[PATCH 05 of 11 V4] sslutil: implement wrapserversocket()
Gregory Szorc
gregory.szorc at gmail.com
Fri Jul 15 13:01:58 EDT 2016
On Fri, Jul 15, 2016 at 6:09 AM, Yuya Nishihara <yuya at tcha.org> wrote:
> On Thu, 14 Jul 2016 21:09:06 -0700, Gregory Szorc wrote:
> > # HG changeset patch
> > # User Gregory Szorc <gregory.szorc at gmail.com>
> > # Date 1468552459 25200
> > # Thu Jul 14 20:14:19 2016 -0700
> > # Node ID e0c8977678cca5a1ceb8174ecd347810482f6656
> > # Parent 99d9188b9d45039a06c65fa7dda36a12d08369c2
> > sslutil: implement wrapserversocket()
> >
> > wrapsocket() is heavily tailored towards client use. In preparation
> > for converting the built-in server to use sslutil (as opposed to
> > the ssl module directly), we add wrapserversocket() for wrapping
> > a socket to be used on servers.
> >
> > Again, we can't use ssl.create_default_context() because of CA control
> > concerns. So we basically implement it inline.
>
> I think create_default_context() can be used here because the purpose is
> CLIENT_AUTH, which doesn't set CERT_REQUIRED, and the system CA certs are
> not loaded automatically.
>
You are correct: create_default_context() is usable for server sockets.
I'll send a V5 series.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mercurial-scm.org/pipermail/mercurial-devel/attachments/20160715/4a6029bb/attachment.html>
More information about the Mercurial-devel
mailing list