Show More
@@ -14,10 +14,13 b' try:' | |||||
14 | # avoid using deprecated/broken FakeSocket in python 2.6 |
|
14 | # avoid using deprecated/broken FakeSocket in python 2.6 | |
15 | import ssl |
|
15 | import ssl | |
16 | CERT_REQUIRED = ssl.CERT_REQUIRED |
|
16 | CERT_REQUIRED = ssl.CERT_REQUIRED | |
17 | def ssl_wrap_socket(sock, keyfile, certfile, |
|
17 | PROTOCOL_SSLv23 = ssl.PROTOCOL_SSLv23 | |
|
18 | PROTOCOL_TLSv1 = ssl.PROTOCOL_TLSv1 | |||
|
19 | def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, | |||
18 | cert_reqs=ssl.CERT_NONE, ca_certs=None): |
|
20 | cert_reqs=ssl.CERT_NONE, ca_certs=None): | |
19 | sslsocket = ssl.wrap_socket(sock, keyfile, certfile, |
|
21 | sslsocket = ssl.wrap_socket(sock, keyfile, certfile, | |
20 |
cert_reqs=cert_reqs, ca_certs=ca_certs |
|
22 | cert_reqs=cert_reqs, ca_certs=ca_certs, | |
|
23 | ssl_version=ssl_version) | |||
21 | # check if wrap_socket failed silently because socket had been closed |
|
24 | # check if wrap_socket failed silently because socket had been closed | |
22 | # - see http://bugs.python.org/issue13721 |
|
25 | # - see http://bugs.python.org/issue13721 | |
23 | if not sslsocket.cipher(): |
|
26 | if not sslsocket.cipher(): | |
@@ -26,9 +29,12 b' try:' | |||||
26 | except ImportError: |
|
29 | except ImportError: | |
27 | CERT_REQUIRED = 2 |
|
30 | CERT_REQUIRED = 2 | |
28 |
|
31 | |||
|
32 | PROTOCOL_SSLv23 = 2 | |||
|
33 | PROTOCOL_TLSv1 = 3 | |||
|
34 | ||||
29 | import socket, httplib |
|
35 | import socket, httplib | |
30 |
|
36 | |||
31 | def ssl_wrap_socket(sock, key_file, cert_file, |
|
37 | def ssl_wrap_socket(sock, key_file, cert_file, ssl_version=PROTOCOL_TLSv1, | |
32 | cert_reqs=CERT_REQUIRED, ca_certs=None): |
|
38 | cert_reqs=CERT_REQUIRED, ca_certs=None): | |
33 | if not util.safehasattr(socket, 'ssl'): |
|
39 | if not util.safehasattr(socket, 'ssl'): | |
34 | raise util.Abort(_('Python SSL support not found')) |
|
40 | raise util.Abort(_('Python SSL support not found')) | |
@@ -84,15 +90,22 b' def _verifycert(cert, hostname):' | |||||
84 |
|
90 | |||
85 | def sslkwargs(ui, host): |
|
91 | def sslkwargs(ui, host): | |
86 | cacerts = ui.config('web', 'cacerts') |
|
92 | cacerts = ui.config('web', 'cacerts') | |
|
93 | forcetls = ui.configbool('ui', 'tls', default=True) | |||
|
94 | if forcetls: | |||
|
95 | ssl_version = PROTOCOL_TLSv1 | |||
|
96 | else: | |||
|
97 | ssl_version = PROTOCOL_SSLv23 | |||
87 | hostfingerprint = ui.config('hostfingerprints', host) |
|
98 | hostfingerprint = ui.config('hostfingerprints', host) | |
|
99 | kws = {'ssl_version': ssl_version, | |||
|
100 | } | |||
88 | if cacerts and not hostfingerprint: |
|
101 | if cacerts and not hostfingerprint: | |
89 | cacerts = util.expandpath(cacerts) |
|
102 | cacerts = util.expandpath(cacerts) | |
90 | if not os.path.exists(cacerts): |
|
103 | if not os.path.exists(cacerts): | |
91 | raise util.Abort(_('could not find web.cacerts: %s') % cacerts) |
|
104 | raise util.Abort(_('could not find web.cacerts: %s') % cacerts) | |
92 |
|
|
105 | kws.update({'ca_certs': cacerts, | |
93 | 'cert_reqs': CERT_REQUIRED, |
|
106 | 'cert_reqs': CERT_REQUIRED, | |
94 | } |
|
107 | }) | |
95 |
return |
|
108 | return kws | |
96 |
|
109 | |||
97 | class validator(object): |
|
110 | class validator(object): | |
98 | def __init__(self, ui, host): |
|
111 | def __init__(self, ui, host): |
General Comments 0
You need to be logged in to leave comments.
Login now