Show More
@@ -15,12 +15,36 b' try:' | |||||
15 | import ssl |
|
15 | import ssl | |
16 | CERT_REQUIRED = ssl.CERT_REQUIRED |
|
16 | CERT_REQUIRED = ssl.CERT_REQUIRED | |
17 | PROTOCOL_TLSv1 = ssl.PROTOCOL_TLSv1 |
|
17 | PROTOCOL_TLSv1 = ssl.PROTOCOL_TLSv1 | |
|
18 | try: | |||
|
19 | ssl_context = ssl.SSLContext | |||
|
20 | ||||
18 | def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, |
|
21 | def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, | |
19 |
cert_reqs=ssl.CERT_NONE, ca_certs=None |
|
22 | cert_reqs=ssl.CERT_NONE, ca_certs=None, | |
|
23 | serverhostname=None): | |||
|
24 | sslcontext = ssl.SSLContext(ssl_version) | |||
|
25 | if certfile is not None: | |||
|
26 | sslcontext.load_cert_chain(certfile, keyfile) | |||
|
27 | sslcontext.verify_mode = cert_reqs | |||
|
28 | if ca_certs is not None: | |||
|
29 | sslcontext.load_verify_locations(cafile=ca_certs) | |||
|
30 | ||||
|
31 | sslsocket = sslcontext.wrap_socket(sock, | |||
|
32 | server_hostname=serverhostname) | |||
|
33 | # check if wrap_socket failed silently because socket had been | |||
|
34 | # closed | |||
|
35 | # - see http://bugs.python.org/issue13721 | |||
|
36 | if not sslsocket.cipher(): | |||
|
37 | raise util.Abort(_('ssl connection failed')) | |||
|
38 | return sslsocket | |||
|
39 | except AttributeError: | |||
|
40 | def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, | |||
|
41 | cert_reqs=ssl.CERT_NONE, ca_certs=None, | |||
|
42 | serverhostname=None): | |||
20 | sslsocket = ssl.wrap_socket(sock, keyfile, certfile, |
|
43 | sslsocket = ssl.wrap_socket(sock, keyfile, certfile, | |
21 | cert_reqs=cert_reqs, ca_certs=ca_certs, |
|
44 | cert_reqs=cert_reqs, ca_certs=ca_certs, | |
22 | ssl_version=ssl_version) |
|
45 | ssl_version=ssl_version) | |
23 |
# check if wrap_socket failed silently because socket had been |
|
46 | # check if wrap_socket failed silently because socket had been | |
|
47 | # closed | |||
24 | # - see http://bugs.python.org/issue13721 |
|
48 | # - see http://bugs.python.org/issue13721 | |
25 | if not sslsocket.cipher(): |
|
49 | if not sslsocket.cipher(): | |
26 | raise util.Abort(_('ssl connection failed')) |
|
50 | raise util.Abort(_('ssl connection failed')) | |
@@ -33,7 +57,8 b' except ImportError:' | |||||
33 | import socket, httplib |
|
57 | import socket, httplib | |
34 |
|
58 | |||
35 | def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, |
|
59 | def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, | |
36 |
cert_reqs=CERT_REQUIRED, ca_certs=None |
|
60 | cert_reqs=CERT_REQUIRED, ca_certs=None, | |
|
61 | serverhostname=None): | |||
37 | if not util.safehasattr(socket, 'ssl'): |
|
62 | if not util.safehasattr(socket, 'ssl'): | |
38 | raise util.Abort(_('Python SSL support not found')) |
|
63 | raise util.Abort(_('Python SSL support not found')) | |
39 | if ca_certs: |
|
64 | if ca_certs: |
@@ -185,7 +185,8 b' class httpconnection(keepalive.HTTPConne' | |||||
185 | self.sock.connect((self.host, self.port)) |
|
185 | self.sock.connect((self.host, self.port)) | |
186 | if _generic_proxytunnel(self): |
|
186 | if _generic_proxytunnel(self): | |
187 | # we do not support client X.509 certificates |
|
187 | # we do not support client X.509 certificates | |
188 |
self.sock = sslutil.ssl_wrap_socket(self.sock, None, None |
|
188 | self.sock = sslutil.ssl_wrap_socket(self.sock, None, None, | |
|
189 | serverhostname=self.host) | |||
189 | else: |
|
190 | else: | |
190 | keepalive.HTTPConnection.connect(self) |
|
191 | keepalive.HTTPConnection.connect(self) | |
191 |
|
192 | |||
@@ -341,7 +342,7 b' if has_https:' | |||||
341 | _generic_proxytunnel(self) |
|
342 | _generic_proxytunnel(self) | |
342 | host = self.realhostport.rsplit(':', 1)[0] |
|
343 | host = self.realhostport.rsplit(':', 1)[0] | |
343 | self.sock = sslutil.ssl_wrap_socket( |
|
344 | self.sock = sslutil.ssl_wrap_socket( | |
344 | self.sock, self.key_file, self.cert_file, |
|
345 | self.sock, self.key_file, self.cert_file, serverhostname=host, | |
345 | **sslutil.sslkwargs(self.ui, host)) |
|
346 | **sslutil.sslkwargs(self.ui, host)) | |
346 | sslutil.validator(self.ui, host)(self.sock) |
|
347 | sslutil.validator(self.ui, host)(self.sock) | |
347 |
|
348 |
General Comments 0
You need to be logged in to leave comments.
Login now