certificate-based authentication for https hgwebdir clients
Benoit Boissinot
benoit.boissinot at ens-lyon.org
Tue Jan 6 16:27:27 CST 2009
On Tue, Jan 06, 2009 at 12:16:00PM -0600, Matt Mackall wrote:
> On Tue, 2009-01-06 at 16:31 +0200, Dimitris Glynos wrote:
> > Hello all,
> >
> > I'm attaching a patch that enables hgwebdir to do basic certicate-based
> > authentication for clients, in https mode. By 'basic' I mean that the
> > client's certificate is checked against a list of registered certificates
> > and if it is not found in the list (or is invalid), the SSL session is
> > terminated.
>
> This patch requires having the Python OpenSSL bindings installed, yes?
> That's a little unfortunate. Calling out to the openssl executable (one
> dependency which most people already have) might actually be preferable
> to adding a library (one more dependency).
The dependency already exists for some SSL features in hgweb/server.py:
if ssl_cert:
try:
from OpenSSL import SSL
ctx = SSL.Context(SSL.SSLv23_METHOD)
except ImportError:
raise util.Abort(_("SSL support is unavailable"))
Maybe we should add an alternate method for python2.6, since the ssl
library was integrated there: http://docs.python.org/library/ssl.html
regards,
Benoit
--
:wq
More information about the Mercurial-devel
mailing list