##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

https: support tls sni (server name indication) for https urls (issue3090)...
Alex Orange -
r23834:bf07c19b default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -15,16 +15,40 b' try:'
15 import ssl
15 import ssl
16 CERT_REQUIRED = ssl.CERT_REQUIRED
16 CERT_REQUIRED = ssl.CERT_REQUIRED
17 PROTOCOL_TLSv1 = ssl.PROTOCOL_TLSv1
17 PROTOCOL_TLSv1 = ssl.PROTOCOL_TLSv1
18 def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
18 try:
19 cert_reqs=ssl.CERT_NONE, ca_certs=None):
19 ssl_context = ssl.SSLContext
20 sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
20
21 cert_reqs=cert_reqs, ca_certs=ca_certs,
21 def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
22 ssl_version=ssl_version)
22 cert_reqs=ssl.CERT_NONE, ca_certs=None,
23 # check if wrap_socket failed silently because socket had been closed
23 serverhostname=None):
24 # - see http://bugs.python.org/issue13721
24 sslcontext = ssl.SSLContext(ssl_version)
25 if not sslsocket.cipher():
25 if certfile is not None:
26 raise util.Abort(_('ssl connection failed'))
26 sslcontext.load_cert_chain(certfile, keyfile)
27 return sslsocket
27 sslcontext.verify_mode = cert_reqs
28 if ca_certs is not None:
29 sslcontext.load_verify_locations(cafile=ca_certs)
30
31 sslsocket = sslcontext.wrap_socket(sock,
32 server_hostname=serverhostname)
33 # check if wrap_socket failed silently because socket had been
34 # closed
35 # - see http://bugs.python.org/issue13721
36 if not sslsocket.cipher():
37 raise util.Abort(_('ssl connection failed'))
38 return sslsocket
39 except AttributeError:
40 def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
41 cert_reqs=ssl.CERT_NONE, ca_certs=None,
42 serverhostname=None):
43 sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
44 cert_reqs=cert_reqs, ca_certs=ca_certs,
45 ssl_version=ssl_version)
46 # check if wrap_socket failed silently because socket had been
47 # closed
48 # - see http://bugs.python.org/issue13721
49 if not sslsocket.cipher():
50 raise util.Abort(_('ssl connection failed'))
51 return sslsocket
28 except ImportError:
52 except ImportError:
29 CERT_REQUIRED = 2
53 CERT_REQUIRED = 2
30
54
@@ -33,7 +57,8 b' except ImportError:'
33 import socket, httplib
57 import socket, httplib
34
58
35 def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
59 def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
36 cert_reqs=CERT_REQUIRED, ca_certs=None):
60 cert_reqs=CERT_REQUIRED, ca_certs=None,
61 serverhostname=None):
37 if not util.safehasattr(socket, 'ssl'):
62 if not util.safehasattr(socket, 'ssl'):
38 raise util.Abort(_('Python SSL support not found'))
63 raise util.Abort(_('Python SSL support not found'))
39 if ca_certs:
64 if ca_certs:
Show file before | Show file after | Hide comments
@@ -185,7 +185,8 b' class httpconnection(keepalive.HTTPConne'
185 self.sock.connect((self.host, self.port))
185 self.sock.connect((self.host, self.port))
186 if _generic_proxytunnel(self):
186 if _generic_proxytunnel(self):
187 # we do not support client X.509 certificates
187 # we do not support client X.509 certificates
188 self.sock = sslutil.ssl_wrap_socket(self.sock, None, None)
188 self.sock = sslutil.ssl_wrap_socket(self.sock, None, None,
189 serverhostname=self.host)
189 else:
190 else:
190 keepalive.HTTPConnection.connect(self)
191 keepalive.HTTPConnection.connect(self)
191
192
@@ -341,7 +342,7 b' if has_https:'
341 _generic_proxytunnel(self)
342 _generic_proxytunnel(self)
342 host = self.realhostport.rsplit(':', 1)[0]
343 host = self.realhostport.rsplit(':', 1)[0]
343 self.sock = sslutil.ssl_wrap_socket(
344 self.sock = sslutil.ssl_wrap_socket(
344 self.sock, self.key_file, self.cert_file,
345 self.sock, self.key_file, self.cert_file, serverhostname=host,
345 **sslutil.sslkwargs(self.ui, host))
346 **sslutil.sslkwargs(self.ui, host))
346 sslutil.validator(self.ui, host)(self.sock)
347 sslutil.validator(self.ui, host)(self.sock)
347
348
General Comments 0
You need to be logged in to leave comments. Login now