Show More
@@ -15,16 +15,40 b' try:' | |||
|
15 | 15 | import ssl |
|
16 | 16 | CERT_REQUIRED = ssl.CERT_REQUIRED |
|
17 | 17 | PROTOCOL_TLSv1 = ssl.PROTOCOL_TLSv1 |
|
18 | def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, | |
|
19 | cert_reqs=ssl.CERT_NONE, ca_certs=None): | |
|
20 | sslsocket = ssl.wrap_socket(sock, keyfile, certfile, | |
|
21 | cert_reqs=cert_reqs, ca_certs=ca_certs, | |
|
22 |
|
|
|
23 | # check if wrap_socket failed silently because socket had been closed | |
|
24 | # - see http://bugs.python.org/issue13721 | |
|
25 | if not sslsocket.cipher(): | |
|
26 | raise util.Abort(_('ssl connection failed')) | |
|
27 | return sslsocket | |
|
18 | try: | |
|
19 | ssl_context = ssl.SSLContext | |
|
20 | ||
|
21 | def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, | |
|
22 | cert_reqs=ssl.CERT_NONE, ca_certs=None, | |
|
23 | serverhostname=None): | |
|
24 | sslcontext = ssl.SSLContext(ssl_version) | |
|
25 | if certfile is not None: | |
|
26 | sslcontext.load_cert_chain(certfile, keyfile) | |
|
27 | sslcontext.verify_mode = cert_reqs | |
|
28 | if ca_certs is not None: | |
|
29 | sslcontext.load_verify_locations(cafile=ca_certs) | |
|
30 | ||
|
31 | sslsocket = sslcontext.wrap_socket(sock, | |
|
32 | server_hostname=serverhostname) | |
|
33 | # check if wrap_socket failed silently because socket had been | |
|
34 | # closed | |
|
35 | # - see http://bugs.python.org/issue13721 | |
|
36 | if not sslsocket.cipher(): | |
|
37 | raise util.Abort(_('ssl connection failed')) | |
|
38 | return sslsocket | |
|
39 | except AttributeError: | |
|
40 | def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, | |
|
41 | cert_reqs=ssl.CERT_NONE, ca_certs=None, | |
|
42 | serverhostname=None): | |
|
43 | sslsocket = ssl.wrap_socket(sock, keyfile, certfile, | |
|
44 | cert_reqs=cert_reqs, ca_certs=ca_certs, | |
|
45 | ssl_version=ssl_version) | |
|
46 | # check if wrap_socket failed silently because socket had been | |
|
47 | # closed | |
|
48 | # - see http://bugs.python.org/issue13721 | |
|
49 | if not sslsocket.cipher(): | |
|
50 | raise util.Abort(_('ssl connection failed')) | |
|
51 | return sslsocket | |
|
28 | 52 | except ImportError: |
|
29 | 53 | CERT_REQUIRED = 2 |
|
30 | 54 | |
@@ -33,7 +57,8 b' except ImportError:' | |||
|
33 | 57 | import socket, httplib |
|
34 | 58 | |
|
35 | 59 | def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, |
|
36 |
cert_reqs=CERT_REQUIRED, ca_certs=None |
|
|
60 | cert_reqs=CERT_REQUIRED, ca_certs=None, | |
|
61 | serverhostname=None): | |
|
37 | 62 | if not util.safehasattr(socket, 'ssl'): |
|
38 | 63 | raise util.Abort(_('Python SSL support not found')) |
|
39 | 64 | if ca_certs: |
@@ -185,7 +185,8 b' class httpconnection(keepalive.HTTPConne' | |||
|
185 | 185 | self.sock.connect((self.host, self.port)) |
|
186 | 186 | if _generic_proxytunnel(self): |
|
187 | 187 | # we do not support client X.509 certificates |
|
188 |
self.sock = sslutil.ssl_wrap_socket(self.sock, None, None |
|
|
188 | self.sock = sslutil.ssl_wrap_socket(self.sock, None, None, | |
|
189 | serverhostname=self.host) | |
|
189 | 190 | else: |
|
190 | 191 | keepalive.HTTPConnection.connect(self) |
|
191 | 192 | |
@@ -341,7 +342,7 b' if has_https:' | |||
|
341 | 342 | _generic_proxytunnel(self) |
|
342 | 343 | host = self.realhostport.rsplit(':', 1)[0] |
|
343 | 344 | self.sock = sslutil.ssl_wrap_socket( |
|
344 | self.sock, self.key_file, self.cert_file, | |
|
345 | self.sock, self.key_file, self.cert_file, serverhostname=host, | |
|
345 | 346 | **sslutil.sslkwargs(self.ui, host)) |
|
346 | 347 | sslutil.validator(self.ui, host)(self.sock) |
|
347 | 348 |
General Comments 0
You need to be logged in to leave comments.
Login now