##// END OF EJS Templates
merge with stable
Matt Mackall -
r29459:fd93b15b merge default
parent child Browse files
Show More
@@ -128,3 +128,4 b' f85de28eae32e7d3064b1a1321309071bbaaa069'
128 128 a56296f55a5e1038ea5016dace2076b693c28a56 0 iQIVAwUAVyZarCBXgaxoKi1yAQL87g/8D7whM3e08HVGDHHEkVUgqLIfueVy1mx0AkRvelmZmwaocFNGpZTd3AjSwy6qXbRNZFXrWU85JJvQCi3PSo/8bK43kwqLJ4lv+Hv2zVTvz30vbLWTSndH3oVRu38lIA7b5K9J4y50pMCwjKLG9iyp+aQG4RBz76fJMlhXy0gu38A8JZVKEeAnQCbtzxKXBzsC8k0/ku/bEQEoo9D4AAGlVTbl5AsHMp3Z6NWu7kEHAX/52/VKU2I0LxYqRxoL1tjTVGkAQfkOHz1gOhLXUgGSYmA9Fb265AYj9cnGWCfyNonlE0Rrk2kAsrjBTGiLyb8WvK/TZmRo4ZpNukzenS9UuAOKxA22Kf9+oN9kKBu1HnwqusYDH9pto1WInCZKV1al7DMBXbGFcnyTXk2xuiTGhVRG5LzCO2QMByBLXiYl77WqqJnzxK3v5lAc/immJl5qa3ATUlTnVBjAs+6cbsbCoY6sjXCT0ClndA9+iZZ1TjPnmLrSeFh5AoE8WHmnFV6oqGN4caX6wiIW5vO+x5Q2ruSsDrwXosXIYzm+0KYKRq9O+MaTwR44Dvq3/RyeIu/cif/Nc7B8bR5Kf7OiRf2T5u97MYAomwGcQfXqgUfm6y7D3Yg+IdAdAJKitxhRPsqqdxIuteXMvOvwukXNDiWP1zsKoYLI37EcwzvbGLUlZvg=
129 129 aaabed77791a75968a12b8c43ad263631a23ee81 0 iQIVAwUAVzpH4CBXgaxoKi1yAQLm5A/9GUYv9CeIepjcdWSBAtNhCBJcqgk2cBcV0XaeQomfxqYWfbW2fze6eE+TrXPKTX1ajycgqquMyo3asQolhHXwasv8+5CQxowjGfyVg7N/kyyjgmJljI+rCi74VfnsEhvG/J4GNr8JLVQmSICfALqQjw7XN8doKthYhwOfIY2vY419613v4oeBQXSsItKC/tfKw9lYvlk4qJKDffJQFyAekgv43ovWqHNkl4LaR6ubtjOsxCnxHfr7OtpX3muM9MLT/obBax5I3EsmiDTQBOjbvI6TcLczs5tVCnTa1opQsPUcEmdA4WpUEiTnLl9lk9le/BIImfYfEP33oVYmubRlKhJYnUiu89ao9L+48FBoqCY88HqbjQI1GO6icfRJN/+NLVeE9wubltbWFETH6e2Q+Ex4+lkul1tQMLPcPt10suMHnEo3/FcOTPt6/DKeMpsYgckHSJq5KzTg632xifyySmb9qkpdGGpY9lRal6FHw3rAhRBqucMgxso4BwC51h04RImtCUQPoA3wpb4BvCHba/thpsUFnHefOvsu3ei4JyHXZK84LPwOj31PcucNFdGDTW6jvKrF1vVUIVS9uMJkJXPu0V4i/oEQSUKifJZivROlpvj1eHy3KeMtjq2kjGyXY2KdzxpT8wX/oYJhCtm1XWMui5f24XBjE6xOcjjm8k4=
130 130 a9764ab80e11bcf6a37255db7dd079011f767c6c 0 iQIVAwUAV09KHyBXgaxoKi1yAQJBWg/+OywRrqU+zvnL1tHJ95PgatsF7S4ZAHZFR098+oCjUDtKpvnm71o2TKiY4D5cckyD2KNwLWg/qW6V+5+2EYU0Y/ViwPVcngib/ZeJP+Nr44TK3YZMRmfFuUEEzA7sZ2r2Gm8eswv//W79I0hXJeFd/o6FgLnn7AbOjcOn3IhWdGAP6jUHv9zyJigQv6K9wgyvAnK1RQE+2CgMcoyeqao/zs23IPXI6XUHOwfrQ7XrQ83+ciMqN7XNRx+TKsUQoYeUew4AanoDSMPAQ4kIudsP5tOgKeLRPmHX9zg6Y5S1nTpLRNdyAxuNuyZtkQxDYcG5Hft/SIx27tZUo3gywHL2U+9RYD2nvXqaWzT3sYB2sPBOiq7kjHRgvothkXemAFsbq2nKFrN0PRua9WG4l3ny0xYmDFPlJ/s0E9XhmQaqy+uXtVbA2XdLEvE6pQ0YWbHEKMniW26w6LJkx4IV6RX/7Kpq7byw/bW65tu/BzgISKau5FYLY4CqZJH7f8QBg3XWpzB91AR494tdsD+ugM45wrY/6awGQx9CY5SAzGqTyFuSFQxgB2rBurb01seZPf8nqG8V13UYXfX/O3/WMOBMr7U/RVqmAA0ZMYOyEwfVUmHqrFjkxpXX+JdNKRiA1GJp5sdRpCxSeXdQ/Ni6AAGZV2IyRb4G4Y++1vP4yPBalas=
