upstream/mercurial-mirror Files · tests/dummysmtpd.py

sslutil: print a warning when using TLS 1.0 on legacy Python...

sslutil: print a warning when using TLS 1.0 on legacy Python Mercurial now requires TLS 1.1+ when TLS 1.1+ is supported by the client. Since we made the decision to require TLS 1.1+ when running with modern Python versions, it makes sense to do something for legacy Python versions that only support TLS 1.0. Feature parity would be to prevent TLS 1.0 connections out of the box and require a config option to enable them. However, this is extremely user hostile since Mercurial wouldn't talk to https:// by default in these installations! I can easily see how someone would do something foolish like use "--insecure" instead - and that would be worse than allowing TLS 1.0! This patch takes the compromise position of printing a warning when performing TLS 1.0 connections when running on old Python versions. While this warning is no more annoying than the CA certificate / fingerprint warnings in Mercurial 3.8, we provide a config option to disable the warning because to many people upgrading Python to make the warning go away is not an available recourse (unlike pinning fingerprints is for the CA warning). The warning appears as optional output in a lot of tests.

Gregory Szorc - - Load All Authors

File last commit:

r29556:1b8b6adb default


                r29561:1a782fab

default

Download file

             dummysmtpd.py
        
                    82 lines
            
             | 2.2 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / dummysmtpd.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      #!/usr/bin/env python

      """dummy SMTP server for use in tests"""

      from __future__ import absolute_import

      import asyncore

      import optparse

      import smtpd

      import ssl

      import sys

      from mercurial import (

          cmdutil,

          sslutil,

          ui as uimod,

      )

      def log(msg):

          sys.stdout.write(msg)

          sys.stdout.flush()

      class dummysmtpserver(smtpd.SMTPServer):

          def __init__(self, localaddr):

              smtpd.SMTPServer.__init__(self, localaddr, remoteaddr=None)

          def process_message(self, peer, mailfrom, rcpttos, data):

              log('%s from=%s to=%s\n' % (peer[0], mailfrom, ', '.join(rcpttos)))

      class dummysmtpsecureserver(dummysmtpserver):

          def __init__(self, localaddr, certfile):

              dummysmtpserver.__init__(self, localaddr)

              self._certfile = certfile

          def handle_accept(self):

              pair = self.accept()

              if not pair:

                  return

              conn, addr = pair

              ui = uimod.ui()

              try:

                  # wrap_socket() would block, but we don't care

                  conn = sslutil.wrapserversocket(conn, ui, certfile=self._certfile)

              except ssl.SSLError:

                  log('%s ssl error\n' % addr[0])

                  conn.close()

                  return

              smtpd.SMTPChannel(self, conn, addr)

      def run():

          try:

              asyncore.loop()

          except KeyboardInterrupt:

              pass

      def main():

          op = optparse.OptionParser()

          op.add_option('-d', '--daemon', action='store_true')

          op.add_option('--daemon-postexec', action='append')

          op.add_option('-p', '--port', type=int, default=8025)

          op.add_option('-a', '--address', default='localhost')

          op.add_option('--pid-file', metavar='FILE')

          op.add_option('--tls', choices=['none', 'smtps'], default='none')

          op.add_option('--certificate', metavar='FILE')

          opts, args = op.parse_args()

          if opts.tls == 'smtps' and not opts.certificate:

              op.error('--certificate must be specified')

          addr = (opts.address, opts.port)

          def init():

              if opts.tls == 'none':

                  dummysmtpserver(addr)

              else:

                  dummysmtpsecureserver(addr, opts.certificate)

              log('listening at %s:%d\n' % addr)

          cmdutil.service(vars(opts), initfn=init, runfn=run,

                          runargs=[sys.executable, __file__] + sys.argv[1:])

      if __name__ == '__main__':

          main()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				#!/usr/bin/env python

				"""dummy SMTP server for use in tests"""

				from __future__ import absolute_import

				import asyncore
				import optparse
				import smtpd
				import ssl
				import sys

				from mercurial import (
				cmdutil,
				sslutil,
				ui as uimod,
				)

				def log(msg):
				sys.stdout.write(msg)
				sys.stdout.flush()

				class dummysmtpserver(smtpd.SMTPServer):
				def __init__(self, localaddr):
				smtpd.SMTPServer.__init__(self, localaddr, remoteaddr=None)

				def process_message(self, peer, mailfrom, rcpttos, data):
				log('%s from=%s to=%s\n' % (peer[0], mailfrom, ', '.join(rcpttos)))

				class dummysmtpsecureserver(dummysmtpserver):
				def __init__(self, localaddr, certfile):
				dummysmtpserver.__init__(self, localaddr)
				self._certfile = certfile

				def handle_accept(self):
				pair = self.accept()
				if not pair:
				return
				conn, addr = pair
				ui = uimod.ui()
				try:
				# wrap_socket() would block, but we don't care
				conn = sslutil.wrapserversocket(conn, ui, certfile=self._certfile)
				except ssl.SSLError:
				log('%s ssl error\n' % addr[0])
				conn.close()
				return
				smtpd.SMTPChannel(self, conn, addr)

				def run():
				try:
				asyncore.loop()
				except KeyboardInterrupt:
				pass

				def main():
				op = optparse.OptionParser()
				op.add_option('-d', '--daemon', action='store_true')
				op.add_option('--daemon-postexec', action='append')
				op.add_option('-p', '--port', type=int, default=8025)
				op.add_option('-a', '--address', default='localhost')
				op.add_option('--pid-file', metavar='FILE')
				op.add_option('--tls', choices=['none', 'smtps'], default='none')
				op.add_option('--certificate', metavar='FILE')

				opts, args = op.parse_args()
				if opts.tls == 'smtps' and not opts.certificate:
				op.error('--certificate must be specified')

				addr = (opts.address, opts.port)
				def init():
				if opts.tls == 'none':
				dummysmtpserver(addr)
				else:
				dummysmtpsecureserver(addr, opts.certificate)
				log('listening at %s:%d\n' % addr)

				cmdutil.service(vars(opts), initfn=init, runfn=run,
				runargs=[sys.executable, __file__] + sys.argv[1:])

				if __name__ == '__main__':
				main()