Show More
| @@ -1423,10 +1423,6 b' User interface controls.' | |||
|
|
1423 | 1423 | ``remotecmd`` |
|
|
1424 | 1424 | remote command to use for clone/push/pull operations. Default is ``hg``. |
|
|
1425 | 1425 | |
|
|
1426 | ``reportoldssl`` | |
|
|
1427 | Warn if an SSL certificate is unable to be used due to using Python | |
|
|
1428 | 2.5 or earlier. True or False. Default is True. | |
|
|
1429 | ||
|
|
1430 | 1426 | ``report_untrusted`` |
|
|
1431 | 1427 | Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a |
|
|
1432 | 1428 | trusted user or group. True or False. Default is True. |
| @@ -6,15 +6,13 b'' | |||
|
|
6 | 6 | # |
|
|
7 | 7 | # This software may be used and distributed according to the terms of the |
|
|
8 | 8 | # GNU General Public License version 2 or any later version. |
|
|
9 | import os, sys | |
|
|
9 | import os, sys, ssl | |
|
|
10 | 10 | |
|
|
11 | 11 | from mercurial import util |
|
|
12 | 12 | from mercurial.i18n import _ |
|
|
13 | 13 | |
|
|
14 | 14 | _canloaddefaultcerts = False |
|
|
15 | 15 | try: |
|
|
16 | # avoid using deprecated/broken FakeSocket in python 2.6 | |
|
|
17 | import ssl | |
|
|
18 | 16 | CERT_REQUIRED = ssl.CERT_REQUIRED |
|
|
19 | 17 | try: |
|
|
20 | 18 | ssl_context = ssl.SSLContext |
| @@ -68,21 +66,7 b' try:' | |||
|
|
68 | 66 | raise util.Abort(_('ssl connection failed')) |
|
|
69 | 67 | return sslsocket |
|
|
70 | 68 | except ImportError: |
|
|
71 | CERT_REQUIRED = 2 | |
|
|
72 | ||
|
|
73 | import socket, httplib | |
|
|
74 | ||
|
|
75 | def wrapsocket(sock, keyfile, certfile, ui, | |
|
|
76 | cert_reqs=CERT_REQUIRED, | |
|
|
77 | ca_certs=None, serverhostname=None): | |
|
|
78 | if not util.safehasattr(socket, 'ssl'): | |
|
|
79 | raise util.Abort(_('Python SSL support not found')) | |
|
|
80 | if ca_certs: | |
|
|
81 | raise util.Abort(_( | |
|
|
82 | 'certificate checking requires Python 2.6')) | |
|
|
83 | ||
|
|
84 | ssl = socket.ssl(sock, keyfile, certfile) | |
|
|
85 | return httplib.FakeSocket(sock, ssl) | |
|
|
69 | raise | |
|
|
86 | 70 | |
|
|
87 | 71 | def _verifycert(cert, hostname): |
|
|
88 | 72 | '''Verify that cert (in socket.getpeercert() format) matches hostname. |
| @@ -123,9 +107,6 b' def _verifycert(cert, hostname):' | |||
|
|
123 | 107 | |
|
|
124 | 108 | # CERT_REQUIRED means fetch the cert from the server all the time AND |
|
|
125 | 109 | # validate it against the CA store provided in web.cacerts. |
|
|
126 | # | |
|
|
127 | # We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally | |
|
|
128 | # busted on those versions. | |
|
|
129 | 110 | |
|
|
130 | 111 | def _plainapplepython(): |
|
|
131 | 112 | """return true if this seems to be a pure Apple Python that |
| @@ -183,17 +164,6 b' class validator(object):' | |||
|
|
183 | 164 | host = self.host |
|
|
184 | 165 | cacerts = self.ui.config('web', 'cacerts') |
|
|
185 | 166 | hostfingerprint = self.ui.config('hostfingerprints', host) |
|
|
186 | if not getattr(sock, 'getpeercert', False): # python 2.5 ? | |
|
|
187 | if hostfingerprint: | |
|
|
188 | raise util.Abort(_("host fingerprint for %s can't be " | |
|
|
189 | "verified (Python too old)") % host) | |
|
|
190 | if strict: | |
|
|
191 | raise util.Abort(_("certificate for %s can't be verified " | |
|
|
192 | "(Python too old)") % host) | |
|
|
193 | if self.ui.configbool('ui', 'reportoldssl', True): | |
|
|
194 | self.ui.warn(_("warning: certificate for %s can't be verified " | |
|
|
195 | "(Python too old)\n") % host) | |
|
|
196 | return | |
|
|
197 | 167 | |
|
|
198 | 168 | if not sock.cipher(): # work around http://bugs.python.org/issue13721 |
|
|
199 | 169 | raise util.Abort(_('%s ssl connection error') % host) |
General Comments 0
You need to be logged in to leave comments.
Login now