Mercurial > hg
comparison mercurial/httpclient/__init__.py @ 19807:c48df403caae
httpclient: import 4bb625347d4a to provide SSL wrapper injection
This lets us inject our own ssl.wrap_socket equivalent into
httpclient, which means that any changes we make to our ssl handling
can be *entirely* on our side without having to muck with httpclient,
which sounds appealing. For example, an extension could wrap
sslutil.ssl_wrap_socket with an api-compatible wrapper and then tweak
SSL settings more precisely or use GnuTLS instead of OpenSSL.
author | Augie Fackler <raf@durin42.com> |
---|---|
date | Fri, 20 Sep 2013 09:15:09 -0400 |
parents | d4a0055af149 |
children | 6ddc86eedc3b |
comparison
equal
deleted
inserted
replaced
19806:47ff9d1abfa9 | 19807:c48df403caae |
---|---|
290 response_class = HTTPResponse | 290 response_class = HTTPResponse |
291 | 291 |
292 def __init__(self, host, port=None, use_ssl=None, ssl_validator=None, | 292 def __init__(self, host, port=None, use_ssl=None, ssl_validator=None, |
293 timeout=TIMEOUT_DEFAULT, | 293 timeout=TIMEOUT_DEFAULT, |
294 continue_timeout=TIMEOUT_ASSUME_CONTINUE, | 294 continue_timeout=TIMEOUT_ASSUME_CONTINUE, |
295 proxy_hostport=None, **ssl_opts): | 295 proxy_hostport=None, ssl_wrap_socket=None, **ssl_opts): |
296 """Create a new HTTPConnection. | 296 """Create a new HTTPConnection. |
297 | 297 |
298 Args: | 298 Args: |
299 host: The host to which we'll connect. | 299 host: The host to which we'll connect. |
300 port: Optional. The port over which we'll connect. Default 80 for | 300 port: Optional. The port over which we'll connect. Default 80 for |
305 timeout: Optional. Connection timeout, default is TIMEOUT_DEFAULT. | 305 timeout: Optional. Connection timeout, default is TIMEOUT_DEFAULT. |
306 continue_timeout: Optional. Timeout for waiting on an expected | 306 continue_timeout: Optional. Timeout for waiting on an expected |
307 "100 Continue" response. Default is TIMEOUT_ASSUME_CONTINUE. | 307 "100 Continue" response. Default is TIMEOUT_ASSUME_CONTINUE. |
308 proxy_hostport: Optional. Tuple of (host, port) to use as an http | 308 proxy_hostport: Optional. Tuple of (host, port) to use as an http |
309 proxy for the connection. Default is to not use a proxy. | 309 proxy for the connection. Default is to not use a proxy. |
310 ssl_wrap_socket: Optional function to use for wrapping | |
311 sockets. If unspecified, the one from the ssl module will | |
312 be used if available, or something that's compatible with | |
313 it if on a Python older than 2.6. | |
314 | |
315 Any extra keyword arguments to this function will be provided | |
316 to the ssl_wrap_socket method. If no ssl | |
310 """ | 317 """ |
311 if port is None and host.count(':') == 1 or ']:' in host: | 318 if port is None and host.count(':') == 1 or ']:' in host: |
312 host, port = host.rsplit(':', 1) | 319 host, port = host.rsplit(':', 1) |
313 port = int(port) | 320 port = int(port) |
314 if '[' in host: | 321 if '[' in host: |
315 host = host[1:-1] | 322 host = host[1:-1] |
323 if ssl_wrap_socket is not None: | |
324 self._ssl_wrap_socket = ssl_wrap_socket | |
325 else: | |
326 self._ssl_wrap_socket = socketutil.wrap_socket | |
316 if use_ssl is None and port is None: | 327 if use_ssl is None and port is None: |
317 use_ssl = False | 328 use_ssl = False |
318 port = 80 | 329 port = 80 |
319 elif use_ssl is None: | 330 elif use_ssl is None: |
320 use_ssl = (port == 443) | 331 use_ssl = (port == 443) |
385 # requests the proxy logic above will have cleared | 396 # requests the proxy logic above will have cleared |
386 # blocking mode, so re-enable it just to be safe. | 397 # blocking mode, so re-enable it just to be safe. |
387 sock.setblocking(1) | 398 sock.setblocking(1) |
388 logger.debug('wrapping socket for ssl with options %r', | 399 logger.debug('wrapping socket for ssl with options %r', |
389 self.ssl_opts) | 400 self.ssl_opts) |
390 sock = socketutil.wrap_socket(sock, **self.ssl_opts) | 401 sock = self._ssl_wrap_socket(sock, **self.ssl_opts) |
391 if self._ssl_validator: | 402 if self._ssl_validator: |
392 self._ssl_validator(sock) | 403 self._ssl_validator(sock) |
393 sock.setblocking(0) | 404 sock.setblocking(0) |
394 self.sock = sock | 405 self.sock = sock |
395 | 406 |