[PATCH 2 of 2] hgweb: use Pythons ssl module for HTTPS serve when using Python 2.6 or later

[Mads Kiilerich]

# HG changeset patch
# User Mads Kiilerich <mads at kiilerich.com>
# Date 1287537178 -7200
# Node ID 7855ae9daf68ebda62b3c3fdb39964a785829a0f
# Parent  5361b056f99045337d51821bade337482c9f6aa1
hgweb: use Pythons ssl module for HTTPS serve when using Python 2.6 or later

pyOpenSSL apparently doesn't work for Python 2.7 and isn't very actively
maintained.

The built-in ssl module seems like a long-term winner, so we now use that with
Python 2.6 and higher.

diff --git a/mercurial/hgweb/server.py b/mercurial/hgweb/server.py
--- a/mercurial/hgweb/server.py
+++ b/mercurial/hgweb/server.py
@@ -214,6 +214,22 @@
             self.close_connection = True
             pass
 
+class _httprequesthandlerssl(_httprequesthandler):
+    """HTTPS handler based on Pythons ssl module (introduced in 2.6)"""
+
+    url_scheme = 'https'
+
+    @staticmethod
+    def preparehttpserver(httpserver, ssl_cert):
+        import ssl
+        httpserver.socket = ssl.wrap_socket(httpserver.socket, server_side=True,
+            certfile=ssl_cert, ssl_version=ssl.PROTOCOL_SSLv3)
+
+    def setup(self):
+        self.connection = self.request
+        self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
+        self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
+
 try:
     from threading import activeCount
     _mixin = SocketServer.ThreadingMixIn
@@ -265,7 +281,10 @@
 def create_server(ui, app):
 
     if ui.config('web', 'certificate'):
-        handler = _httprequesthandleropenssl
+        if sys.version_info >= (2, 6):
+            handler = _httprequesthandlerssl
+        else:
+            handler = _httprequesthandleropenssl
     else:
         handler = _httprequesthandler
 
diff --git a/tests/hghave b/tests/hghave
--- a/tests/hghave
+++ b/tests/hghave
@@ -181,7 +181,6 @@
 
 def has_ssl():
     try:
-        from OpenSSL.SSL import SysCallError, ZeroReturnError
         import ssl
         return True
     except ImportError:
@@ -207,7 +206,7 @@
     "outer-repo": (has_outer_repo, "outer repo"),
     "p4": (has_p4, "Perforce server and client"),
     "pygments": (has_pygments, "Pygments source highlighting library"),
-    "ssl": (has_ssl, "python ssl and openssl modules"),
+    "ssl": (has_ssl, "python >= 2.6 ssl module"),
     "svn": (has_svn, "subversion client and admin tools"),
     "svn-bindings": (has_svn_bindings, "subversion python bindings"),
     "symlink": (has_symlink, "symbolic links"),
diff --git a/tests/test-https.t b/tests/test-https.t
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -1,12 +1,7 @@
-Proper https client requires the built-in ssl from Python 2.6,
-and https serve requires the full OpenSSL module.
+Proper https client requires the built-in ssl from Python 2.6.
 
   $ "$TESTDIR/hghave" ssl || exit 80
 
-HTTPS serve seems to be broken on Python 2.7:
-
-  $ [ "`python -c 'import sys; print sys.version_info[:2]'`" = '(2, 6)' ] || exit 80
-
 Certificates created with:
  printf '.\n.\n.\n.\n.\nlocalhost\nhg at localhost\n' | \
  openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem