_certs)

157

sslcontext.load_verify_locations(cafile=ca_certs)

158

else:

158

else:

159

# This is a no-op on old Python.

159

# This is a no-op on old Python.

160

sslcontext.load_default_certs()

160

sslcontext.load_default_certs()

161

162

sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)

162

sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)

163

# check if wrap_socket failed silently because socket had been

163

# check if wrap_socket failed silently because socket had been

164

# closed

164

# closed

165

# - see http://bugs.python.org/issue13721

165

# - see http://bugs.python.org/issue13721

166

if not sslsocket.cipher():

166

if not sslsocket.cipher():

167

raise error.Abort(_('ssl connection failed'))

167

raise error.Abort(_('ssl connection failed'))

168

return sslsocket

168

return sslsocket

169

170

def _verifycert(cert, hostname):

170

def _verifycert(cert, hostname):

171

'''Verify that cert (in socket.getpeercert() format) matches hostname.

171

'''Verify that cert (in socket.getpeercert() format) matches hostname.

172

CRLs is not handled.

172

CRLs is not handled.

173

174

Returns error message if any problems are found and None on success.

174

Returns error message if any problems are found and None on success.

175

'''

175

'''

176

if not cert:

176

if not cert:

177

return _('no certificate received')

177

return _('no certificate received')

178

dnsname = hostname.lower()

178

dnsname = hostname.lower()

179

def matchdnsname(certname):

179

def matchdnsname(certname):

180

return (certname == dnsname or

180

return (certname == dnsname or

181

'.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1])

181

'.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1])

182

183

san = cert.get('subjectAltName', [])

183

san = cert.get('subjectAltName', [])

184

if san:

184

if san:

185

certnames = [value.lower() for key, value in san if key == 'DNS']

185

certnames = [value.lower() for key, value in san if key == 'DNS']

186

for name in certnames:

186

for name in certnames:

187

if matchdnsname(name):

187

if matchdnsname(name):

188

return None

188

return None

189

if certnames:

189

if certnames:

190

return _('certificate is for %s') % ', '.join(certnames)

190

return _('certificate is for %s') % ', '.join(certnames)

191

192

# subject is only checked when subjectAltName is empty

192

# subject is only checked when subjectAltName is empty

193

for s in cert.get('subject', []):

193

for s in cert.get('subject', []):

194

key, value = s[0]

194

key, value = s[0]

195

if key == 'commonName':

195

if key == 'commonName':

196

try:

196

try:

197

# 'subject' entries are unicode

197

# 'subject' entries are unicode

198

certname = value.lower().encode('ascii')

198

certname = value.lower().encode('ascii')

199

except UnicodeEncodeError:

199

except UnicodeEncodeError:

200

return _('IDN in certificate not supported')

200

return _('IDN in certificate not supported')

201

if matchdnsname(certname):

201

if matchdnsname(certname):

202

return None

202

return None

203

return _('certificate is for %s') % certname

203

return _('certificate is for %s') % certname

204

return _('no commonName or subjectAltName found in certificate')

204

return _('no commonName or subjectAltName found in certificate')

205

206

207

# CERT_REQUIRED means fetch the cert from the server all the time AND

207

# CERT_REQUIRED means fetch the cert from the server all the time AND

208

# validate it against the CA store provided in web.cacerts.

208

# validate it against the CA store provided in web.cacerts.

209

210

def _plainapplepython():

210

def _plainapplepython():

211

"""return true if this seems to be a pure Apple Python that

211

"""return true if this seems to be a pure Apple Python that

212

* is unfrozen and presumably has the whole mercurial module in the file

212

* is unfrozen and presumably has the whole mercurial module in the file

213

system

213

system

214

* presumably is an Apple Python that uses Apple OpenSSL which has patches

214

* presumably is an Apple Python that uses Apple OpenSSL which has patches

215

for using system certificate store CAs in addition to the provided

215

for using system certificate store CAs in addition to the provided

216

cacerts file

216

cacerts file

217

"""

217

"""

218

if sys.platform != 'darwin' or util.mainfrozen() or not sys.executable:

218

if sys.platform != 'darwin' or util.mainfrozen() or not sys.executable:

219

return False

219

return False

220

exe = os.path.realpath(sys.executable).lower()

220

exe = os.path.realpath(sys.executable).lower()

221

return (exe.startswith('/usr/bin/python') or

221

return (exe.startswith('/usr/bin/python') or

222

exe.startswith('/system/library/frameworks/python.framework/'))

222

exe.startswith('/system/library/frameworks/python.framework/'))

223

224

def _defaultcacerts():

224

def _defaultcacerts():

225

"""return path to default CA certificates or None."""

225

"""return path to default CA certificates or None."""

226

if _plainapplepython():

226

if _plainapplepython():

227

dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')

227

dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')

228

if os.path.exists(dummycert):

228

if os.path.exists(dummycert):

229

return dummycert

229

return dummycert

230

231

return None

231

return None

232

233

def sslkwargs(ui, host):

233

def sslkwargs(ui, host):

234

"""Determine arguments to pass to wrapsocket().

234

"""Determine arguments to pass to wrapsocket().

235

236

``host`` is the hostname being connected to.

236

``host`` is the hostname being connected to.

237

"""

237

"""

238

kws = {'ui': ui}

238

kws = {'ui': ui}

239

240

# If a host key fingerprint is on file, it is the only thing that matters

240

# If a host key fingerprint is on file, it is the only thing that matters

241

# and CA certs don't come into play.

241

# and CA certs don't come into play.

242

hostfingerprint = ui.config('hostfingerprints', host)

242

hostfingerprint = ui.config('hostfingerprints', host)

243

if hostfingerprint:

243

if hostfingerprint:

244

return kws

244

return kws

245

246

# dispatch sets web.cacerts=! when --insecure is used.

246

# dispatch sets web.cacerts=! when --insecure is used.

247

cacerts = ui.config('web', 'cacerts')

247

cacerts = ui.config('web', 'cacerts')

248

if cacerts == '!':

248

if cacerts == '!':

249

return kws

249

return kws

250

251

# If a value is set in the config, validate against a path and load

251

# If a value is set in the config, validate against a path and load

252

# and require those certs.

252

# and require those certs.

253

if cacerts:

253

if cacerts:

254

cacerts = util.expandpath(cacerts)

254

cacerts = util.expandpath(cacerts)

255

if not os.path.exists(cacerts):

255

if not os.path.exists(cacerts):

256

raise error.Abort(_('could not find web.cacerts: %s') % cacerts)

256

raise error.Abort(_('could not find web.cacerts: %s') % cacerts)

257

258

kws.update({'ca_certs': cacerts,

258

kws.update({'ca_certs': cacerts,

259

'cert_reqs': ssl.CERT_REQUIRED})

259

'cert_reqs': ssl.CERT_REQUIRED})

260

return kws

260

return kws

261

262

# No CAs in config. See if we can load defaults.

262

# No CAs in config. See if we can load defaults.

263

cacerts = _defaultcacerts()

263

cacerts = _defaultcacerts()

264

265

# We found an alternate CA bundle to use. Load it.

264

if cacerts:

266

if cacerts:

265

ui.debug('using %s to enable OS X system CA\n' % cacerts)

267

ui.debug('using %s to enable OS X system CA\n' % cacerts)

266

else:

268

ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')

267

if not _canloaddefaultcerts:

269

kws.update({'ca_certs': cacerts,

268

cacerts = '!'

270

'cert_reqs': ssl.CERT_REQUIRED})

271

return kws

269

272

270

ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')

273

# FUTURE this can disappear once wrapsocket() is secure by default.

274

if _canloaddefaultcerts:

275

kws['cert_reqs'] = ssl.CERT_REQUIRED

276

return kws

271

277

272

if cacerts != '!':

278

# This is effectively indicating that no CAs can be loaded because

273

kws.update({'ca_certs': cacerts,

279

# we can't get here if web.cacerts is set or if we can find

274

'cert_reqs': ssl.CERT_REQUIRED,

280

# CA certs elsewhere. Using a config option (which is later

275

})

281

# consulted by validator.__call__ is not very obvious).

282

# FUTURE fix this

283

ui.setconfig('web', 'cacerts', '!', 'defaultcacerts')

276

return kws

284

return kws

277

285

278

class validator(object):

286

class validator(object):

279

def __init__(self, ui, host):

287

def __init__(self, ui, host):

280

self.ui = ui

288

self.ui = ui

281

self.host = host

289

self.host = host

282

290

283

def __call__(self, sock, strict=False):

291

def __call__(self, sock, strict=False):

284

host = self.host

292

host = self.host

285

293

286

if not sock.cipher(): # work around http://bugs.python.org/issue13721

294

if not sock.cipher(): # work around http://bugs.python.org/issue13721

287

raise error.Abort(_('%s ssl connection error') % host)

295

raise error.Abort(_('%s ssl connection error') % host)

288

try:

296

try:

289

peercert = sock.getpeercert(True)

297

peercert = sock.getpeercert(True)

290

peercert2 = sock.getpeercert()

298

peercert2 = sock.getpeercert()

291

except AttributeError:

299

except AttributeError:

292

raise error.Abort(_('%s ssl connection error') % host)

300

raise error.Abort(_('%s ssl connection error') % host)

293

301

294

if not peercert:

302

if not peercert:

295

raise error.Abort(_('%s certificate error: '

303

raise error.Abort(_('%s certificate error: '

296

'no certificate received') % host)

304

'no certificate received') % host)

297

305

298

# If a certificate fingerprint is pinned, use it and only it to

306

# If a certificate fingerprint is pinned, use it and only it to

299

# validate the remote cert.

307

# validate the remote cert.

300

hostfingerprints = self.ui.configlist('hostfingerprints', host)

308

hostfingerprints = self.ui.configlist('hostfingerprints', host)

301

peerfingerprint = util.sha1(peercert).hexdigest()

309

peerfingerprint = util.sha1(peercert).hexdigest()

302

nicefingerprint = ":".join([peerfingerprint[x:x + 2]

310

nicefingerprint = ":".join([peerfingerprint[x:x + 2]

303

for x in xrange(0, len(peerfingerprint), 2)])

311

for x in xrange(0, len(peerfingerprint), 2)])

304

if hostfingerprints:

312

if hostfingerprints:

305

fingerprintmatch = False

313

fingerprintmatch = False

306

for hostfingerprint in hostfingerprints:

314

for hostfingerprint in hostfingerprints:

307

if peerfingerprint.lower() == \

315

if peerfingerprint.lower() == \

308

hostfingerprint.replace(':', '').lower():

316

hostfingerprint.replace(':', '').lower():

309

fingerprintmatch = True

317

fingerprintmatch = True

310

break

318

break

311

if not fingerprintmatch:

319

if not fingerprintmatch:

312

raise error.Abort(_('certificate for %s has unexpected '

320

raise error.Abort(_('certificate for %s has unexpected '

313

'fingerprint %s') % (host, nicefingerprint),

321

'fingerprint %s') % (host, nicefingerprint),

314

hint=_('check hostfingerprint configuration'))

322

hint=_('check hostfingerprint configuration'))

315

self.ui.debug('%s certificate matched fingerprint %s\n' %

323

self.ui.debug('%s certificate matched fingerprint %s\n' %

316

(host, nicefingerprint))

324

(host, nicefingerprint))

317

return

325

return

318

326

319

# No pinned fingerprint. Establish trust by looking at the CAs.

327

# No pinned fingerprint. Establish trust by looking at the CAs.

320

cacerts = self.ui.config('web', 'cacerts')

328

cacerts = self.ui.config('web', 'cacerts')

321

if cacerts != '!':

329

if cacerts != '!':

322

msg = _verifycert(peercert2, host)

330

msg = _verifycert(peercert2, host)

323

if msg:

331

if msg:

324

raise error.Abort(_('%s certificate error: %s') % (host, msg),

332

raise error.Abort(_('%s certificate error: %s') % (host, msg),

325

hint=_('configure hostfingerprint %s or use '

333

hint=_('configure hostfingerprint %s or use '

326

'--insecure to connect insecurely') %

334

'--insecure to connect insecurely') %

327

nicefingerprint)

335

nicefingerprint)

328

self.ui.debug('%s certificate successfully verified\n' % host)

336

self.ui.debug('%s certificate successfully verified\n' % host)

329

elif strict:

337

elif strict:

330

raise error.Abort(_('%s certificate with fingerprint %s not '

338

raise error.Abort(_('%s certificate with fingerprint %s not '

