##// END OF EJS Templates
sslutil: try to find CA certficates in well-known locations...
sslutil: try to find CA certficates in well-known locations Many Linux distros and other Nixen have CA certificates in well-defined locations. Rather than potentially fail to load any CA certificates at all (which will always result in a certificate verification failure), we scan for paths to known CA certificate files and load one if seen. Because a proper Mercurial install will have the path to the CA certificate file defined at install time, we print a warning that the install isn't proper and provide a URL with instructions to correct things. We only perform path-based fallback on Pythons that don't know how to call into OpenSSL to load the default verify locations. This is because we trust that Python/OpenSSL is properly configured and knows better than Mercurial. So this new code effectively only runs on Python <2.7.9 (technically Pythons without the modern ssl module).

File last commit:

r29332:2bb0ddd8 default
r29500:4b16a5bd default
Show More
dummysmtpd.py
81 lines | 2.3 KiB | text/x-python | PythonLexer
#!/usr/bin/env python
"""dummy SMTP server for use in tests"""
from __future__ import absolute_import
import asyncore
import optparse
import smtpd
import ssl
import sys
from mercurial import (
cmdutil,
)
def log(msg):
sys.stdout.write(msg)
sys.stdout.flush()
class dummysmtpserver(smtpd.SMTPServer):
def __init__(self, localaddr):
smtpd.SMTPServer.__init__(self, localaddr, remoteaddr=None)
def process_message(self, peer, mailfrom, rcpttos, data):
log('%s from=%s to=%s\n' % (peer[0], mailfrom, ', '.join(rcpttos)))
class dummysmtpsecureserver(dummysmtpserver):
def __init__(self, localaddr, certfile):
dummysmtpserver.__init__(self, localaddr)
self._certfile = certfile
def handle_accept(self):
pair = self.accept()
if not pair:
return
conn, addr = pair
try:
# wrap_socket() would block, but we don't care
conn = ssl.wrap_socket(conn, server_side=True,
certfile=self._certfile,
ssl_version=ssl.PROTOCOL_TLSv1)
except ssl.SSLError:
log('%s ssl error\n' % addr[0])
conn.close()
return
smtpd.SMTPChannel(self, conn, addr)
def run():
try:
asyncore.loop()
except KeyboardInterrupt:
pass
def main():
op = optparse.OptionParser()
op.add_option('-d', '--daemon', action='store_true')
op.add_option('--daemon-postexec', action='append')
op.add_option('-p', '--port', type=int, default=8025)
op.add_option('-a', '--address', default='localhost')
op.add_option('--pid-file', metavar='FILE')
op.add_option('--tls', choices=['none', 'smtps'], default='none')
op.add_option('--certificate', metavar='FILE')
opts, args = op.parse_args()
if opts.tls == 'smtps' and not opts.certificate:
op.error('--certificate must be specified')
addr = (opts.address, opts.port)
def init():
if opts.tls == 'none':
dummysmtpserver(addr)
else:
dummysmtpsecureserver(addr, opts.certificate)
log('listening at %s:%d\n' % addr)
cmdutil.service(vars(opts), initfn=init, runfn=run,
runargs=[sys.executable, __file__] + sys.argv[1:])
if __name__ == '__main__':
main()