[PATCH 2 of 2] test-url: skip test when ssl module is unavailable

Mads Kiilerich mads at kiilerich.com
Wed Oct 13 21:12:39 CDT 2010


  Augie Fackler wrote, On 10/13/2010 12:57 AM:
>
> On Oct 12, 2010, at 2:05 PM, Gilles Moris wrote:
>
>> Does this mean that url._verifycert() cannot be called for py < 2.6 ?
>> Is that the reason why this test failure is eluded ?
>
> Yeah. Presumably url._verifycert() needs some fallback path (I guess 
> we can't do any checking in that case? :/) if the ssl module isn't 
> available (which it might be on old Pythons via the backport on PyPI.)

This code is only reached if ssl is available, so in that case only the 
"unit" test needs fallback/disabling.

We support two flavours of python ssl support: < 2.6 and >= 2.6. The 
time parsing function is only available for >= 2.6.

According to Python devs is this not an issue because they use openssl 
in a way where time range already has been checked. We can thus probably 
remove the date checks completely and the code and test will work 
correctly in either case.

But we don't have any test coverage for https at all, so I would not 
feel comfortable just removing the checks without extra testing.

> Mads, can you do that or should someone else plan to look at it?

Yes. I will add some tests, verify that date check really isn't needed, 
probably remove the time check functions, and verify that it works with 
2.4 and 2.6.

I am also considering switching to the check function Python ended up 
using. It is a bit more flexible and less paranoid than what we have 
now. We really want this kind of low-level security stuff to be somebody 
else's problem.

/Mads


More information about the Mercurial-devel mailing list