131 26a5d605b8683a292bb89aea11f37a81b06ac016 0 iQIVAwUAV3bOsSBXgaxoKi1yAQLiDg//fxmcNpTUedsXqEwNdGFJsJ2E25OANgyv1saZHNfbYFWXIR8g4nyjNaj2SjtXF0wzOq5aHlMWXjMZPOT6pQBdTnOYDdgv+O8DGpgHs5x/f+uuxtpVkdxR6uRP0/ImlTEtDix8VQiN3nTu5A0N3C7E2y+D1JIIyTp6vyjzxvGQTY0MD/qgB55Dn6khx8c3phDtMkzmVEwL4ItJxVRVNw1m+2FOXHu++hJEruJdeMV0CKOV6LVbXHho+yt3jQDKhlIgJ65EPLKrf+yRalQtSWpu7y/vUMcEUde9XeQ5x05ebCiI4MkJ0ULQro/Bdx9vBHkAstUC7D+L5y45ZnhHjOwxz9c3GQMZQt1HuyORqbBhf9hvOkUQ2GhlDHc5U04nBe0VhEoCw9ra54n+AgUyqWr4CWimSW6pMTdquCzAAbcJWgdNMwDHrMalCYHhJksKFARKq3uSTR1Noz7sOCSIEQvOozawKSQfOwGxn/5bNepKh4uIRelC1uEDoqculqCLgAruzcMNIMndNVYaJ09IohJzA9jVApa+SZVPAeREg71lnS3d8jaWh1Lu5JFlAAKQeKGVJmNm40Y3HBjtHQDrI67TT59oDAhjo420Wf9VFCaj2k0weYBLWSeJhfUZ5x3PVpAHUvP/rnHPwNYyY0wVoQEvM/bnQdcpICmKhqcK+vKjDrM=
@@ -141,3 +141,4 b' f85de28eae32e7d3064b1a1321309071bbaaa069'
141 141 a56296f55a5e1038ea5016dace2076b693c28a56 3.8.1
142 142 aaabed77791a75968a12b8c43ad263631a23ee81 3.8.2
143 143 a9764ab80e11bcf6a37255db7dd079011f767c6c 3.8.3
144 26a5d605b8683a292bb89aea11f37a81b06ac016 3.8.4
@@ -22714,12 +22714,16 b' msgstr "reescreve ``http://server/foo-hg'
22714 22714
22715 22715 msgid ""
22716 22716 "Relative subrepository paths are first made absolute, and the\n"
22717 "rewrite rules are then applied on the full (absolute) path. The rules\n"
22718 "are applied in definition order."
22717 "rewrite rules are then applied on the full (absolute) path. If ``pattern``\n"
22718 "doesn't match the full path, an attempt is made to apply it on the\n"
22719 "relative path alone. The rules are applied in definition order."
22719 22720 msgstr ""
22720 22721 "Caminhos relativos para sub-repositΓ³rios sΓ£o primeiramente tornados\n"
22721 22722 "absolutos, e em seguida as regras de reescrita sΓ£o aplicadas no\n"
22722 "caminho absoluto completo. As regras são aplicadas na ordem de definição."
22723 "caminho absoluto completo.\n"
22724 "Se ``pattern`` nΓ£o coincidir com o caminho completo, Γ© feita uma\n"
22725 "tentativa para aplicΓ‘-lo no caminho relativo sozinho.\n"
22726 "As regras são aplicadas na ordem de definição."
22723 22727
22724 22728 msgid ""
22725 22729 "``templatealias``\n"
@@ -25625,6 +25629,163 b' msgstr ""'
25625 25629 " Veja 'Parent, working directory'.\n"
25626 25630
25627 25631 msgid ""
25632 "========\n"
25633 " hg-ssh\n"
25634 "========"
25635 msgstr ""
25636 "========\n"
25637 " hg-ssh\n"
25638 "========"
25639
25640 msgid ""
25641 "----------------------------------------\n"
25642 "restricted ssh login shell for Mercurial\n"
25643 "----------------------------------------"
25644 msgstr ""
25645 "--------------------------------------------\n"
25646 "shell de login ssh restrito para o Mercurial--------------------------------------------"
25647
25648 msgid ""
25649 ":Author: Thomas Arendsen Hein <thomas@intevation.de>\n"
25650 ":Organization: Mercurial\n"
25651 ":Manual section: 8\n"
25652 ":Manual group: Mercurial Manual"
25653 msgstr ""
25654 ":Author: Thomas Arendsen Hein <thomas@intevation.de>\n"
25655 ":Organization: Mercurial\n"
25656 ":Manual section: 8\n"
25657 ":Manual group: Mercurial Manual"
25658
25659 #. do not translate: .. contents::
25660 msgid ""
25661 ".. contents::\n"
25662 " :backlinks: top\n"
25663 " :class: htmlonly\n"
25664 " :depth: 1"
25665 msgstr ""
25666 ".. contents::\n"
25667 " :backlinks: top\n"
25668 " :class: htmlonly\n"
25669 " :depth: 1"
25670
25671 msgid ""
25672 "Synopsis\n"
25673 "\"\"\"\"\"\"\"\"\n"
25674 "**hg-ssh** repositories..."
25675 msgstr ""
25676 "Sinopse\n"
25677 "\"\"\"\"\"\"\"\n"
25678 "**hg-ssh** repositΓ³rios..."
25679
25680 msgid ""
25681 "Description\n"
25682 "\"\"\"\"\"\"\"\"\"\"\"\n"
25683 "**hg-ssh** is a wrapper for ssh access to a limited set of mercurial repos."
25684 msgstr ""
25685 "Descrição\n"
25686 "\"\"\"\"\"\"\"\"\"\n"
25687 "**hg-ssh** Γ© um wrapper para acesso ssh a um conjunto limitado de\n"
25688 "repositΓ³rios do Mercurial."
25689
25690 msgid ""
25691 "To be used in ~/.ssh/authorized_keys with the \"command\" option, see sshd(8):\n"
25692 "command=\"hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4\" ssh-dss ...\n"
25693 "(probably together with these other useful options:\n"
25694 "no-port-forwarding,no-X11-forwarding,no-agent-forwarding)"
25695 msgstr ""
25696 "Para ser usado em ~/.ssh/authorized_keys com a opção \"command\", veja sshd(8):\n"
25697 "command=\"hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4\" ssh-dss ...\n"
25698 "(provavelmente incluindo estas outras opçáes úteis:\n"
25699 "no-port-forwarding,no-X11-forwarding,no-agent-forwarding)"
25700
25701 msgid ""
25702 "This allows pull/push over ssh from/to the repositories given as arguments."
25703 msgstr ""
25704 "Isto possibilita pull/push atravΓ©s de ssh de/para repositΓ³rios passados como\n"
25705 "argumentos."
25706
25707 msgid ""
25708 "If all your repositories are subdirectories of a common directory, you can\n"
25709 "allow shorter paths with:\n"
25710 "command=\"cd path/to/my/repositories && hg-ssh repo1 subdir/repo2\""
25711 msgstr ""
25712 "Se os repositΓ³rios forem sub-diretΓ³rios de um diretΓ­rio comum, vocΓͺ pode\n"
25713 "permitir caminhos mais curtos com:\n"
25714 "command=\"cd caminho/para/repositΓ³rios && hg-ssh repo1 subdir/repo2\""
25715
25716 msgid ""
25717 "You can use pattern matching of your normal shell, e.g.:\n"
25718 "command=\"cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}\""
25719 msgstr ""
25720 "VocΓͺ pode usar a correspondΓͺncia de padrΓ΅es de seu shell, por exemplo:\n"
25721 "command=\"cd repos && hg-ssh user/thomas/* projetos/{mercurial,foo}\""
25722
25723 msgid ""
25724 "You can also add a --read-only flag to allow read-only access to a key, e.g.:\n"
25725 "command=\"hg-ssh --read-only repos/\\*\""
25726 msgstr ""
25727 "VocΓͺ tambΓ©m pode adicionar a opção --read-only para permitir acesso somente\n"
25728 "leitura a uma chave, por exemplo:\n"
25729 "command=\"hg-ssh --read-only repos/\\*\""
25730
25731 msgid ""
25732 "Bugs\n"
25733 "\"\"\"\"\n"
25734 "Probably lots, please post them to the mailing list (see Resources_\n"
25735 "below) when you find them."
25736 msgstr ""
25737 "Bugs\n"
25738 "\"\"\"\"\n"
25739 "Provavelmente vΓ‘rios, por favor informe-os na lista de discussΓ£o\n"
25740 "(veja a seção Recursos_ abaixo)."
25741
25742 msgid ""
25743 "See Also\n"
25744 "\"\"\"\"\"\"\"\"\n"
25745 "|hg(1)|_"
25746 msgstr ""
25747 "Veja TambΓ©m\n"
25748 "\"\"\"\"\"\"\"\"\"\"\"\n"
25749 "|hg(1)|_"
25750
25751 msgid ""
25752 "Author\n"
25753 "\"\"\"\"\"\"\n"
25754 "Written by Matt Mackall <mpm@selenic.com>"
25755 msgstr ""
25756 "Autor\n"
25757 "\"\"\"\"\"\n"
25758 "Escrito por Matt Mackall <mpm@selenic.com>"
25759
25760 msgid ""
25761 "Resources\n"
25762 "\"\"\"\"\"\"\"\"\"\n"
25763 "Main Web Site: https://mercurial-scm.org/"
25764 msgstr ""
25765 "Recursos\n"
25766 "\"\"\"\"\"\"\"\"\n"
25767 "PΓ‘gina Principal: https://mercurial-scm.org/"
25768
25769 msgid "Source code repository: http://selenic.com/hg"
25770 msgstr "RepositΓ³rio de cΓ³digo fonte: http://selenic.com/hg"
25771
25772 msgid "Mailing list: http://selenic.com/mailman/listinfo/mercurial"
25773 msgstr "Lista de discussΓ£o: http://selenic.com/mailman/listinfo/mercurial"
25774
25775 msgid ""
25776 "Copying\n"
25777 "\"\"\"\"\"\"\"\n"
25778 "Copyright (C) 2005-2016 Matt Mackall.\n"
25779 "Free use of this software is granted under the terms of the GNU General\n"
25780 "Public License version 2 or any later version."
25781 msgstr ""
25782 "CΓ³pia\n"
25783 "\"\"\"\"\"\n"
25784 "Copyright (C) 2005-2016 Matt Mackall.\n"
25785 "Garante-se livre uso deste software nos termos da licença\n"
25786 "GNU General Public License, versΓ£o 2 ou qualquer versΓ£o posterior."
25787
25788 msgid ""
25628 25789 "====\n"
25629 25790 " hg\n"
25630 25791 "===="
@@ -25653,18 +25814,6 b' msgstr ""'
25653 25814 ":Manual section: 1\n"
25654 25815 ":Manual group: Mercurial Manual"
25655 25816
25656 #. do not translate: .. contents::
25657 msgid ""
25658 ".. contents::\n"
25659 " :backlinks: top\n"
25660 " :class: htmlonly\n"
25661 " :depth: 1"
25662 msgstr ""
25663 ".. contents::\n"
25664 " :backlinks: top\n"
25665 " :class: htmlonly\n"
25666 " :depth: 1"
25667
25668 25817 msgid ""
25669 25818 "\n"
25670 25819 "Synopsis\n"
@@ -25829,17 +25978,6 b' msgstr ""'
25829 25978 "rastreado pelo Mercurial, ele serΓ‘ sobrescrito."
25830 25979
25831 25980 msgid ""
25832 "Bugs\n"
25833 "\"\"\"\"\n"
25834 "Probably lots, please post them to the mailing list (see Resources_\n"
25835 "below) when you find them."
25836 msgstr ""
25837 "Bugs\n"
25838 "\"\"\"\"\n"
25839 "Provavelmente vΓ‘rios, por favor informe-os na lista de discussΓ£o\n"
25840 "(veja a seção Recursos_ abaixo)."
25841
25842 msgid ""
25843 25981 "See Also\n"
25844 25982 "\"\"\"\"\"\"\"\"\n"
25845 25983 "|hgignore(5)|_, |hgrc(5)|_"
@@ -25849,43 +25987,6 b' msgstr ""'
25849 25987 "|hgignore(5)|_, |hgrc(5)|_"
25850 25988
25851 25989 msgid ""
25852 "Author\n"
25853 "\"\"\"\"\"\"\n"
25854 "Written by Matt Mackall <mpm@selenic.com>"
25855 msgstr ""
25856 "Autor\n"
25857 "\"\"\"\"\"\n"
25858 "Escrito por Matt Mackall <mpm@selenic.com>"
25859
25860 msgid ""
25861 "Resources\n"
25862 "\"\"\"\"\"\"\"\"\"\n"
25863 "Main Web Site: https://mercurial-scm.org/"
25864 msgstr ""
25865 "Recursos\n"
25866 "\"\"\"\"\"\"\"\"\n"
25867 "PΓ‘gina Principal: https://mercurial-scm.org/"
25868
25869 msgid "Source code repository: http://selenic.com/hg"
25870 msgstr "RepositΓ³rio de cΓ³digo fonte: http://selenic.com/hg"
25871
25872 msgid "Mailing list: http://selenic.com/mailman/listinfo/mercurial"
25873 msgstr "Lista de discussΓ£o: http://selenic.com/mailman/listinfo/mercurial"
25874
25875 msgid ""
25876 "Copying\n"
25877 "\"\"\"\"\"\"\"\n"
25878 "Copyright (C) 2005-2016 Matt Mackall.\n"
25879 "Free use of this software is granted under the terms of the GNU General\n"
25880 "Public License version 2 or any later version."
25881 msgstr ""
25882 "CΓ³pia\n"
25883 "\"\"\"\"\"\n"
25884 "Copyright (C) 2005-2016 Matt Mackall.\n"
25885 "Garante-se livre uso deste software nos termos da licença\n"
25886 "GNU General Public License, versΓ£o 2 ou qualquer versΓ£o posterior."
25887
25888 msgid ""
25889 25990 "==========\n"
25890 25991 " hgignore\n"
25891 25992 "=========="
@@ -31696,17 +31797,6 b' msgstr ""'
31696 31797 msgid ".hgtags merged successfully\n"
31697 31798 msgstr ".hgtags mesclado com successo\n"
31698 31799
31699 #, python-format
31700 msgid "%s, line %s: %s\n"
31701 msgstr "%s, linha %s: %s\n"
31702
31703 msgid "cannot parse entry"
31704 msgstr "nΓ£o Γ© possΓ­vel decodificar entrada"
31705
31706 #, python-format
31707 msgid "node '%s' is not well formed"
31708 msgstr "nΓ³ '%s' nΓ£o Γ© bem formado"
31709
31710 31800 msgid ""
31711 31801 ":addbreaks: Any text. Add an XHTML \"<br />\" tag before the end of\n"
31712 31802 " every line except the last."
@@ -33004,6 +33094,15 b' msgstr "procurar mudan\xc3\xa7as remotas"'
33004 33094 msgid "number of cpus must be an integer"
33005 33095 msgstr "o nΓΊmero de cpus deve ser um inteiro"
33006 33096
33097 #~ msgid "%s, line %s: %s\n"
33098 #~ msgstr "%s, linha %s: %s\n"
33099
33100 #~ msgid "cannot parse entry"
33101 #~ msgstr "nΓ£o Γ© possΓ­vel decodificar entrada"
33102
33103 #~ msgid "node '%s' is not well formed"
33104 #~ msgstr "nΓ³ '%s' nΓ£o Γ© bem formado"
33105
33007 33106 #~ msgid ""
33008 33107 #~ " [blackbox]\n"
33009 33108 #~ " track = *"
@@ -1559,8 +1559,9 b' rewrite it. Groups can be matched in ``p'
1559 1559 rewrites ``http://server/foo-hg/`` into ``http://hg.server/foo/``.
1560 1560
1561 1561 Relative subrepository paths are first made absolute, and the
1562 rewrite rules are then applied on the full (absolute) path. The rules
1563 are applied in definition order.
1562 rewrite rules are then applied on the full (absolute) path. If ``pattern``
1563 doesn't match the full path, an attempt is made to apply it on the
1564 relative path alone. The rules are applied in definition order.
1564 1565
1565 1566 ``templatealias``
1566 1567 -----------------
@@ -11,6 +11,7 b' from __future__ import absolute_import'
11 11
12 12 import hashlib
13 13 import os
14 import re
14 15 import ssl
15 16 import sys
16 17
@@ -315,6 +316,57 b' def wrapsocket(sock, keyfile, certfile, '
315 316
316 317 return sslsocket
317 318
319 class wildcarderror(Exception):
320 """Represents an error parsing wildcards in DNS name."""
321
322 def _dnsnamematch(dn, hostname, maxwildcards=1):
323 """Match DNS names according RFC 6125 section 6.4.3.
324
325 This code is effectively copied from CPython's ssl._dnsname_match.
326
327 Returns a bool indicating whether the expected hostname matches
328 the value in ``dn``.
329 """
330 pats = []
331 if not dn:
332 return False
333
334 pieces = dn.split(r'.')
335 leftmost = pieces[0]
336 remainder = pieces[1:]
337 wildcards = leftmost.count('*')
338 if wildcards > maxwildcards:
339 raise wildcarderror(
340 _('too many wildcards in certificate DNS name: %s') % dn)
341
342 # speed up common case w/o wildcards
343 if not wildcards:
344 return dn.lower() == hostname.lower()
345
346 # RFC 6125, section 6.4.3, subitem 1.
347 # The client SHOULD NOT attempt to match a presented identifier in which
348 # the wildcard character comprises a label other than the left-most label.
349 if leftmost == '*':
350 # When '*' is a fragment by itself, it matches a non-empty dotless
351 # fragment.
352 pats.append('[^.]+')
353 elif leftmost.startswith('xn--') or hostname.startswith('xn--'):
354 # RFC 6125, section 6.4.3, subitem 3.
355 # The client SHOULD NOT attempt to match a presented identifier
356 # where the wildcard character is embedded within an A-label or
357 # U-label of an internationalized domain name.
358 pats.append(re.escape(leftmost))
359 else:
360 # Otherwise, '*' matches any dotless string, e.g. www*
361 pats.append(re.escape(leftmost).replace(r'\*', '[^.]*'))
362
363 # add the remaining fragments, ignore any wildcards
364 for frag in remainder:
365 pats.append(re.escape(frag))
366
367 pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE)
368 return pat.match(hostname) is not None
369
318 370 def _verifycert(cert, hostname):
319 371 '''Verify that cert (in socket.getpeercert() format) matches hostname.
320 372 CRLs is not handled.
@@ -323,33 +375,46 b' def _verifycert(cert, hostname):'
323 375 '''
324 376 if not cert:
325 377 return _('no certificate received')
326 dnsname = hostname.lower()
327 def matchdnsname(certname):
328 return (certname == dnsname or
329 '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1])
330 378
379 dnsnames = []
331 380 san = cert.get('subjectAltName', [])
332 if san:
333 certnames = [value.lower() for key, value in san if key == 'DNS']
334 for name in certnames:
335 if matchdnsname(name):
336 return None
337 if certnames:
338 return _('certificate is for %s') % ', '.join(certnames)
381 for key, value in san:
382 if key == 'DNS':
383 try:
384 if _dnsnamematch(value, hostname):
385 return
386 except wildcarderror as e:
387 return e.message
388
389 dnsnames.append(value)
339 390
340 # subject is only checked when subjectAltName is empty
341 for s in cert.get('subject', []):
342 key, value = s[0]
343 if key == 'commonName':
344 try:
345 # 'subject' entries are unicode
346 certname = value.lower().encode('ascii')
347 except UnicodeEncodeError:
348 return _('IDN in certificate not supported')
349 if matchdnsname(certname):
350 return None
351 return _('certificate is for %s') % certname
352 return _('no commonName or subjectAltName found in certificate')
391 if not dnsnames:
392 # The subject is only checked when there is no DNS in subjectAltName.
393 for sub in cert.get('subject', []):
394 for key, value in sub:
395 # According to RFC 2818 the most specific Common Name must
396 # be used.
397 if key == 'commonName':
398 # 'subject' entries are unicide.
399 try:
400 value = value.encode('ascii')
401 except UnicodeEncodeError:
402 return _('IDN in certificate not supported')
403
404 try:
405 if _dnsnamematch(value, hostname):
406 return
407 except wildcarderror as e:
408 return e.message
409
410 dnsnames.append(value)
411
412 if len(dnsnames) > 1:
413 return _('certificate is for %s') % ', '.join(dnsnames)
414 elif len(dnsnames) == 1:
415 return _('certificate is for %s') % dnsnames[0]
416 else:
417 return _('no commonName or subjectAltName found in certificate')
353 418
354 419 def _plainapplepython():
355 420 """return true if this seems to be a pure Apple Python that
@@ -1,3 +1,4 b''
1 # coding=utf-8
1 2 from __future__ import absolute_import, print_function
2 3
3 4 import doctest
@@ -50,8 +51,7 b" check(_verifycert(san_cert, 'example.com"
50 51 # Avoid some pitfalls
51 52 check(_verifycert(cert('*.foo'), 'foo'),
52 53 'certificate is for *.foo')
53 check(_verifycert(cert('*o'), 'foo'),
54 'certificate is for *o')
54 check(_verifycert(cert('*o'), 'foo'), None)
55 55
56 56 check(_verifycert({'subject': ()},
57 57 'example.com'),
@@ -63,6 +63,177 b" check(_verifycert(None, 'example.com'),"
63 63 check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'),
64 64 'IDN in certificate not supported')
65 65
66 # The following tests are from CPython's test_ssl.py.
67 check(_verifycert(cert('example.com'), 'example.com'), None)
68 check(_verifycert(cert('example.com'), 'ExAmple.cOm'), None)
69 check(_verifycert(cert('example.com'), 'www.example.com'),
70 'certificate is for example.com')
71 check(_verifycert(cert('example.com'), '.example.com'),
72 'certificate is for example.com')
73 check(_verifycert(cert('example.com'), 'example.org'),
74 'certificate is for example.com')
75 check(_verifycert(cert('example.com'), 'exampleXcom'),
76 'certificate is for example.com')
77 check(_verifycert(cert('*.a.com'), 'foo.a.com'), None)
78 check(_verifycert(cert('*.a.com'), 'bar.foo.a.com'),
79 'certificate is for *.a.com')
80 check(_verifycert(cert('*.a.com'), 'a.com'),
81 'certificate is for *.a.com')
82 check(_verifycert(cert('*.a.com'), 'Xa.com'),
83 'certificate is for *.a.com')
84 check(_verifycert(cert('*.a.com'), '.a.com'),
85 'certificate is for *.a.com')
86
87 # only match one left-most wildcard
88 check(_verifycert(cert('f*.com'), 'foo.com'), None)
89 check(_verifycert(cert('f*.com'), 'f.com'), None)
90 check(_verifycert(cert('f*.com'), 'bar.com'),
91 'certificate is for f*.com')
92 check(_verifycert(cert('f*.com'), 'foo.a.com'),
93 'certificate is for f*.com')
94 check(_verifycert(cert('f*.com'), 'bar.foo.com'),
95 'certificate is for f*.com')
96
97 # NULL bytes are bad, CVE-2013-4073
98 check(_verifycert(cert('null.python.org\x00example.org'),
99 'null.python.org\x00example.org'), None)
100 check(_verifycert(cert('null.python.org\x00example.org'),
101 'example.org'),
102 'certificate is for null.python.org\x00example.org')
103 check(_verifycert(cert('null.python.org\x00example.org'),
104 'null.python.org'),
105 'certificate is for null.python.org\x00example.org')
106
107 # error cases with wildcards
108 check(_verifycert(cert('*.*.a.com'), 'bar.foo.a.com'),
109 'certificate is for *.*.a.com')
110 check(_verifycert(cert('*.*.a.com'), 'a.com'),
111 'certificate is for *.*.a.com')
112 check(_verifycert(cert('*.*.a.com'), 'Xa.com'),
113 'certificate is for *.*.a.com')
114 check(_verifycert(cert('*.*.a.com'), '.a.com'),
115 'certificate is for *.*.a.com')
116
117 check(_verifycert(cert('a.*.com'), 'a.foo.com'),
118 'certificate is for a.*.com')
119 check(_verifycert(cert('a.*.com'), 'a..com'),
120 'certificate is for a.*.com')
121 check(_verifycert(cert('a.*.com'), 'a.com'),
122 'certificate is for a.*.com')
123
124 # wildcard doesn't match IDNA prefix 'xn--'
125 idna = u'pΓΌthon.python.org'.encode('idna').decode('ascii')
126 check(_verifycert(cert(idna), idna), None)
127 check(_verifycert(cert('x*.python.org'), idna),
128 'certificate is for x*.python.org')
129 check(_verifycert(cert('xn--p*.python.org'), idna),
130 'certificate is for xn--p*.python.org')
131
132 # wildcard in first fragment and IDNA A-labels in sequent fragments
133 # are supported.
134 idna = u'www*.pythΓΆn.org'.encode('idna').decode('ascii')
135 check(_verifycert(cert(idna),
136 u'www.pythΓΆn.org'.encode('idna').decode('ascii')),
137 None)
138 check(_verifycert(cert(idna),
139 u'www1.pythΓΆn.org'.encode('idna').decode('ascii')),
140 None)
141 check(_verifycert(cert(idna),
142 u'ftp.pythΓΆn.org'.encode('idna').decode('ascii')),
143 'certificate is for www*.xn--pythn-mua.org')
144 check(_verifycert(cert(idna),
145 u'pythΓΆn.org'.encode('idna').decode('ascii')),
146 'certificate is for www*.xn--pythn-mua.org')
147
148 c = {
149 'notAfter': 'Jun 26 21:41:46 2011 GMT',
150 'subject': (((u'commonName', u'linuxfrz.org'),),),
151 'subjectAltName': (
152 ('DNS', 'linuxfr.org'),
153 ('DNS', 'linuxfr.com'),
154 ('othername', '<unsupported>'),
155 )
156 }
157 check(_verifycert(c, 'linuxfr.org'), None)
158 check(_verifycert(c, 'linuxfr.com'), None)
159 # Not a "DNS" entry
160 check(_verifycert(c, '<unsupported>'),
161 'certificate is for linuxfr.org, linuxfr.com')
162 # When there is a subjectAltName, commonName isn't used
163 check(_verifycert(c, 'linuxfrz.org'),
164 'certificate is for linuxfr.org, linuxfr.com')
165
166 # A pristine real-world example
167 c = {
168 'notAfter': 'Dec 18 23:59:59 2011 GMT',
169 'subject': (
170 ((u'countryName', u'US'),),
171 ((u'stateOrProvinceName', u'California'),),
172 ((u'localityName', u'Mountain View'),),
173 ((u'organizationName', u'Google Inc'),),
174 ((u'commonName', u'mail.google.com'),),
175 ),
176 }
177 check(_verifycert(c, 'mail.google.com'), None)
178 check(_verifycert(c, 'gmail.com'), 'certificate is for mail.google.com')
179
180 # Only commonName is considered
181 check(_verifycert(c, 'California'), 'certificate is for mail.google.com')
182
183 # Neither commonName nor subjectAltName
184 c = {
185 'notAfter': 'Dec 18 23:59:59 2011 GMT',
186 'subject': (
187 ((u'countryName', u'US'),),
188 ((u'stateOrProvinceName', u'California'),),
189 ((u'localityName', u'Mountain View'),),
190 ((u'organizationName', u'Google Inc'),),
191 ),
192 }
193 check(_verifycert(c, 'mail.google.com'),
194 'no commonName or subjectAltName found in certificate')
195
196 # No DNS entry in subjectAltName but a commonName
197 c = {
198 'notAfter': 'Dec 18 23:59:59 2099 GMT',
199 'subject': (
200 ((u'countryName', u'US'),),
201 ((u'stateOrProvinceName', u'California'),),
202 ((u'localityName', u'Mountain View'),),
203 ((u'commonName', u'mail.google.com'),),
204 ),
205 'subjectAltName': (('othername', 'blabla'),),
206 }
207 check(_verifycert(c, 'mail.google.com'), None)
208
209 # No DNS entry subjectAltName and no commonName
210 c = {
211 'notAfter': 'Dec 18 23:59:59 2099 GMT',
212 'subject': (
213 ((u'countryName', u'US'),),
214 ((u'stateOrProvinceName', u'California'),),
215 ((u'localityName', u'Mountain View'),),
216 ((u'organizationName', u'Google Inc'),),
217 ),
218 'subjectAltName': (('othername', 'blabla'),),
219 }
220 check(_verifycert(c, 'google.com'),
221 'no commonName or subjectAltName found in certificate')
222
223 # Empty cert / no cert
224 check(_verifycert(None, 'example.com'), 'no certificate received')
225 check(_verifycert({}, 'example.com'), 'no certificate received')
226
227 # avoid denials of service by refusing more than one
228 # wildcard per fragment.
229 check(_verifycert({'subject': (((u'commonName', u'a*b.com'),),)},
230 'axxb.com'), None)
231 check(_verifycert({'subject': (((u'commonName', u'a*b.co*'),),)},
232 'axxb.com'), 'certificate is for a*b.co*')
233 check(_verifycert({'subject': (((u'commonName', u'a*b*.com'),),)},
234 'axxbxxc.com'),
235 'too many wildcards in certificate DNS name: a*b*.com')
236
66 237 def test_url():
67 238 """
68 239 >>> from mercurial.util import url
General Comments 0
You need to be logged in to leave comments. Login now