[PATCH 2 of 6] mail: remove redundant call to SSL socket validator

Pierre-Yves David pierre-yves.david at ens-lyon.org
Thu Mar 31 20:35:19 EDT 2016



On 03/29/2016 07:52 AM, Yuya Nishihara wrote:
> On Sun, 27 Mar 2016 23:21:31 -0700, Gregory Szorc wrote:
>> # HG changeset patch
>> # User Gregory Szorc <gregory.szorc at gmail.com>
>> # Date 1459145731 25200
>> #      Sun Mar 27 23:15:31 2016 -0700
>> # Node ID cf65be71e39936624bf39041c93b94e66a45b881
>> # Parent  78f292d3f2c09f55d1aa62e5926b3888635a2426
>> mail: remove redundant call to SSL socket validator
>>
>> Validation is now performed at socket wrapping time, so the
>> existing call is redundant.
>>
>> To ensure strict socket validation is performed, we pass the
>> appropriate argument to the socket wrapping function.
>>
>> We had to add serverhostname to the ssl arguments because it isn't
>> passed otherwise. Without it, we can't perform hostname or
>> certificate validation.
>>
>> diff --git a/mercurial/mail.py b/mercurial/mail.py
>> --- a/mercurial/mail.py
>> +++ b/mercurial/mail.py
>> @@ -96,27 +96,37 @@ def _smtp(ui):
>>       # backward compatible: when tls = true, we use starttls.
>>       starttls = tls == 'starttls' or util.parsebool(tls)
>>       smtps = tls == 'smtps'
>>       if (starttls or smtps) and not util.safehasattr(socket, 'ssl'):
>>           raise error.Abort(_("can't use TLS: Python SSL support not installed"))
>>       mailhost = ui.config('smtp', 'host')
>>       if not mailhost:
>>           raise error.Abort(_('smtp.host not configured - cannot send mail'))
>> +
>> +    # There are 3 config values for cert verification: "strict", "loose," and
>> +    # False. The first two perform hostname and fingerprint verification.
>> +    # "strict" requires that a CA cert be trusted or a fingerprint be defined.
>>       verifycert = ui.config('smtp', 'verifycert', 'strict')
>>       if verifycert not in ['strict', 'loose']:
>>           if util.parsebool(verifycert) is not False:
>>               raise error.Abort(_('invalid smtp.verifycert configuration: %s')
>>                                % (verifycert))
>>           verifycert = False
>>       if (starttls or smtps) and verifycert:
>>           sslkwargs = sslutil.sslkwargs(ui, mailhost)
>> +
>> +        sslkwargs['serverhostname'] = mailhost
>> +
>> +        # Passed to the validator.
>> +        if verifycert == 'strict':
>> +            sslkwargs['requirefingerprintwhennocacerts'] = True
>>       else:
>>           # 'ui' is required by sslutil.wrapsocket() and set by sslkwargs()
>> -        sslkwargs = {'ui': ui}
>> +        sslkwargs = {'ui': ui, 'serverhostname': mailhost}
>
> Looks like the certificates are verified even if smtp.verifycert is off.

I'm not sure why you say that (neither why this would be True  or 
False). Can you elaborate?


-- 
Pierre-Yves David


More information about the Mercurial-devel mailing list