[PATCH 3 of 5] sslutil: move and document verify_mode assignment
Gregory Szorc
gregory.szorc at gmail.com
Sun Apr 10 14:04:35 EDT 2016
# HG changeset patch
# User Gregory Szorc <gregory.szorc at gmail.com>
# Date 1460311185 25200
# Sun Apr 10 10:59:45 2016 -0700
# Node ID a0c629f58c3ed8acfa008a12415c172f315c70d3
# Parent 0e44249b53aea25d2c85693790653ea3d7a21391
sslutil: move and document verify_mode assignment
Consolidating all the SSLContext options setting makes the code a
bit easier to read.
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -139,22 +139,25 @@ def wrapsocket(sock, keyfile, certfile,
protocol = ssl.PROTOCOL_TLSv1
# TODO use ssl.create_default_context() on modernssl.
sslcontext = SSLContext(protocol)
# This is a no-op on old Python.
sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3
+ # This still works on our fake SSLContext.
+ sslcontext.verify_mode = cert_reqs
+
if certfile is not None:
def password():
f = keyfile or certfile
return ui.getpass(_('passphrase for %s: ') % f, '')
sslcontext.load_cert_chain(certfile, keyfile, password)
- sslcontext.verify_mode = cert_reqs
+
if ca_certs is not None:
sslcontext.load_verify_locations(cafile=ca_certs)
else:
# This is a no-op on old Python.
sslcontext.load_default_certs()
sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)
# check if wrap_socket failed silently because socket had been
More information about the Mercurial-devel
mailing list