upstream/mercurial-mirror Commit - r12742:6ab4a7d3

url: validity (notBefore/notAfter) is checked by OpenSSL (issue2407)...

Mads Kiilerich -

r12742:6ab4a7d3 default

parent child

mercurial/url.py

0 +3 -9

             # This software may be used and distributed according to the terms of the
             # GNU General Public License version 2 or any later version.
-            import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO, time
+            import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO
             import __builtin__
             from i18n import _
             import keepalive, util
                     return keepalive.HTTPHandler._start_transaction(self, h, req)
             def _verifycert(cert, hostname):
-                '''Verify that cert (in socket.getpeercert() format) matches hostname and is
+                '''Verify that cert (in socket.getpeercert() format) matches hostname.
-                valid at this time. CRLs and subjectAltName are not handled.
+                CRLs and subjectAltName are not handled.
                 Returns error message if any problems are found and None on success.
                 '''
                 if not cert:
                     return _('no certificate received')
-                notafter = cert.get('notAfter')
-                if notafter and time.time() > ssl.cert_time_to_seconds(notafter):
-                    return _('certificate expired %s') % notafter
-                notbefore = cert.get('notBefore')
-                if notbefore and time.time() < ssl.cert_time_to_seconds(notbefore):
-                    return _('certificate not valid before %s') % notbefore
                 dnsname = hostname.lower()
                 for s in cert.get('subject', []):
                     key, value = s[0]

tests/test-url.py

0 +1 -15

             #!/usr/bin/env python
             import sys
-            try:
-                import ssl
-            except ImportError:
-                sys.exit(80)
             def check(a, b):
                 if a != b:
             check(_verifycert(cert('*o'), 'foo'),
                   'certificate is for *o')
-            import time
+            check(_verifycert({'subject': ()},
-            lastyear = time.gmtime().tm_year - 1
-            nextyear = time.gmtime().tm_year + 1
-            check(_verifycert({'notAfter': 'May  9 00:00:00 %s GMT' % lastyear},
-                              'example.com'),
-                  'certificate expired May  9 00:00:00 %s GMT' % lastyear)
-            check(_verifycert({'notBefore': 'May  9 00:00:00 %s GMT' % nextyear},
-                              'example.com'),
-                  'certificate not valid before May  9 00:00:00 %s GMT' % nextyear)
-            check(_verifycert({'notAfter': 'Sep 29 15:29:48 %s GMT' % nextyear,
-                               'subject': ()},
                               'example.com'),
                   'no commonName found in certificate')
             check(_verifycert(None, 'example.com'),

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages