upstream/mercurial-mirror Files · mercurial/py3kcompat.py

sslutil: per-host config option to define certificates...

sslutil: per-host config option to define certificates Recent work has introduced the [hostsecurity] config section for defining per-host security settings. This patch builds on top of this foundation and implements the ability to define a per-host path to a file containing certificates used for verifying the server certificate. It is logically a per-host web.cacerts setting. This patch also introduces a warning when both per-host certificates and fingerprints are defined. These are mutually exclusive for host verification and I think the user should be alerted when security settings are ambiguous because, well, security is important. Tests validating the new behavior have been added. I decided against putting "ca" in the option name because a non-CA certificate can be specified and used to validate the server certificate (commonly this will be the exact public certificate used by the server). It's worth noting that the underlying Python API used is load_verify_locations(cafile=X) and it calls into OpenSSL's SSL_CTX_load_verify_locations(). Even OpenSSL's documentation seems to omit that the file can contain a non-CA certificate if it matches the server's certificate exactly. I thought a CA certificate was a special kind of x509 certificate. Perhaps I'm wrong and any x509 certificate can be used as a CA certificate [as far as OpenSSL is concerned]. In any case, I thought it best to drop "ca" from the name because this reflects reality.

Gregory Szorc - - Load All Authors

File last commit:

r27486:5bfd01a3 default


                r29334:ecc9b788

default

Download file

             py3kcompat.py
        
                    68 lines
            
             | 2.1 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / mercurial / py3kcompat.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # py3kcompat.py - compatibility definitions for running hg in py3k

      #

      # Copyright 2010 Renato Cunha <renatoc@gmail.com>

      #

      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2 or any later version.

      from __future__ import absolute_import

      import builtins

      import numbers

      Number = numbers.Number

      def bytesformatter(format, args):

          '''Custom implementation of a formatter for bytestrings.

          This function currently relies on the string formatter to do the

          formatting and always returns bytes objects.

          >>> bytesformatter(20, 10)

          0

          >>> bytesformatter('unicode %s, %s!', ('string', 'foo'))

          b'unicode string, foo!'

          >>> bytesformatter(b'test %s', 'me')

          b'test me'

          >>> bytesformatter('test %s', 'me')

          b'test me'

          >>> bytesformatter(b'test %s', b'me')

          b'test me'

          >>> bytesformatter('test %s', b'me')

          b'test me'

          >>> bytesformatter('test %d: %s', (1, b'result'))

          b'test 1: result'

          '''

          # The current implementation just converts from bytes to unicode, do

          # what's needed and then convert the results back to bytes.

          # Another alternative is to use the Python C API implementation.

          if isinstance(format, Number):

              # If the fixer erroneously passes a number remainder operation to

              # bytesformatter, we just return the correct operation

              return format % args

          if isinstance(format, bytes):

              format = format.decode('utf-8', 'surrogateescape')

          if isinstance(args, bytes):

              args = args.decode('utf-8', 'surrogateescape')

          if isinstance(args, tuple):

              newargs = []

              for arg in args:

                  if isinstance(arg, bytes):

                      arg = arg.decode('utf-8', 'surrogateescape')

                  newargs.append(arg)

              args = tuple(newargs)

          ret = format % args

          return ret.encode('utf-8', 'surrogateescape')

      builtins.bytesformatter = bytesformatter

      origord = builtins.ord

      def fakeord(char):

          if isinstance(char, int):

              return char

          return origord(char)

      builtins.ord = fakeord

      if __name__ == '__main__':

          import doctest

          doctest.testmod()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# py3kcompat.py - compatibility definitions for running hg in py3k
				#
				# Copyright 2010 Renato Cunha <renatoc@gmail.com>
				#
				# This software may be used and distributed according to the terms of the
				# GNU General Public License version 2 or any later version.

				from __future__ import absolute_import

				import builtins
				import numbers

				Number = numbers.Number

				def bytesformatter(format, args):
				'''Custom implementation of a formatter for bytestrings.

				This function currently relies on the string formatter to do the
				formatting and always returns bytes objects.

				>>> bytesformatter(20, 10)
				0
				>>> bytesformatter('unicode %s, %s!', ('string', 'foo'))
				b'unicode string, foo!'
				>>> bytesformatter(b'test %s', 'me')
				b'test me'
				>>> bytesformatter('test %s', 'me')
				b'test me'
				>>> bytesformatter(b'test %s', b'me')
				b'test me'
				>>> bytesformatter('test %s', b'me')
				b'test me'
				>>> bytesformatter('test %d: %s', (1, b'result'))
				b'test 1: result'
				'''
				# The current implementation just converts from bytes to unicode, do
				# what's needed and then convert the results back to bytes.
				# Another alternative is to use the Python C API implementation.
				if isinstance(format, Number):
				# If the fixer erroneously passes a number remainder operation to
				# bytesformatter, we just return the correct operation
				return format % args
				if isinstance(format, bytes):
				format = format.decode('utf-8', 'surrogateescape')
				if isinstance(args, bytes):
				args = args.decode('utf-8', 'surrogateescape')
				if isinstance(args, tuple):
				newargs = []
				for arg in args:
				if isinstance(arg, bytes):
				arg = arg.decode('utf-8', 'surrogateescape')
				newargs.append(arg)
				args = tuple(newargs)
				ret = format % args
				return ret.encode('utf-8', 'surrogateescape')
				builtins.bytesformatter = bytesformatter

				origord = builtins.ord
				def fakeord(char):
				if isinstance(char, int):
				return char
				return origord(char)
				builtins.ord = fakeord

				if __name__ == '__main__':
				import doctest
				doctest.testmod()