[PATCH] verify certificate of https server
Dimitris Glynos
dimitris at census-labs.com
Wed Apr 8 10:28:19 CDT 2009
On Wed, 8 Apr 2009, Martin Geisler wrote:
> Dimitris Glynos wrote:
>
>> Prior to this patch, the hg *client* did SSL work via
>> urllib2.HTTPSHandler => httplib.HTTPS => socket.ssl The hg server did
>> SSL work with pyopenssl (see hgweb).
>>
>> What this patch changes is the ssl socket used by the *client* to be
>> the one provided by pyopenssl. So both client and server now work with
>> pyopenssl. Of course, if pyopenssl is missing, the application works
>> ok, but with no SSL functionality.
>
> Thanks for the explaination -- would it be possible to do the change in
> a way that avoids this regression for clients who lack pyOpenSSL?
Maybe, by creating an SSL abstraction layer that checks for the locally
available SSL options. But this needs some considerable refactoring work.
This also means that some SSL features are considered as standard
(e.g. a client connecting to an https web server) while others
are considered as optional (e.g. an hgweb server providing content
over ssl).
Anyway, I'll have a look at it again and I'll let you know if a better
solution comes up.
cheers,
dimitris
More information about the Mercurial-devel
mailing list