[PATCH stable] url: fix UnicodeDecodeError on certificate verification error

Yuya Nishihara yuya at tcha.org
Tue Jan 4 10:58:28 CST 2011


Yuya Nishihara wrote:
> # HG changeset patch
> # User Yuya Nishihara <yuya at tcha.org>
> # Date 1294159970 -32400
> # Branch stable
> # Node ID 54d034f4f5092649db64c4cb51af62322a2aca93
> # Parent  5d1bb1174047030036fcca00004573fc9f2c0713
> url: fix UnicodeDecodeError on certificate verification error
> 
> SSLSockect.getpeercert() returns tuple containing unicodes for 'subject'.

How to reproduce:

% LANG=ja_JP.utf-8 hg clone https://github.com/mitsuhiko/flask-babel.git
...
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe7 in position 3: ordinal not in range(128)

(needs hg-git extension and non-ascii locale)

BTW, commonName=*.github.com should match github.com?

> diff --git a/mercurial/url.py b/mercurial/url.py
> --- a/mercurial/url.py
> +++ b/mercurial/url.py
> @@ -10,7 +10,7 @@
>  import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO
>  import __builtin__
>  from i18n import _
> -import keepalive, util
> +import keepalive, util, encoding
>  
>  def _urlunparse(scheme, netloc, path, params, query, fragment, url):
>      '''Handle cases where urlunparse(urlparse(x://)) doesn't preserve the "//"'''
> @@ -498,7 +498,7 @@ def _verifycert(cert, hostname):
>      for s in cert.get('subject', []):
>          key, value = s[0]
>          if key == 'commonName':
> -            certname = value.lower()
> +            certname = value.lower().encode(encoding.encoding, 'replace')
>              if (certname == dnsname or
>                  '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1]):
>                  return None

Yuya,


More information about the Mercurial-devel mailing list