Mercurial > hg
comparison mercurial/url.py @ 12742:6ab4a7d3c179
url: validity (notBefore/notAfter) is checked by OpenSSL (issue2407)
Removing the check from our code makes https with cacerts check work with
Python < 2.6.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Sun, 17 Oct 2010 04:14:06 +0200 |
parents | 1393a81b3bdc |
children | 614f0d8724ab |
comparison
equal
deleted
inserted
replaced
12741:949dfdb3ad2d | 12742:6ab4a7d3c179 |
---|---|
5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> | 5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
6 # | 6 # |
7 # This software may be used and distributed according to the terms of the | 7 # This software may be used and distributed according to the terms of the |
8 # GNU General Public License version 2 or any later version. | 8 # GNU General Public License version 2 or any later version. |
9 | 9 |
10 import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO, time | 10 import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO |
11 import __builtin__ | 11 import __builtin__ |
12 from i18n import _ | 12 from i18n import _ |
13 import keepalive, util | 13 import keepalive, util |
14 | 14 |
15 def _urlunparse(scheme, netloc, path, params, query, fragment, url): | 15 def _urlunparse(scheme, netloc, path, params, query, fragment, url): |
485 def _start_transaction(self, h, req): | 485 def _start_transaction(self, h, req): |
486 _generic_start_transaction(self, h, req) | 486 _generic_start_transaction(self, h, req) |
487 return keepalive.HTTPHandler._start_transaction(self, h, req) | 487 return keepalive.HTTPHandler._start_transaction(self, h, req) |
488 | 488 |
489 def _verifycert(cert, hostname): | 489 def _verifycert(cert, hostname): |
490 '''Verify that cert (in socket.getpeercert() format) matches hostname and is | 490 '''Verify that cert (in socket.getpeercert() format) matches hostname. |
491 valid at this time. CRLs and subjectAltName are not handled. | 491 CRLs and subjectAltName are not handled. |
492 | 492 |
493 Returns error message if any problems are found and None on success. | 493 Returns error message if any problems are found and None on success. |
494 ''' | 494 ''' |
495 if not cert: | 495 if not cert: |
496 return _('no certificate received') | 496 return _('no certificate received') |
497 notafter = cert.get('notAfter') | |
498 if notafter and time.time() > ssl.cert_time_to_seconds(notafter): | |
499 return _('certificate expired %s') % notafter | |
500 notbefore = cert.get('notBefore') | |
501 if notbefore and time.time() < ssl.cert_time_to_seconds(notbefore): | |
502 return _('certificate not valid before %s') % notbefore | |
503 dnsname = hostname.lower() | 497 dnsname = hostname.lower() |
504 for s in cert.get('subject', []): | 498 for s in cert.get('subject', []): |
505 key, value = s[0] | 499 key, value = s[0] |
506 if key == 'commonName': | 500 if key == 'commonName': |
507 certname = value.lower() | 501 certname = value.lower() |