[PATCH] url: drop support for proxying HTTP (not HTTPS) over CONNECT tunneling

Yuya Nishihara yuya at tcha.org
Mon Jul 18 10:32:31 EDT 2016

# HG changeset patch
# User Yuya Nishihara <yuya at tcha.org>
# Date 1465097348 -32400
#      Sun Jun 05 12:29:08 2016 +0900
# Node ID d3cab47fba4d6e22bcc5e99ff33e8debf83130da
# Parent  978d5fc0b3544fc038293821a74c1aa2b36b11c3
url: drop support for proxying HTTP (not HTTPS) over CONNECT tunneling

It's been broken since cca59ef27e60, which made ui argument mandatory. I've
tried several combinations of HTTP/HTTPS proxying on old/new Python versions,
but I couldn't figure out how to reach this code path. Also, wrapping HTTP
connection by SSLSocket seems wrong. My understanding is that self.realhostport
is set by _generic_start_transaction() if HTTPS connection is tunneled.

This patch removes proxy tunneling from httpconnection.connect() assuming
that it was dead code from the beginning. Note that HTTPS over tunneling
should be handled by httpsconnection class.

diff --git a/mercurial/url.py b/mercurial/url.py
--- a/mercurial/url.py
+++ b/mercurial/url.py
@@ -185,17 +185,6 @@ class httpconnection(keepalive.HTTPConne
     # must be able to send big bundle as stream.
     send = _gen_sendfile(keepalive.HTTPConnection.send)
-    def connect(self):
-        if has_https and self.realhostport: # use CONNECT proxy
-            self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-            self.sock.connect((self.host, self.port))
-            if _generic_proxytunnel(self):
-                # we do not support client X.509 certificates
-                self.sock = sslutil.wrapsocket(self.sock, None, None, None,
-                                               serverhostname=self.host)
-        else:
-            keepalive.HTTPConnection.connect(self)
     def getresponse(self):
         proxyres = getattr(self, 'proxyres', None)
         if proxyres:

More information about the Mercurial-devel mailing list