Mercurial > hg
comparison mercurial/sslutil.py @ 28650:737863b01d9f
sslutil: move _canloaddefaultcerts logic
We now have a newer block accessing SSLContext. Let's move this
code to make subsequent refactorings of the former block easier.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sun, 27 Mar 2016 14:08:52 -0700 |
| parents | 7acab42ef184 |
| children | 4827d07073e6 |
comparison
equal
deleted
inserted
replaced
| 28649:7acab42ef184 | 28650:737863b01d9f |
|---|---|
| 39 try: | 39 try: |
| 40 # ssl.SSLContext was added in 2.7.9 and presence indicates modern | 40 # ssl.SSLContext was added in 2.7.9 and presence indicates modern |
| 41 # SSL/TLS features are available. | 41 # SSL/TLS features are available. |
| 42 SSLContext = ssl.SSLContext | 42 SSLContext = ssl.SSLContext |
| 43 modernssl = True | 43 modernssl = True |
| 44 _canloaddefaultcerts = util.safehasattr(SSLContext, 'load_default_certs') | |
| 44 except AttributeError: | 45 except AttributeError: |
| 45 modernssl = False | 46 modernssl = False |
| 47 _canloaddefaultcerts = False | |
| 46 | 48 |
| 47 # We implement SSLContext using the interface from the standard library. | 49 # We implement SSLContext using the interface from the standard library. |
| 48 class SSLContext(object): | 50 class SSLContext(object): |
| 49 # ssl.wrap_socket gained the "ciphers" named argument in 2.7. | 51 # ssl.wrap_socket gained the "ciphers" named argument in 2.7. |
| 50 _supportsciphers = sys.version_info >= (2, 7) | 52 _supportsciphers = sys.version_info >= (2, 7) |
| 102 if self._supportsciphers: | 104 if self._supportsciphers: |
| 103 args['ciphers'] = self._ciphers | 105 args['ciphers'] = self._ciphers |
| 104 | 106 |
| 105 return ssl.wrap_socket(socket, **args) | 107 return ssl.wrap_socket(socket, **args) |
| 106 | 108 |
| 107 _canloaddefaultcerts = False | |
| 108 try: | 109 try: |
| 109 # ssl.SSLContext was added in 2.7.9 and presence indicates modern | 110 # ssl.SSLContext was added in 2.7.9 and presence indicates modern |
| 110 # SSL/TLS features are available. | 111 # SSL/TLS features are available. |
| 111 ssl_context = ssl.SSLContext | 112 ssl_context = ssl.SSLContext |
| 112 _canloaddefaultcerts = util.safehasattr(ssl_context, 'load_default_certs') | |
| 113 | 113 |
| 114 def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE, | 114 def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE, |
| 115 ca_certs=None, serverhostname=None): | 115 ca_certs=None, serverhostname=None): |
| 116 # Allow any version of SSL starting with TLSv1 and | 116 # Allow any version of SSL starting with TLSv1 and |
| 117 # up. Note that specifying TLSv1 here prohibits use of | 117 # up. Note that specifying TLSv1 here prohibits use of |