Mercurial > hg-stable

view tests/test-non-interactive-wsgi @ 12592:f2937d6492c5 stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
url: verify correctness of https server certificates (issue2407) Pythons SSL module verifies that certificates received for HTTPS are valid according to the specified cacerts, but it doesn't verify that the certificate is for the host we connect to. We now explicitly verify that the commonName in the received certificate matches the requested hostname and is valid for the time being. This is a minimal patch where we try to fail to the safe side, but we do still rely on Python's SSL functionality and do not try to implement the standards fully and correctly. CRLs and subjectAltName are not handled and proxies haven't been considered. This change might break connections to some sites if cacerts is specified and the certificates (by our definition) isn't correct. The workaround is to disable cacerts which in most cases isn't much worse than it was before with cacerts.
author Mads Kiilerich <mads@kiilerich.com>
date Fri, 01 Oct 2010 00:46:59 +0200
parents 38864218c4cc
children
line wrap: on
line source

#!/bin/sh
# Tests if hgweb can run without touching sys.stdin, as is required
# by the WSGI standard and strictly implemented by mod_wsgi.

mkdir repo
cd repo
hg init
echo foo > bar
hg add bar
hg commit -m "test"
hg tip

cat > request.py <<EOF
from mercurial import dispatch
from mercurial.hgweb.hgweb_mod import hgweb
from mercurial.ui import ui
from mercurial import hg
from StringIO import StringIO
import os, sys

class FileLike(object):
    def __init__(self, real):
        self.real = real
    def fileno(self):
        print >> sys.__stdout__, 'FILENO'
        return self.real.fileno()
    def read(self):
        print >> sys.__stdout__, 'READ'
        return self.real.read()
    def readline(self):
        print >> sys.__stdout__, 'READLINE'
        return self.real.readline()

sys.stdin = FileLike(sys.stdin)
errors = StringIO()
input = StringIO()
output = StringIO()

def startrsp(headers, data):
	print '---- HEADERS'
	print headers
	print '---- DATA'
	print data
	return output.write

env = {
	'wsgi.version': (1, 0),
	'wsgi.url_scheme': 'http',
	'wsgi.errors': errors,
	'wsgi.input': input,
	'wsgi.multithread': False,
	'wsgi.multiprocess': False,
	'wsgi.run_once': False,
	'REQUEST_METHOD': 'GET',
	'SCRIPT_NAME': '',
	'PATH_INFO': '',
	'QUERY_STRING': '',
	'SERVER_NAME': '127.0.0.1',
	'SERVER_PORT': os.environ['HGPORT'],
	'SERVER_PROTOCOL': 'HTTP/1.0'
}

i = hgweb('.')
i(env, startrsp)
print '---- ERRORS'
print errors.getvalue()
print '---- OS.ENVIRON wsgi variables'
print sorted([x for x in os.environ if x.startswith('wsgi')])
print '---- request.ENVIRON wsgi variables'
print sorted([x for x in i.repo.ui.environ if x.startswith('wsgi')])
EOF

python request.py