[PATCH 7 of 7] url: merge BetterHTTPS with httpsconnection to get some proxy https validation
Mads Kiilerich
mads at kiilerich.com
Tue Feb 15 21:41:28 CST 2011
# HG changeset patch
# User Mads Kiilerich <mads at kiilerich.com>
# Date 1297827396 -3600
# Node ID 7e75850d51891576b9779a365cbb0a68f2da0e5d
# Parent f88260914c7cbe91ec232dfd2e8955581e236125
url: merge BetterHTTPS with httpsconnection to get some proxy https validation
diff --git a/mercurial/url.py b/mercurial/url.py
--- a/mercurial/url.py
+++ b/mercurial/url.py
@@ -542,13 +542,20 @@
return _('no commonName or subjectAltName found in certificate')
if has_https:
- class BetterHTTPS(httplib.HTTPSConnection):
- send = keepalive.safesend
+ class httpsconnection(httplib.HTTPSConnection):
+ response_class = keepalive.HTTPResponse
+ # must be able to send big bundle as stream.
+ send = _gen_sendfile(keepalive.safesend)
+ getresponse = keepalive.wrapgetresponse(httplib.HTTPSConnection)
def connect(self):
self.sock = _create_connection((self.host, self.port))
host = self.host
+ if self.realhostport: # use CONNECT proxy
+ something = _generic_proxytunnel(self)
+ host = self.realhostport.rsplit(':', 1)[0]
+
cacerts = self.ui.config('web', 'cacerts')
hostfingerprint = self.ui.config('hostfingerprints', host)
@@ -592,22 +599,6 @@
'(check web.cacerts config setting)\n') %
host)
- class httpsconnection(BetterHTTPS):
- response_class = keepalive.HTTPResponse
- # must be able to send big bundle as stream.
- send = _gen_sendfile(BetterHTTPS.send)
- getresponse = keepalive.wrapgetresponse(httplib.HTTPSConnection)
-
- def connect(self):
- if self.realhostport: # use CONNECT proxy
- self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- self.sock.connect((self.host, self.port))
- if _generic_proxytunnel(self):
- self.sock = _ssl_wrap_socket(self.sock, self.key_file,
- self.cert_file)
- else:
- BetterHTTPS.connect(self)
-
class httpshandler(keepalive.KeepAliveHandler, urllib2.HTTPSHandler):
def __init__(self, ui):
keepalive.KeepAliveHandler.__init__(self)
diff --git a/tests/test-https.t b/tests/test-https.t
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -261,10 +261,8 @@
Test https with cert problems through proxy
$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-other.pem
- pulling from https://localhost:$HGPORT/
- searching for changes
- no changes found
+ abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
+ [255]
$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
- pulling from https://localhost:$HGPORT2/
- searching for changes
- no changes found
+ abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
+ [255]
More information about the Mercurial-devel
mailing list