Show More
@@ -14,10 +14,13 b' try:' | |||
|
14 | 14 | # avoid using deprecated/broken FakeSocket in python 2.6 |
|
15 | 15 | import ssl |
|
16 | 16 | CERT_REQUIRED = ssl.CERT_REQUIRED |
|
17 | def ssl_wrap_socket(sock, keyfile, certfile, | |
|
17 | PROTOCOL_SSLv23 = ssl.PROTOCOL_SSLv23 | |
|
18 | PROTOCOL_TLSv1 = ssl.PROTOCOL_TLSv1 | |
|
19 | def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, | |
|
18 | 20 | cert_reqs=ssl.CERT_NONE, ca_certs=None): |
|
19 | 21 | sslsocket = ssl.wrap_socket(sock, keyfile, certfile, |
|
20 |
cert_reqs=cert_reqs, ca_certs=ca_certs |
|
|
22 | cert_reqs=cert_reqs, ca_certs=ca_certs, | |
|
23 | ssl_version=ssl_version) | |
|
21 | 24 | # check if wrap_socket failed silently because socket had been closed |
|
22 | 25 | # - see http://bugs.python.org/issue13721 |
|
23 | 26 | if not sslsocket.cipher(): |
@@ -26,9 +29,12 b' try:' | |||
|
26 | 29 | except ImportError: |
|
27 | 30 | CERT_REQUIRED = 2 |
|
28 | 31 | |
|
32 | PROTOCOL_SSLv23 = 2 | |
|
33 | PROTOCOL_TLSv1 = 3 | |
|
34 | ||
|
29 | 35 | import socket, httplib |
|
30 | 36 | |
|
31 | def ssl_wrap_socket(sock, key_file, cert_file, | |
|
37 | def ssl_wrap_socket(sock, key_file, cert_file, ssl_version=PROTOCOL_TLSv1, | |
|
32 | 38 | cert_reqs=CERT_REQUIRED, ca_certs=None): |
|
33 | 39 | if not util.safehasattr(socket, 'ssl'): |
|
34 | 40 | raise util.Abort(_('Python SSL support not found')) |
@@ -84,15 +90,22 b' def _verifycert(cert, hostname):' | |||
|
84 | 90 | |
|
85 | 91 | def sslkwargs(ui, host): |
|
86 | 92 | cacerts = ui.config('web', 'cacerts') |
|
93 | forcetls = ui.configbool('ui', 'tls', default=True) | |
|
94 | if forcetls: | |
|
95 | ssl_version = PROTOCOL_TLSv1 | |
|
96 | else: | |
|
97 | ssl_version = PROTOCOL_SSLv23 | |
|
87 | 98 | hostfingerprint = ui.config('hostfingerprints', host) |
|
99 | kws = {'ssl_version': ssl_version, | |
|
100 | } | |
|
88 | 101 | if cacerts and not hostfingerprint: |
|
89 | 102 | cacerts = util.expandpath(cacerts) |
|
90 | 103 | if not os.path.exists(cacerts): |
|
91 | 104 | raise util.Abort(_('could not find web.cacerts: %s') % cacerts) |
|
92 |
|
|
|
93 | 'cert_reqs': CERT_REQUIRED, | |
|
94 | } | |
|
95 |
return |
|
|
105 | kws.update({'ca_certs': cacerts, | |
|
106 | 'cert_reqs': CERT_REQUIRED, | |
|
107 | }) | |
|
108 | return kws | |
|
96 | 109 | |
|
97 | 110 | class validator(object): |
|
98 | 111 | def __init__(self, ui, host): |
General Comments 0
You need to be logged in to leave comments.
Login now