331

'verified') % (host, nicefingerprint),

339

'verified') % (host, nicefingerprint),

332

hint=_('check hostfingerprints or web.cacerts '

340

hint=_('check hostfingerprints or web.cacerts '

333

'config setting'))

341

'config setting'))

334

else:

342

else:

335

self.ui.warn(_('warning: %s certificate with fingerprint %s not '

343

self.ui.warn(_('warning: %s certificate with fingerprint %s not '

336

'verified (check hostfingerprints or web.cacerts '

344

'verified (check hostfingerprints or web.cacerts '

337

'config setting)\n') %

345

'config setting)\n') %

338

(host, nicefingerprint))

346

(host, nicefingerprint))

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # sslutil.py - SSL handling for mercurial
             #
             # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
             # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
             # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
             #
             # This software may be used and distributed according to the terms of the
             # GNU General Public License version 2 or any later version.
             from __future__ import absolute_import
             import os
             import ssl
             import sys
             from .i18n import _
             from . import (
                 error,
                 util,
             )
             # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added
             # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are
             # all exposed via the "ssl" module.
             #
             # Depending on the version of Python being used, SSL/TLS support is either
             # modern/secure or legacy/insecure. Many operations in this module have
             # separate code paths depending on support in Python.
             hassni = getattr(ssl, 'HAS_SNI', False)
             try:
                 OP_NO_SSLv2 = ssl.OP_NO_SSLv2
                 OP_NO_SSLv3 = ssl.OP_NO_SSLv3
             except AttributeError:
                 OP_NO_SSLv2 = 0x1000000
                 OP_NO_SSLv3 = 0x2000000
             try:
                 # ssl.SSLContext was added in 2.7.9 and presence indicates modern
                 # SSL/TLS features are available.
                 SSLContext = ssl.SSLContext
                 modernssl = True
                 _canloaddefaultcerts = util.safehasattr(SSLContext, 'load_default_certs')
             except AttributeError:
                 modernssl = False
                 _canloaddefaultcerts = False
                 # We implement SSLContext using the interface from the standard library.
                 class SSLContext(object):
                     # ssl.wrap_socket gained the "ciphers" named argument in 2.7.
                     _supportsciphers = sys.version_info >= (2, 7)
                     def __init__(self, protocol):
                         # From the public interface of SSLContext
                         self.protocol = protocol
                         self.check_hostname = False
                         self.options = 0
                         self.verify_mode = ssl.CERT_NONE
                         # Used by our implementation.
                         self._certfile = None
                         self._keyfile = None
                         self._certpassword = None
                         self._cacerts = None
                         self._ciphers = None
                     def load_cert_chain(self, certfile, keyfile=None, password=None):
                         self._certfile = certfile
                         self._keyfile = keyfile
                         self._certpassword = password
                     def load_default_certs(self, purpose=None):
                         pass
                     def load_verify_locations(self, cafile=None, capath=None, cadata=None):
                         if capath:
                             raise error.Abort('capath not supported')
                         if cadata:
                             raise error.Abort('cadata not supported')
                         self._cacerts = cafile
                     def set_ciphers(self, ciphers):
                         if not self._supportsciphers:
                             raise error.Abort('setting ciphers not supported')
                         self._ciphers = ciphers
                     def wrap_socket(self, socket, server_hostname=None, server_side=False):
                         # server_hostname is unique to SSLContext.wrap_socket and is used
                         # for SNI in that context. So there's nothing for us to do with it
                         # in this legacy code since we don't support SNI.
                         args = {
                             'keyfile': self._keyfile,
                             'certfile': self._certfile,
                             'server_side': server_side,
                             'cert_reqs': self.verify_mode,
                             'ssl_version': self.protocol,
                             'ca_certs': self._cacerts,
                         }
                         if self._supportsciphers:
                             args['ciphers'] = self._ciphers
                         return ssl.wrap_socket(socket, **args)
             def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE,
                            ca_certs=None, serverhostname=None):
                 """Add SSL/TLS to a socket.
                 This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane
                 choices based on what security options are available.
                 In addition to the arguments supported by ``ssl.wrap_socket``, we allow
                 the following additional arguments:
                 * serverhostname - The expected hostname of the remote server. If the
                   server (and client) support SNI, this tells the server which certificate
                   to use.
                 """
                 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
                 # that both ends support, including TLS protocols. On legacy stacks,
                 # the highest it likely goes in TLS 1.0. On modern stacks, it can
                 # support TLS 1.2.
                 #
                 # The PROTOCOL_TLSv* constants select a specific TLS version
                 # only (as opposed to multiple versions). So the method for
                 # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and
                 # disable protocols via SSLContext.options and OP_NO_* constants.
                 # However, SSLContext.options doesn't work unless we have the
                 # full/real SSLContext available to us.
                 #
                 # SSLv2 and SSLv3 are broken. We ban them outright.
                 if modernssl:
                     protocol = ssl.PROTOCOL_SSLv23
                 else:
                     protocol = ssl.PROTOCOL_TLSv1
                 # TODO use ssl.create_default_context() on modernssl.
                 sslcontext = SSLContext(protocol)
                 # This is a no-op on old Python.
                 sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3
                 # This still works on our fake SSLContext.
                 sslcontext.verify_mode = cert_reqs
                 if certfile is not None:
                     def password():
                         f = keyfile or certfile
                         return ui.getpass(_('passphrase for %s: ') % f, '')
                     sslcontext.load_cert_chain(certfile, keyfile, password)
                 if ca_certs is not None:
                     sslcontext.load_verify_locations(cafile=ca_certs)
                 else:
                     # This is a no-op on old Python.
                     sslcontext.load_default_certs()
                 sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)
                 # check if wrap_socket failed silently because socket had been
                 # closed
                 # - see http://bugs.python.org/issue13721
                 if not sslsocket.cipher():
                     raise error.Abort(_('ssl connection failed'))
                 return sslsocket
             def _verifycert(cert, hostname):
                 '''Verify that cert (in socket.getpeercert() format) matches hostname.
                 CRLs is not handled.
                 Returns error message if any problems are found and None on success.
                 '''
                 if not cert:
                     return _('no certificate received')
                 dnsname = hostname.lower()
                 def matchdnsname(certname):
                     return (certname == dnsname or
                             '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1])
                 san = cert.get('subjectAltName', [])
                 if san:
                     certnames = [value.lower() for key, value in san if key == 'DNS']
                     for name in certnames:
                         if matchdnsname(name):
                             return None
                     if certnames:
                         return _('certificate is for %s') % ', '.join(certnames)
                 # subject is only checked when subjectAltName is empty
                 for s in cert.get('subject', []):
                     key, value = s[0]
                     if key == 'commonName':
                         try:
                             # 'subject' entries are unicode
                             certname = value.lower().encode('ascii')
                         except UnicodeEncodeError:
                             return _('IDN in certificate not supported')
                         if matchdnsname(certname):
                             return None
                         return _('certificate is for %s') % certname
                 return _('no commonName or subjectAltName found in certificate')
             # CERT_REQUIRED means fetch the cert from the server all the time AND
             # validate it against the CA store provided in web.cacerts.
             def _plainapplepython():
                 """return true if this seems to be a pure Apple Python that
                 * is unfrozen and presumably has the whole mercurial module in the file
                   system
                 * presumably is an Apple Python that uses Apple OpenSSL which has patches
                   for using system certificate store CAs in addition to the provided
                   cacerts file
                 """
                 if sys.platform != 'darwin' or util.mainfrozen() or not sys.executable:
                     return False
                 exe = os.path.realpath(sys.executable).lower()
                 return (exe.startswith('/usr/bin/python') or
                         exe.startswith('/system/library/frameworks/python.framework/'))
             def _defaultcacerts():
                 """return path to default CA certificates or None."""
                 if _plainapplepython():
                     dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
                     if os.path.exists(dummycert):
                         return dummycert
                 return None
             def sslkwargs(ui, host):
                 """Determine arguments to pass to wrapsocket().
                 ``host`` is the hostname being connected to.
                 """
                 kws = {'ui': ui}
                 # If a host key fingerprint is on file, it is the only thing that matters
                 # and CA certs don't come into play.
                 hostfingerprint = ui.config('hostfingerprints', host)
                 if hostfingerprint:
