upstream/mercurial-mirror Files · mercurial/hgweb/protocol.py

sslutil: print a warning when using TLS 1.0 on legacy Python...

sslutil: print a warning when using TLS 1.0 on legacy Python Mercurial now requires TLS 1.1+ when TLS 1.1+ is supported by the client. Since we made the decision to require TLS 1.1+ when running with modern Python versions, it makes sense to do something for legacy Python versions that only support TLS 1.0. Feature parity would be to prevent TLS 1.0 connections out of the box and require a config option to enable them. However, this is extremely user hostile since Mercurial wouldn't talk to https:// by default in these installations! I can easily see how someone would do something foolish like use "--insecure" instead - and that would be worse than allowing TLS 1.0! This patch takes the compromise position of printing a warning when performing TLS 1.0 connections when running on old Python versions. While this warning is no more annoying than the CA certificate / fingerprint warnings in Mercurial 3.8, we provide a config option to disable the warning because to many people upgrading Python to make the warning go away is not an available recourse (unlike pinning fingerprints is for the CA warning). The warning appears as optional output in a lot of tests.

timeless - - Load All Authors

File last commit:

r28883:032c4c2f default


                r29561:1a782fab

default

Download file

             protocol.py
        
                    117 lines
            
             | 3.4 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / mercurial / hgweb / protocol.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      #

      # Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net>

      # Copyright 2005-2007 Matt Mackall <mpm@selenic.com>

      #

      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2 or any later version.

      from __future__ import absolute_import

      import cgi

      import zlib

      from .common import (

          HTTP_OK,

      )

      from .. import (

          util,

          wireproto,

      )

      stringio = util.stringio

      urlerr = util.urlerr

      urlreq = util.urlreq

      HGTYPE = 'application/mercurial-0.1'

      HGERRTYPE = 'application/hg-error'

      class webproto(wireproto.abstractserverproto):

          def __init__(self, req, ui):

              self.req = req

              self.response = ''

              self.ui = ui

          def getargs(self, args):

              knownargs = self._args()

              data = {}

              keys = args.split()

              for k in keys:

                  if k == '*':

                      star = {}

                      for key in knownargs.keys():

                          if key != 'cmd' and key not in keys:

                              star[key] = knownargs[key][0]

                      data['*'] = star

                  else:

                      data[k] = knownargs[k][0]

              return [data[k] for k in keys]

          def _args(self):

              args = self.req.form.copy()

              postlen = int(self.req.env.get('HTTP_X_HGARGS_POST', 0))

              if postlen:

                  args.update(cgi.parse_qs(

                      self.req.read(postlen), keep_blank_values=True))

                  return args

              chunks = []

              i = 1

              while True:

                  h = self.req.env.get('HTTP_X_HGARG_' + str(i))

                  if h is None:

                      break

                  chunks += [h]

                  i += 1

              args.update(cgi.parse_qs(''.join(chunks), keep_blank_values=True))

              return args

          def getfile(self, fp):

              length = int(self.req.env['CONTENT_LENGTH'])

              for s in util.filechunkiter(self.req, limit=length):

                  fp.write(s)

          def redirect(self):

              self.oldio = self.ui.fout, self.ui.ferr

              self.ui.ferr = self.ui.fout = stringio()

          def restore(self):

              val = self.ui.fout.getvalue()

              self.ui.ferr, self.ui.fout = self.oldio

              return val

          def groupchunks(self, cg):

              z = zlib.compressobj()

              while True:

                  chunk = cg.read(4096)

                  if not chunk:

                      break

                  yield z.compress(chunk)

              yield z.flush()

          def _client(self):

              return 'remote:%s:%s:%s' % (

                  self.req.env.get('wsgi.url_scheme') or 'http',

                  urlreq.quote(self.req.env.get('REMOTE_HOST', '')),

                  urlreq.quote(self.req.env.get('REMOTE_USER', '')))

      def iscmd(cmd):

          return cmd in wireproto.commands

      def call(repo, req, cmd):

          p = webproto(req, repo.ui)

          rsp = wireproto.dispatch(repo, p, cmd)

          if isinstance(rsp, str):

              req.respond(HTTP_OK, HGTYPE, body=rsp)

              return []

          elif isinstance(rsp, wireproto.streamres):

              req.respond(HTTP_OK, HGTYPE)

              return rsp.gen

          elif isinstance(rsp, wireproto.pushres):

              val = p.restore()

              rsp = '%d\n%s' % (rsp.res, val)

              req.respond(HTTP_OK, HGTYPE, body=rsp)

              return []

          elif isinstance(rsp, wireproto.pusherr):

