[PATCH 1 of 6] sslutil: perform certificate verification at socket wrap time

Yuya Nishihara yuya at tcha.org
Tue Mar 29 10:45:51 EDT 2016


On Sun, 27 Mar 2016 23:21:30 -0700, Gregory Szorc wrote:
> # HG changeset patch
> # User Gregory Szorc <gregory.szorc at gmail.com>
> # Date 1459145188 25200
> #      Sun Mar 27 23:06:28 2016 -0700
> # Node ID 78f292d3f2c09f55d1aa62e5926b3888635a2426
> # Parent  36c21f6ed25641681e7c586ba2196a9d50939aff
> sslutil: perform certificate verification at socket wrap time

> +    if serverhostname:
> +        verifier = validator(ui, serverhostname)
> +        verifier(sslsocket, strict=requirefingerprintwhennocacerts)

Perhaps this change will break httpconnection.connect() over proxy CONNECT,
but I couldn't figure out how to trigger it.

https://selenic.com/repo/hg/file/3.7.2/mercurial/url.py#l192


More information about the Mercurial-devel mailing list