[PATCH] verify certificate of https server
Dimitris Glynos
dimitris at census-labs.com
Wed Apr 8 05:43:57 CDT 2009
On Wed, 8 Apr 2009, Martin Geisler wrote:
> Dimitris Glynos <dimitris at census-labs.com> writes:
>>
>> -has_https = hasattr(urllib2, 'HTTPSHandler')
>> +try:
>> + from OpenSSL import SSL
>> + has_https = True
>> +except ImportError:
>> + has_https = False
>
> Will this mean that SSL support now requires pyOpenSSL, or was this
> already a requirement for urllib2 to have SSL support?
Prior to this patch, the hg *client* did SSL work via
urllib2.HTTPSHandler => httplib.HTTPS => socket.ssl
The hg server did SSL work with pyopenssl (see hgweb).
What this patch changes is the ssl socket used by the *client*
to be the one provided by pyopenssl. So both client and server
now work with pyopenssl. Of course, if pyopenssl is missing,
the application works ok, but with no SSL functionality.
>> + def __init__(self, ui):
>> + trustedcerts = {}
>> + requiresigs = False or ui.configbool("https", "requiresigs")
>
> Is this not the same as just
>
> requiresigs = ui.configbool("https", "requiresigs")
Yes. It's a literate programming thing. I can replace it with:
# requiresigs is False by default
requiresigs = ui.configbool("https", "requiresigs")
dimitris
More information about the Mercurial-devel
mailing list