Mercurial > hg-stable
view tests/test-git-import.out @ 12592:f2937d6492c5 stable
url: verify correctness of https server certificates (issue2407)
Pythons SSL module verifies that certificates received for HTTPS are valid
according to the specified cacerts, but it doesn't verify that the certificate
is for the host we connect to.
We now explicitly verify that the commonName in the received certificate
matches the requested hostname and is valid for the time being.
This is a minimal patch where we try to fail to the safe side, but we do still
rely on Python's SSL functionality and do not try to implement the standards
fully and correctly. CRLs and subjectAltName are not handled and proxies
haven't been considered.
This change might break connections to some sites if cacerts is specified and
the certificates (by our definition) isn't correct. The workaround is to
disable cacerts which in most cases isn't much worse than it was before with
cacerts.
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Fri, 01 Oct 2010 00:46:59 +0200 |
| parents | 77600d697d0e |
| children |
line wrap: on
line source
% new file applying patch from stdin 0:ae3ee40d2079 % new empty file applying patch from stdin 1:ab199dc869b5 empty % chmod +x applying patch from stdin 2:3a34410f282e % copy applying patch from stdin 3:37bacb7ca14d a a % rename applying patch from stdin 4:47b81a94361d copyx empty new rename % delete applying patch from stdin 5:d9b001d98336 empty new rename % regular diff applying patch from stdin 6:ebe901e7576b % copy and modify applying patch from stdin 7:18f368958ecd a a b a a % rename and modify applying patch from stdin 8:c32b0d7e6f44 a a b c a % one file renamed multiple times applying patch from stdin 9:034a6bf95330 9 rename2 rename3 rename3-2 / rename3 (rename2)rename3-2 (rename2) rename3 rename3-2 a a b c a a a b c a % binary files and regular patch hunks applying patch from stdin 11:c39bce63e786 foo 045c85ba38952325e126c70962cc0f9d9077bc67 644 binary % many binary files applying patch from stdin 12:30b530085242 045c85ba38952325e126c70962cc0f9d9077bc67 644 mbinary1 a874b471193996e7cb034bb301cac7bdaf3e3f46 644 mbinary2 % filenames with spaces applying patch from stdin 13:04750ef42fb3 foo % copy then modify the original file applying patch from stdin 14:c4cd9cdeaa74 foo % move text file and patch as binary adding text2 applying patch from stdin 'a\nb\n\x00' A binary2 text2 R text2