##// END OF EJS Templates
hgweb: use sslutil.wrapserversocket()...
hgweb: use sslutil.wrapserversocket() This patch transitions the built-in HTTPS server to use sslutil for creating the server socket. As part of this transition, we implement developer-only config options to control CA loading and whether to require client certificates. This eliminates the need for the custom extension in test-https.t to define these. There is a slight change in behavior with regards to protocol selection. Before, we would always use the TLS 1.0 constant to define the protocol version. This would *only* use TLS 1.0. sslutil defaults to TLS 1.0+. So this patch improves the security of `hg serve` out of the box by allowing it to use TLS 1.1 and 1.2 (if available).

File last commit:

r29332:2bb0ddd8 default
r29555:121d1181 default
Show More
dummysmtpd.py
81 lines | 2.3 KiB | text/x-python | PythonLexer
#!/usr/bin/env python
"""dummy SMTP server for use in tests"""
from __future__ import absolute_import
import asyncore
import optparse
import smtpd
import ssl
import sys
from mercurial import (
cmdutil,
)
def log(msg):
sys.stdout.write(msg)
sys.stdout.flush()
class dummysmtpserver(smtpd.SMTPServer):
def __init__(self, localaddr):
smtpd.SMTPServer.__init__(self, localaddr, remoteaddr=None)
def process_message(self, peer, mailfrom, rcpttos, data):
log('%s from=%s to=%s\n' % (peer[0], mailfrom, ', '.join(rcpttos)))
class dummysmtpsecureserver(dummysmtpserver):
def __init__(self, localaddr, certfile):
dummysmtpserver.__init__(self, localaddr)
self._certfile = certfile
def handle_accept(self):
pair = self.accept()
if not pair:
return
conn, addr = pair
try:
# wrap_socket() would block, but we don't care
conn = ssl.wrap_socket(conn, server_side=True,
certfile=self._certfile,
ssl_version=ssl.PROTOCOL_TLSv1)
except ssl.SSLError:
log('%s ssl error\n' % addr[0])
conn.close()
return
smtpd.SMTPChannel(self, conn, addr)
def run():
try:
asyncore.loop()
except KeyboardInterrupt:
pass
def main():
op = optparse.OptionParser()
op.add_option('-d', '--daemon', action='store_true')
op.add_option('--daemon-postexec', action='append')
op.add_option('-p', '--port', type=int, default=8025)
op.add_option('-a', '--address', default='localhost')
op.add_option('--pid-file', metavar='FILE')
op.add_option('--tls', choices=['none', 'smtps'], default='none')
op.add_option('--certificate', metavar='FILE')
opts, args = op.parse_args()
if opts.tls == 'smtps' and not opts.certificate:
op.error('--certificate must be specified')
addr = (opts.address, opts.port)
def init():
if opts.tls == 'none':
dummysmtpserver(addr)
else:
dummysmtpsecureserver(addr, opts.certificate)
log('listening at %s:%d\n' % addr)
cmdutil.service(vars(opts), initfn=init, runfn=run,
runargs=[sys.executable, __file__] + sys.argv[1:])
if __name__ == '__main__':
main()