Mercurial > hg
annotate CONTRIBUTORS @ 29334:ecc9b788fd69
sslutil: per-host config option to define certificates
Recent work has introduced the [hostsecurity] config section for
defining per-host security settings. This patch builds on top
of this foundation and implements the ability to define a per-host
path to a file containing certificates used for verifying the server
certificate. It is logically a per-host web.cacerts setting.
This patch also introduces a warning when both per-host
certificates and fingerprints are defined. These are mutually
exclusive for host verification and I think the user should be
alerted when security settings are ambiguous because, well,
security is important.
Tests validating the new behavior have been added.
I decided against putting "ca" in the option name because a
non-CA certificate can be specified and used to validate the server
certificate (commonly this will be the exact public certificate
used by the server). It's worth noting that the underlying
Python API used is load_verify_locations(cafile=X) and it calls
into OpenSSL's SSL_CTX_load_verify_locations(). Even OpenSSL's
documentation seems to omit that the file can contain a non-CA
certificate if it matches the server's certificate exactly. I
thought a CA certificate was a special kind of x509 certificate.
Perhaps I'm wrong and any x509 certificate can be used as a
CA certificate [as far as OpenSSL is concerned]. In any case,
I thought it best to drop "ca" from the name because this reflects
reality.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Tue, 07 Jun 2016 20:29:54 -0700 |
parents | c29efd272395 |
children |
rev | line source |
---|---|
5514
c29efd272395
Add note to CONTRIBUTORS file
Matt Mackall <mpm@selenic.com>
parents:
2947
diff
changeset
|
1 [This file is here for historical purposes, all recent contributors |
c29efd272395
Add note to CONTRIBUTORS file
Matt Mackall <mpm@selenic.com>
parents:
2947
diff
changeset
|
2 should appear in the changelog directly] |
c29efd272395
Add note to CONTRIBUTORS file
Matt Mackall <mpm@selenic.com>
parents:
2947
diff
changeset
|
3 |
c29efd272395
Add note to CONTRIBUTORS file
Matt Mackall <mpm@selenic.com>
parents:
2947
diff
changeset
|
4 Andrea Arcangeli <andrea at suse.de> |
519 | 5 Thomas Arendsen Hein <thomas at intevation.de> |
6 Goffredo Baroncelli <kreijack at libero.it> | |
756
5d79dfa5e98f
Added new code contributors, fixed Vincent's name, added hint on encoding.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
594
diff
changeset
|
7 Muli Ben-Yehuda <mulix at mulix.org> |
5d79dfa5e98f
Added new code contributors, fixed Vincent's name, added hint on encoding.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
594
diff
changeset
|
8 Mikael Berthe <mikael at lilotux.net> |
1450 | 9 Benoit Boissinot <bboissin at gmail.com> |
2947
2d865068f72e
Add self to contributors
Brendan Cully <brendan@kublai.com>
parents:
2162
diff
changeset
|
10 Brendan Cully <brendan at kublai.com> |
519 | 11 Vincent Danjean <vdanjean.ml at free.fr> |
12 Jake Edge <jake at edge2.net> | |
13 Michael Fetterman <michael.fetterman at intel.com> | |
14 Edouard Gomez <ed.gomez at free.fr> | |
1231 | 15 Eric Hopper <hopper at omnifarious.org> |
756
5d79dfa5e98f
Added new code contributors, fixed Vincent's name, added hint on encoding.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
594
diff
changeset
|
16 Alecs King <alecsk at gmail.com> |
1310
7e8a55c9ee5c
Updated CONTRIBUTORS.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1231
diff
changeset
|
17 Volker Kleinfeld <Volker.Kleinfeld at gmx.de> |
519 | 18 Vadim Lebedev <vadim at mbdsys.com> |
19 Christopher Li <hg at chrisli.org> | |
20 Chris Mason <mason at suse.com> | |
2162
dac432a521d8
Add self to CONTRIBUTORS
Colin McMillen <mcmillen@cs.cmu.edu>
parents:
2120
diff
changeset
|
21 Colin McMillen <mcmillen at cs.cmu.edu> |
1080
253072f39205
Updated list of contributors.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
896
diff
changeset
|
22 Wojciech Milkowski <wmilkowski at interia.pl> |
756
5d79dfa5e98f
Added new code contributors, fixed Vincent's name, added hint on encoding.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
594
diff
changeset
|
23 Chad Netzer <chad.netzer at gmail.com> |
519 | 24 Bryan O'Sullivan <bos at serpentine.com> |
756
5d79dfa5e98f
Added new code contributors, fixed Vincent's name, added hint on encoding.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
594
diff
changeset
|
25 Vicent SeguĂ Pascual <vseguip at gmail.com> |
5d79dfa5e98f
Added new code contributors, fixed Vincent's name, added hint on encoding.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
594
diff
changeset
|
26 Sean Perry <shaleh at speakeasy.net> |
594 | 27 Nguyen Anh Quynh <aquynh at gmail.com> |
1310
7e8a55c9ee5c
Updated CONTRIBUTORS.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1231
diff
changeset
|
28 Ollivier Robert <roberto at keltia.freenix.fr> |
2120
c0994047c5ff
Added my name to the contributors list.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents:
1450
diff
changeset
|
29 Alexander Schremmer <alex at alexanderweb.de> |
519 | 30 Arun Sharma <arun at sharma-home.net> |
1231 | 31 Josef "Jeff" Sipek <jeffpc at optonline.net> |
1310
7e8a55c9ee5c
Updated CONTRIBUTORS.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1231
diff
changeset
|
32 Kevin Smith <yarcs at qualitycode.com> |
1231 | 33 TK Soh <teekaysoh at yahoo.com> |
519 | 34 Radoslaw Szkodzinski <astralstorm at gorzow.mm.pl> |
851
73a432c8040a
Added Samuel Tardieu to contributors list.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
760
diff
changeset
|
35 Samuel Tardieu <sam at rfc1149.net> |
519 | 36 K Thananchayan <thananck at yahoo.com> |
37 Andrew Thompson <andrewkt at aktzero.com> | |
38 Michael S. Tsirkin <mst at mellanox.co.il> | |
39 Rafael Villar Burke <pachi at mmn-arquitectos.com> | |
855
a107c64c76be
Added Tristan Wibberley to contributors.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
851
diff
changeset
|
40 Tristan Wibberley <tristan at wibberley.org> |
756
5d79dfa5e98f
Added new code contributors, fixed Vincent's name, added hint on encoding.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
594
diff
changeset
|
41 Mark Williamson <mark.williamson at cl.cam.ac.uk> |