serve, HTTPS, Python 2.7, pyOpenSSL, and test-https.t

Sat Oct 16 21:37:23 CDT 2010

  I have pushed some HTTPS fixes and tests to crew. HTTPS serve was 
untested and broken but is now fixed and tested - and used for testing 
HTTPS urls.

I can however only make HTTPS serve work on Python 2.6, so the tests 
will not be run with 2.7 (and 2.4 and 2.5).

We haven't got any reports yet, but perhaps we should mention it 
somewhere if we can't/won't make HTTPS serve work on Python 2.7.

With Python2.7 and pyOpenSSL-0.9 or 0.10 built/installed from source and 
openssl-1.0.0a-2.fc14.i686 I get:

$ ./hg serve -v -p 1234 --certificate=/tmp/server.pem
listening at http://localhost6.localdomain6:1234/ (bound to *:1234)
127.0.0.1 - - [17/Oct/2010 03:07:47] "GET 
/?pairs=0000000000000000000000000000000000000000-0000000000000000000000000000000000000000&cmd=between 
HTTP/1.1" 200 -
127.0.0.1 - - [17/Oct/2010 03:07:47] "GET 
/?pairs=0000000000000000000000000000000000000000-0000000000000000000000000000000000000000&cmd=between 
HTTP/1.1" 500 -
----------------------------------------
Exception happened during processing of request from ('127.0.0.1', 59607)
Traceback (most recent call last):
   File "/tmp/py27/lib/python2.7/SocketServer.py", line 582, in 
process_request_thread
     self.finish_request(request, client_address)
   File "/tmp/py27/lib/python2.7/SocketServer.py", line 323, in 
finish_request
     self.RequestHandlerClass(request, client_address, self)
   File "/home/mk/src/hg/mercurial/hgweb/server.py", line 42, in __init__
     BaseHTTPServer.BaseHTTPRequestHandler.__init__(self, *args, **kargs)
   File "/tmp/py27/lib/python2.7/SocketServer.py", line 641, in __init__
     self.finish()
   File "/tmp/py27/lib/python2.7/SocketServer.py", line 694, in finish
     self.wfile.flush()
   File "/tmp/py27/lib/python2.7/socket.py", line 301, in flush
     self._sock.sendall(view[write_offset:write_offset+buffer_size])
TypeError: must be string or read-only buffer, not memoryview
----------------------------------------
Exception in thread Thread-1:
Traceback (most recent call last):
   File "/tmp/py27/lib/python2.7/threading.py", line 530, in 
__bootstrap_inner
     self.run()
   File "/tmp/py27/lib/python2.7/threading.py", line 483, in run
     self.__target(*self.__args, **self.__kwargs)
   File "/tmp/py27/lib/python2.7/SocketServer.py", line 586, in 
process_request_thread
     self.shutdown_request(request)
   File "/tmp/py27/lib/python2.7/SocketServer.py", line 459, in 
shutdown_request
     request.shutdown(socket.SHUT_WR)
TypeError: shutdown() takes exactly 0 arguments (1 given)

- when I run:

$ hg clone https://localhost:1234/

Can anyone confirm this and figure out what is going on? Do we use 
pyOpenSSL correctly?

My theory is that pyOpenSSL needs a fix similar to 
http://bugs.python.org/issue7133 and/or doesn't support Python 2.7.

I haven't been able to compile/install pyOpenSSL 0.11a1.

/Mads

$ cat /tmp/server.pem
-----BEGIN PRIVATE KEY-----
MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEApjCWeYGrIa/Vo7LH
aRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX6aDWg06n9tiVStAKTgQAHJY8
j/xgSwIDAQABAkBxHC6+Qlf0VJXGlb6NL16yEVVTQxqDS6hA9zqu6TZjrr0YMfzc
EGNIiZGt7HCBL0zO+cPDg/LeCZc6HQhf0KrhAiEAzlJq4hWWzvguWFIJWSoBeBUG
MF1ACazQO7PYE8M0qfECIQDONHHP0SKZzz/ZwBZcAveC5K61f/v9hONFwbeYulzR
+wIgc9SvbtgB/5Yzpp//4ZAEnR7oh5SClCvyB+KSx52K3nECICbhQphhoXmI10wy
aMTellaq0bpNMHFDziqH9RsqAHhjAiEAgYGxfzkftt5IUUn/iFK89aaIpyrpuaAh
HY8gUVkVRVs=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0
MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX
6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm
r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl
t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c=
-----END CERTIFICATE-----

$ openssl x509 -in /tmp/server.pem -text
Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
             d0:17:14:5c:96:8c:69:d1
         Signature Algorithm: sha1WithRSAEncryption
         Issuer: CN=localhost/emailAddress=hg at localhost
         Validity
             Not Before: Oct 14 20:30:14 2010 GMT
             Not After : Jun  5 20:30:14 2035 GMT
         Subject: CN=localhost/emailAddress=hg at localhost
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (512 bit)
                 Modulus:
                     00:a6:30:96:79:81:ab:21:af:d5:a3:b2:c7:69:11:
                     7c:a2:ed:2d:6e:01:ca:13:7d:d4:b1:ef:f0:84:29:
                     ca:11:49:b7:e2:b0:da:5d:07:78:97:1c:57:e9:a0:
                     d6:83:4e:a7:f6:d8:95:4a:d0:0a:4e:04:00:1c:96:
                     3c:8f:fc:60:4b
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier:
                 13:AB:00:F9:A9:A6:AF:6E:1D:19:7D:24:A6:3C:4E:80:EE:39:87:34
             X509v3 Authority Key Identifier:

keyid:13:AB:00:F9:A9:A6:AF:6E:1D:19:7D:24:A6:3C:4E:80:EE:39:87:34

             X509v3 Basic Constraints:
                 CA:TRUE
     Signature Algorithm: sha1WithRSAEncryption
         50:2b:bd:01:62:01:92:60:41:cc:d1:b1:b6:25:1b:5c:65:b7:
         eb:6b:ba:4d:fb:c3:90:77:9b:72:1c:93:59:ed:45:c4:2b:aa:
         cf:a1:7f:40:8e:d6:ae:92:aa:ed:78:e2:07:98:69:0f:02:0e:
         2a:d2:47:dd:9f:20:21:0b:23:57
-----BEGIN CERTIFICATE-----
MIIBqzCCAVWgAwIBAgIJANAXFFyWjGnRMA0GCSqGSIb3DQEBBQUAMDExEjAQBgNV
BAMMCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMaGdAbG9jYWxob3N0MB4XDTEw
MTAxNDIwMzAxNFoXDTM1MDYwNTIwMzAxNFowMTESMBAGA1UEAwwJbG9jYWxob3N0
MRswGQYJKoZIhvcNAQkBFgxoZ0Bsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL
ADBIAkEApjCWeYGrIa/Vo7LHaRF8ou0tbgHKE33Use/whCnKEUm34rDaXQd4lxxX
6aDWg06n9tiVStAKTgQAHJY8j/xgSwIDAQABo1AwTjAdBgNVHQ4EFgQUE6sA+amm
r24dGX0kpjxOgO45hzQwHwYDVR0jBBgwFoAUE6sA+ammr24dGX0kpjxOgO45hzQw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAFArvQFiAZJgQczRsbYlG1xl
t+truk37w5B3m3Ick1ntRcQrqs+hf0CO1q6Squ144geYaQ8CDirSR92fICELI1c=
-----END CERTIFICATE-----