[PATCH] ui: optionally quiesce ssl verification warnings
Mads Kiilerich
mads at kiilerich.com
Mon Apr 9 07:06:44 CDT 2012
Steven Stallion wrote, On 04/09/2012 12:30 AM:
> # HG changeset patch
> # User Steven Stallion<sstallion at gmail.com>
> # Date 1333924158 25200
> # Node ID 87d271ff44bd1f06b3eeee36439f3c0306793516
> # Parent 329887a7074c8e49e73fa76712d8d45aee0d0fd7
> ui: optionally quiesce ssl verification warnings
>
> Some platforms, notably Plan 9 from Bell Labs are stuck on older
> releases of Python. Due to restrictions in the platform, it is not
> possible to backport the SSL library to the existing Python port.
Does that mean that Plan 9 is dead and it never will be able to run a
recent Python?
Or just that it currently ships with Python 2.5 and you can't/won't
update Python or install the standalone ssl module?
> This patch permits the UI to quiesce SSL verification warnings by
> adding a configuration entry named report_unverified to ui.
A SSL connection that haven't been verified is no more secure than a
non-SSL connection. Any support to the idea of having 'SSL with
unverified certificate' is misguided and will be seriously misleading.
(If it wasn't for the need for backward compatibility then I would have
recommended that Mercurial should abort instead of warn in this and
other insecure cases.)
I don't think this new configuration option just to hide a real issue
without fixing it is a good idea. It would perhaps be a slightly less
bad idea if the option name and the documentation made it clear that it
was insecure.
If you really want to feel safe while being insecure then I would
recommend making a little extension that replace
mercurial.sslutil.validator with something like lambda *a: lambda *a:
None . Or even better: Do whatever it takes to bring SSL to your Python.
/Mads
> diff -r 329887a7074c -r 87d271ff44bd mercurial/help/config.txt
> --- a/mercurial/help/config.txt Fri Apr 06 15:18:14 2012 -0500
> +++ b/mercurial/help/config.txt Sun Apr 08 15:29:18 2012 -0700
> @@ -1134,6 +1134,10 @@
> Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a
> trusted user or group. True or False. Default is True.
>
> +``report_unverified``
> + Warn if an SSL certificate is unable to be verified. True or False.
> + Default is True.
> +
> ``slash``
> Display paths using a slash (``/``) as the path separator. This
> only makes a difference on systems where the default path
> diff -r 329887a7074c -r 87d271ff44bd mercurial/sslutil.py
> --- a/mercurial/sslutil.py Fri Apr 06 15:18:14 2012 -0500
> +++ b/mercurial/sslutil.py Sun Apr 08 15:29:18 2012 -0700
> @@ -103,12 +103,14 @@
> host = self.host
> cacerts = self.ui.config('web', 'cacerts')
> hostfingerprint = self.ui.config('hostfingerprints', host)
> + reportunverified = self.ui.configbool('ui', 'report_unverified', True)
> if not getattr(sock, 'getpeercert', False): # python 2.5 ?
> if hostfingerprint:
> raise util.Abort(_("host fingerprint for %s can't be "
> "verified (Python too old)") % host)
> - self.ui.warn(_("warning: certificate for %s can't be verified "
> - "(Python too old)\n") % host)
> + if reportunverified:
> + self.ui.warn(_("warning: certificate for %s can't be verified "
> + "(Python too old)\n") % host)
> return
> if not sock.cipher(): # work around http://bugs.python.org/issue13721
> raise util.Abort(_('%s ssl connection error') % host)
> @@ -135,7 +137,7 @@
> '--insecure to connect insecurely') %
> nicefingerprint)
> self.ui.debug('%s certificate successfully verified\n' % host)
> - else:
> + elif reportunverified:
> self.ui.warn(_('warning: %s certificate with fingerprint %s not '
> 'verified (check hostfingerprints or web.cacerts '
> 'config setting)\n') %
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at selenic.com
> http://selenic.com/mailman/listinfo/mercurial-devel
More information about the Mercurial-devel
mailing list