[PATCH] url: check subjectAltName when verifying ssl certificate
Yuya Nishihara
yuya at tcha.org
Tue Jan 11 11:10:38 CST 2011
Mads Kiilerich wrote:
> On 01/11/2011 05:25 PM, Yuya Nishihara wrote:
> > Mads Kiilerich wrote:
> >> Yuya Nishihara wrote, On 01/08/2011 04:36 PM:
> >>> # HG changeset patch
> >>> # User Yuya Nishihara<yuya at tcha.org>
> >>> # Date 1294500936 -32400
> >>> # Node ID 1fd9c9664ed04383fc6c8e84c70c0edea475c314
> >>> # Parent dd7da001a984115806c3d3457a63186f9dfa9a91
> >>> url: check subjectAltName when verifying ssl certificate
> >>
> >> Thanks, queued in crew stable.
> >>
> >> I would prefer if we didn't have our own code for checking this but for
> >> example used used Pythons. But we need a minimal fix for this in stable
> >> now when people really start using cacerts, and I also think our own
> >> implementation is more elegant ...
> >
> > I agree with you.
> > I'll be nice for hg 1.8 to have more solid and clean approach.
>
> Do you think Pythons version is more solid and clean?
Frankly, No.
IMHO, it uses regexp in order to make things worse. :)
But, at least, _verifycert() becomes less readable than before patching.
Yuya,
More information about the Mercurial-devel
mailing list