Mercurial > hg
comparison mercurial/url.py @ 12742:6ab4a7d3c179
url: validity (notBefore/notAfter) is checked by OpenSSL (issue2407)
Removing the check from our code makes https with cacerts check work with
Python < 2.6.
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Sun, 17 Oct 2010 04:14:06 +0200 |
| parents | 1393a81b3bdc |
| children | 614f0d8724ab |
comparison
equal
deleted
inserted
replaced
| 12741:949dfdb3ad2d | 12742:6ab4a7d3c179 |
|---|---|
| 5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> | 5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
| 6 # | 6 # |
| 7 # This software may be used and distributed according to the terms of the | 7 # This software may be used and distributed according to the terms of the |
| 8 # GNU General Public License version 2 or any later version. | 8 # GNU General Public License version 2 or any later version. |
| 9 | 9 |
| 10 import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO, time | 10 import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO |
| 11 import __builtin__ | 11 import __builtin__ |
| 12 from i18n import _ | 12 from i18n import _ |
| 13 import keepalive, util | 13 import keepalive, util |
| 14 | 14 |
| 15 def _urlunparse(scheme, netloc, path, params, query, fragment, url): | 15 def _urlunparse(scheme, netloc, path, params, query, fragment, url): |
| 485 def _start_transaction(self, h, req): | 485 def _start_transaction(self, h, req): |
| 486 _generic_start_transaction(self, h, req) | 486 _generic_start_transaction(self, h, req) |
| 487 return keepalive.HTTPHandler._start_transaction(self, h, req) | 487 return keepalive.HTTPHandler._start_transaction(self, h, req) |
| 488 | 488 |
| 489 def _verifycert(cert, hostname): | 489 def _verifycert(cert, hostname): |
| 490 '''Verify that cert (in socket.getpeercert() format) matches hostname and is | 490 '''Verify that cert (in socket.getpeercert() format) matches hostname. |
| 491 valid at this time. CRLs and subjectAltName are not handled. | 491 CRLs and subjectAltName are not handled. |
| 492 | 492 |
| 493 Returns error message if any problems are found and None on success. | 493 Returns error message if any problems are found and None on success. |
| 494 ''' | 494 ''' |
| 495 if not cert: | 495 if not cert: |
| 496 return _('no certificate received') | 496 return _('no certificate received') |
| 497 notafter = cert.get('notAfter') | |
| 498 if notafter and time.time() > ssl.cert_time_to_seconds(notafter): | |
| 499 return _('certificate expired %s') % notafter | |
| 500 notbefore = cert.get('notBefore') | |
| 501 if notbefore and time.time() < ssl.cert_time_to_seconds(notbefore): | |
| 502 return _('certificate not valid before %s') % notbefore | |
| 503 dnsname = hostname.lower() | 497 dnsname = hostname.lower() |
| 504 for s in cert.get('subject', []): | 498 for s in cert.get('subject', []): |
| 505 key, value = s[0] | 499 key, value = s[0] |
| 506 if key == 'commonName': | 500 if key == 'commonName': |
| 507 certname = value.lower() | 501 certname = value.lower() |