[PATCH] https: support tls sni (server name indication) for https urls (issue3090)

Alex Orange crazycasta at gmail.com
Tue Jan 13 11:09:14 CST 2015 

Could you expand a little more on why create_default_context would be
any better? I'm looking to make a minimal change to the existing code,
which it looks like create_default_context would not be (having to
determine purpose for instance). Also, it sounds like the default
protocol version (PROTOCOL_SSLv23) is lower then what we want anyways.
I think the following lines should do more or less what
create_default_context is doing, only with the values we want:


+            if keyfile is not None:
+                sslcontext.load_cert_chain(certfile, keyfile)
+            sslcontext.verify_mode = cert_reqs
+            sslcontext.load_verify_locations(cafile=ca_certs)


I haven't had a chance to look in depth at what create_default_context
actually does and I'm basing my assumptions on what I see on the
documentation page. Whatever you could provide in the way of guidance
towards understanding the benefits of create_default_context would be
appreciated.


Alex

> On Mon, 12 Jan 2015 18:11:05 -0700> Alex Orange <crazycasta <at> gmail.com> wrote:> > +> > +        def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,> > +                            cert_reqs=ssl.CERT_NONE, ca_certs=None,> > +                            server_hostname=None):> > +            sslcontext = ssl.SSLContext(ssl_version)
> > I would recommend using create_default_context() if possible:> https://docs.python.org/2.7/library/ssl.html#ssl.create_default_context
> > Regards
> > Antoine.
> > _______________________________________________> Mercurial-devel mailing list> Mercurial-devel <at> selenic.com> http://selenic.com/mailman/listinfo/mercurial-devel


P.S. I wasn't on the list and so didn't receive this email, and so am
not using the normal reply method. My apologies if this doesn't end up
in the same thread.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://selenic.com/pipermail/mercurial-devel/attachments/20150113/ddf8e6b1/attachment.html>

More information about the Mercurial-devel mailing list