[PATCH] url: check subjectAltName when verifying ssl certificate
Mads Kiilerich
mads at kiilerich.com
Tue Jan 11 11:25:26 CST 2011
On 01/11/2011 06:10 PM, Yuya Nishihara wrote:
> Mads Kiilerich wrote:
>> On 01/11/2011 05:25 PM, Yuya Nishihara wrote:
>>> Mads Kiilerich wrote:
>>>> Yuya Nishihara wrote, On 01/08/2011 04:36 PM:
>>>>> # HG changeset patch
>>>>> # User Yuya Nishihara<yuya at tcha.org>
>>>>> # Date 1294500936 -32400
>>>>> # Node ID 1fd9c9664ed04383fc6c8e84c70c0edea475c314
>>>>> # Parent dd7da001a984115806c3d3457a63186f9dfa9a91
>>>>> url: check subjectAltName when verifying ssl certificate
>>>>
>>>> Thanks, queued in crew stable.
>>>>
>>>> I would prefer if we didn't have our own code for checking this but for
>>>> example used used Pythons. But we need a minimal fix for this in stable
>>>> now when people really start using cacerts, and I also think our own
>>>> implementation is more elegant ...
>>>
>>> I agree with you.
>>> I'll be nice for hg 1.8 to have more solid and clean approach.
>>
>> Do you think Pythons version is more solid and clean?
>
> Frankly, No.
> IMHO, it uses regexp in order to make things worse. :)
>
> But, at least, _verifycert() becomes less readable than before patching.
I agree with you ;-)
I think we should stick to what we have now until good reasons for
changing pops up. I'm sure we will to deal with other "adjustments" for
compliance or compatibility anyway.
/Mads
More information about the Mercurial-devel
mailing list