Show More
@@ -19,10 +19,20 b' from . import (' | |||
|
19 | 19 | util, |
|
20 | 20 | ) |
|
21 | 21 | |
|
22 | # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added | |
|
23 | # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are | |
|
24 | # all exposed via the "ssl" module. | |
|
25 | # | |
|
26 | # Depending on the version of Python being used, SSL/TLS support is either | |
|
27 | # modern/secure or legacy/insecure. Many operations in this module have | |
|
28 | # separate code paths depending on support in Python. | |
|
29 | ||
|
22 | 30 | hassni = getattr(ssl, 'HAS_SNI', False) |
|
23 | 31 | |
|
24 | 32 | _canloaddefaultcerts = False |
|
25 | 33 | try: |
|
34 | # ssl.SSLContext was added in 2.7.9 and presence indicates modern | |
|
35 | # SSL/TLS features are available. | |
|
26 | 36 | ssl_context = ssl.SSLContext |
|
27 | 37 | _canloaddefaultcerts = util.safehasattr(ssl_context, 'load_default_certs') |
|
28 | 38 | |
@@ -58,6 +68,8 b' try:' | |||
|
58 | 68 | raise error.Abort(_('ssl connection failed')) |
|
59 | 69 | return sslsocket |
|
60 | 70 | except AttributeError: |
|
71 | # We don't have a modern version of the "ssl" module and are running | |
|
72 | # Python <2.7.9. | |
|
61 | 73 | def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE, |
|
62 | 74 | ca_certs=None, serverhostname=None): |
|
63 | 75 | sslsocket = ssl.wrap_socket(sock, keyfile, certfile, |
General Comments 0
You need to be logged in to leave comments.
Login now