              # drain the incoming bundle

              req.drain()

              p.restore()

              rsp = '0\n%s\n' % rsp.res

              req.respond(HTTP_OK, HGTYPE, body=rsp)

              return []

          elif isinstance(rsp, wireproto.ooberror):

              rsp = rsp.message

              req.respond(HTTP_OK, HGERRTYPE, body=rsp)

              return []

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				#
				# Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net>
				# Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
				#
				# This software may be used and distributed according to the terms of the
				# GNU General Public License version 2 or any later version.

				from __future__ import absolute_import

				import cgi
				import zlib

				from .common import (
				HTTP_OK,
				)

				from .. import (
				util,
				wireproto,
				)
				stringio = util.stringio

				urlerr = util.urlerr
				urlreq = util.urlreq

				HGTYPE = 'application/mercurial-0.1'
				HGERRTYPE = 'application/hg-error'

				class webproto(wireproto.abstractserverproto):
				def __init__(self, req, ui):
				self.req = req
				self.response = ''
				self.ui = ui
				def getargs(self, args):
				knownargs = self._args()
				data = {}
				keys = args.split()
				for k in keys:
				if k == '*':
				star = {}
				for key in knownargs.keys():
				if key != 'cmd' and key not in keys:
				star[key] = knownargs[key][0]
				data['*'] = star
				else:
				data[k] = knownargs[k][0]
				return [data[k] for k in keys]
				def _args(self):
				args = self.req.form.copy()
				postlen = int(self.req.env.get('HTTP_X_HGARGS_POST', 0))
				if postlen:
				args.update(cgi.parse_qs(
				self.req.read(postlen), keep_blank_values=True))
				return args
				chunks = []
				i = 1
				while True:
				h = self.req.env.get('HTTP_X_HGARG_' + str(i))
				if h is None:
				break
				chunks += [h]
				i += 1
				args.update(cgi.parse_qs(''.join(chunks), keep_blank_values=True))
				return args
				def getfile(self, fp):
				length = int(self.req.env['CONTENT_LENGTH'])
				for s in util.filechunkiter(self.req, limit=length):
				fp.write(s)
				def redirect(self):
				self.oldio = self.ui.fout, self.ui.ferr
				self.ui.ferr = self.ui.fout = stringio()
				def restore(self):
				val = self.ui.fout.getvalue()
				self.ui.ferr, self.ui.fout = self.oldio
				return val
				def groupchunks(self, cg):
				z = zlib.compressobj()
				while True:
				chunk = cg.read(4096)
				if not chunk:
				break
				yield z.compress(chunk)
				yield z.flush()
				def _client(self):
				return 'remote:%s:%s:%s' % (
				self.req.env.get('wsgi.url_scheme') or 'http',
				urlreq.quote(self.req.env.get('REMOTE_HOST', '')),
				urlreq.quote(self.req.env.get('REMOTE_USER', '')))

				def iscmd(cmd):
				return cmd in wireproto.commands

				def call(repo, req, cmd):
				p = webproto(req, repo.ui)
				rsp = wireproto.dispatch(repo, p, cmd)
				if isinstance(rsp, str):
				req.respond(HTTP_OK, HGTYPE, body=rsp)
				return []
				elif isinstance(rsp, wireproto.streamres):
				req.respond(HTTP_OK, HGTYPE)
				return rsp.gen
				elif isinstance(rsp, wireproto.pushres):
				val = p.restore()
				rsp = '%d\n%s' % (rsp.res, val)
				req.respond(HTTP_OK, HGTYPE, body=rsp)
				return []
				elif isinstance(rsp, wireproto.pusherr):
				# drain the incoming bundle
				req.drain()
				p.restore()
				rsp = '0\n%s\n' % rsp.res
				req.respond(HTTP_OK, HGTYPE, body=rsp)
				return []
				elif isinstance(rsp, wireproto.ooberror):
				rsp = rsp.message
				req.respond(HTTP_OK, HGERRTYPE, body=rsp)
				return []