19 try: |
19 try: |
20 ssl_context = ssl.SSLContext |
20 ssl_context = ssl.SSLContext |
21 _canloaddefaultcerts = util.safehasattr(ssl_context, |
21 _canloaddefaultcerts = util.safehasattr(ssl_context, |
22 'load_default_certs') |
22 'load_default_certs') |
23 |
23 |
24 def ssl_wrap_socket(sock, keyfile, certfile, ui, |
24 def wrapsocket(sock, keyfile, certfile, ui, |
25 cert_reqs=ssl.CERT_NONE, |
25 cert_reqs=ssl.CERT_NONE, |
26 ca_certs=None, serverhostname=None): |
26 ca_certs=None, serverhostname=None): |
27 # Allow any version of SSL starting with TLSv1 and |
27 # Allow any version of SSL starting with TLSv1 and |
28 # up. Note that specifying TLSv1 here prohibits use of |
28 # up. Note that specifying TLSv1 here prohibits use of |
29 # newer standards (like TLSv1_2), so this is the right way |
29 # newer standards (like TLSv1_2), so this is the right way |
30 # to do this. Note that in the future it'd be better to |
30 # to do this. Note that in the future it'd be better to |
31 # support using ssl.create_default_context(), which sets |
31 # support using ssl.create_default_context(), which sets |
53 # - see http://bugs.python.org/issue13721 |
53 # - see http://bugs.python.org/issue13721 |
54 if not sslsocket.cipher(): |
54 if not sslsocket.cipher(): |
55 raise util.Abort(_('ssl connection failed')) |
55 raise util.Abort(_('ssl connection failed')) |
56 return sslsocket |
56 return sslsocket |
57 except AttributeError: |
57 except AttributeError: |
58 def ssl_wrap_socket(sock, keyfile, certfile, ui, |
58 def wrapsocket(sock, keyfile, certfile, ui, |
59 cert_reqs=ssl.CERT_NONE, |
59 cert_reqs=ssl.CERT_NONE, |
60 ca_certs=None, serverhostname=None): |
60 ca_certs=None, serverhostname=None): |
61 sslsocket = ssl.wrap_socket(sock, keyfile, certfile, |
61 sslsocket = ssl.wrap_socket(sock, keyfile, certfile, |
62 cert_reqs=cert_reqs, ca_certs=ca_certs, |
62 cert_reqs=cert_reqs, ca_certs=ca_certs, |
63 ssl_version=ssl.PROTOCOL_TLSv1) |
63 ssl_version=ssl.PROTOCOL_TLSv1) |
64 # check if wrap_socket failed silently because socket had been |
64 # check if wrap_socket failed silently because socket had been |
65 # closed |
65 # closed |
70 except ImportError: |
70 except ImportError: |
71 CERT_REQUIRED = 2 |
71 CERT_REQUIRED = 2 |
72 |
72 |
73 import socket, httplib |
73 import socket, httplib |
74 |
74 |
75 def ssl_wrap_socket(sock, keyfile, certfile, ui, |
75 def wrapsocket(sock, keyfile, certfile, ui, |
76 cert_reqs=CERT_REQUIRED, |
76 cert_reqs=CERT_REQUIRED, |
77 ca_certs=None, serverhostname=None): |
77 ca_certs=None, serverhostname=None): |
78 if not util.safehasattr(socket, 'ssl'): |
78 if not util.safehasattr(socket, 'ssl'): |
79 raise util.Abort(_('Python SSL support not found')) |
79 raise util.Abort(_('Python SSL support not found')) |
80 if ca_certs: |
80 if ca_certs: |
81 raise util.Abort(_( |
81 raise util.Abort(_( |
82 'certificate checking requires Python 2.6')) |
82 'certificate checking requires Python 2.6')) |