                     return kws
                 # dispatch sets web.cacerts=! when --insecure is used.
                 cacerts = ui.config('web', 'cacerts')
                 if cacerts == '!':
                     return kws
                 # If a value is set in the config, validate against a path and load
                 # and require those certs.
                 if cacerts:
                     cacerts = util.expandpath(cacerts)
                     if not os.path.exists(cacerts):
                         raise error.Abort(_('could not find web.cacerts: %s') % cacerts)
                     kws.update({'ca_certs': cacerts,
                                 'cert_reqs': ssl.CERT_REQUIRED})
                     return kws
                 # No CAs in config. See if we can load defaults.
                 cacerts = _defaultcacerts()
+                # We found an alternate CA bundle to use. Load it.
                 if cacerts:
                     ui.debug('using %s to enable OS X system CA\n' % cacerts)
-                else:
+                    ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
-                    if not _canloaddefaultcerts:
+                    kws.update({'ca_certs': cacerts,
-                        cacerts = '!'
+                                'cert_reqs': ssl.CERT_REQUIRED})
+                    return kws
-                ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
+                # FUTURE this can disappear once wrapsocket() is secure by default.
+                if _canloaddefaultcerts:
+                    kws['cert_reqs'] = ssl.CERT_REQUIRED
+                    return kws
-                if cacerts != '!':
+                # This is effectively indicating that no CAs can be loaded because
-                    kws.update({'ca_certs': cacerts,
+                # we can't get here if web.cacerts is set or if we can find
-                                'cert_reqs': ssl.CERT_REQUIRED,
+                # CA certs elsewhere. Using a config option (which is later
-                                })
+                # consulted by validator.__call__ is not very obvious).
+                # FUTURE fix this
+                ui.setconfig('web', 'cacerts', '!', 'defaultcacerts')
                 return kws
             class validator(object):
                 def __init__(self, ui, host):
                     self.ui = ui
                     self.host = host
                 def __call__(self, sock, strict=False):
                     host = self.host
                     if not sock.cipher(): # work around http://bugs.python.org/issue13721
                         raise error.Abort(_('%s ssl connection error') % host)
                     try:
                         peercert = sock.getpeercert(True)
                         peercert2 = sock.getpeercert()
                     except AttributeError:
                         raise error.Abort(_('%s ssl connection error') % host)
                     if not peercert:
                         raise error.Abort(_('%s certificate error: '
                                            'no certificate received') % host)
                     # If a certificate fingerprint is pinned, use it and only it to
                     # validate the remote cert.
                     hostfingerprints = self.ui.configlist('hostfingerprints', host)
                     peerfingerprint = util.sha1(peercert).hexdigest()
                     nicefingerprint = ":".join([peerfingerprint[x:x + 2]
                         for x in xrange(0, len(peerfingerprint), 2)])
                     if hostfingerprints:
                         fingerprintmatch = False
                         for hostfingerprint in hostfingerprints:
                             if peerfingerprint.lower() == \
                                     hostfingerprint.replace(':', '').lower():
                                 fingerprintmatch = True
                                 break
                         if not fingerprintmatch:
                             raise error.Abort(_('certificate for %s has unexpected '
                                                'fingerprint %s') % (host, nicefingerprint),
                                              hint=_('check hostfingerprint configuration'))
                         self.ui.debug('%s certificate matched fingerprint %s\n' %
                                       (host, nicefingerprint))
                         return
                     # No pinned fingerprint. Establish trust by looking at the CAs.
                     cacerts = self.ui.config('web', 'cacerts')
                     if cacerts != '!':
                         msg = _verifycert(peercert2, host)
                         if msg:
                             raise error.Abort(_('%s certificate error: %s') % (host, msg),
                                              hint=_('configure hostfingerprint %s or use '
                                                     '--insecure to connect insecurely') %
                                                   nicefingerprint)
                         self.ui.debug('%s certificate successfully verified\n' % host)
                     elif strict:
                         raise error.Abort(_('%s certificate with fingerprint %s not '
                                            'verified') % (host, nicefingerprint),
                                          hint=_('check hostfingerprints or web.cacerts '
                                                  'config setting'))
                     else:
                         self.ui.warn(_('warning: %s certificate with fingerprint %s not '
                                        'verified (check hostfingerprints or web.cacerts '
                                        'config setting)\n') %
                                      (host, nicefingerprint))