Mercurial > hg
comparison mercurial/httpclient/__init__.py @ 19807:c48df403caae
httpclient: import 4bb625347d4a to provide SSL wrapper injection
This lets us inject our own ssl.wrap_socket equivalent into
httpclient, which means that any changes we make to our ssl handling
can be *entirely* on our side without having to muck with httpclient,
which sounds appealing. For example, an extension could wrap
sslutil.ssl_wrap_socket with an api-compatible wrapper and then tweak
SSL settings more precisely or use GnuTLS instead of OpenSSL.
| author | Augie Fackler <raf@durin42.com> |
|---|---|
| date | Fri, 20 Sep 2013 09:15:09 -0400 |
| parents | d4a0055af149 |
| children | 6ddc86eedc3b |
comparison
equal
deleted
inserted
replaced
| 19806:47ff9d1abfa9 | 19807:c48df403caae |
|---|---|
| 290 response_class = HTTPResponse | 290 response_class = HTTPResponse |
| 291 | 291 |
| 292 def __init__(self, host, port=None, use_ssl=None, ssl_validator=None, | 292 def __init__(self, host, port=None, use_ssl=None, ssl_validator=None, |
| 293 timeout=TIMEOUT_DEFAULT, | 293 timeout=TIMEOUT_DEFAULT, |
| 294 continue_timeout=TIMEOUT_ASSUME_CONTINUE, | 294 continue_timeout=TIMEOUT_ASSUME_CONTINUE, |
| 295 proxy_hostport=None, **ssl_opts): | 295 proxy_hostport=None, ssl_wrap_socket=None, **ssl_opts): |
| 296 """Create a new HTTPConnection. | 296 """Create a new HTTPConnection. |
| 297 | 297 |
| 298 Args: | 298 Args: |
| 299 host: The host to which we'll connect. | 299 host: The host to which we'll connect. |
| 300 port: Optional. The port over which we'll connect. Default 80 for | 300 port: Optional. The port over which we'll connect. Default 80 for |
| 305 timeout: Optional. Connection timeout, default is TIMEOUT_DEFAULT. | 305 timeout: Optional. Connection timeout, default is TIMEOUT_DEFAULT. |
| 306 continue_timeout: Optional. Timeout for waiting on an expected | 306 continue_timeout: Optional. Timeout for waiting on an expected |
| 307 "100 Continue" response. Default is TIMEOUT_ASSUME_CONTINUE. | 307 "100 Continue" response. Default is TIMEOUT_ASSUME_CONTINUE. |
| 308 proxy_hostport: Optional. Tuple of (host, port) to use as an http | 308 proxy_hostport: Optional. Tuple of (host, port) to use as an http |
| 309 proxy for the connection. Default is to not use a proxy. | 309 proxy for the connection. Default is to not use a proxy. |
| 310 ssl_wrap_socket: Optional function to use for wrapping | |
| 311 sockets. If unspecified, the one from the ssl module will | |
| 312 be used if available, or something that's compatible with | |
| 313 it if on a Python older than 2.6. | |
| 314 | |
| 315 Any extra keyword arguments to this function will be provided | |
| 316 to the ssl_wrap_socket method. If no ssl | |
| 310 """ | 317 """ |
| 311 if port is None and host.count(':') == 1 or ']:' in host: | 318 if port is None and host.count(':') == 1 or ']:' in host: |
| 312 host, port = host.rsplit(':', 1) | 319 host, port = host.rsplit(':', 1) |
| 313 port = int(port) | 320 port = int(port) |
| 314 if '[' in host: | 321 if '[' in host: |
| 315 host = host[1:-1] | 322 host = host[1:-1] |
| 323 if ssl_wrap_socket is not None: | |
| 324 self._ssl_wrap_socket = ssl_wrap_socket | |
| 325 else: | |
| 326 self._ssl_wrap_socket = socketutil.wrap_socket | |
| 316 if use_ssl is None and port is None: | 327 if use_ssl is None and port is None: |
| 317 use_ssl = False | 328 use_ssl = False |
| 318 port = 80 | 329 port = 80 |
| 319 elif use_ssl is None: | 330 elif use_ssl is None: |
| 320 use_ssl = (port == 443) | 331 use_ssl = (port == 443) |
| 385 # requests the proxy logic above will have cleared | 396 # requests the proxy logic above will have cleared |
| 386 # blocking mode, so re-enable it just to be safe. | 397 # blocking mode, so re-enable it just to be safe. |
| 387 sock.setblocking(1) | 398 sock.setblocking(1) |
| 388 logger.debug('wrapping socket for ssl with options %r', | 399 logger.debug('wrapping socket for ssl with options %r', |
| 389 self.ssl_opts) | 400 self.ssl_opts) |
| 390 sock = socketutil.wrap_socket(sock, **self.ssl_opts) | 401 sock = self._ssl_wrap_socket(sock, **self.ssl_opts) |
| 391 if self._ssl_validator: | 402 if self._ssl_validator: |
| 392 self._ssl_validator(sock) | 403 self._ssl_validator(sock) |
| 393 sock.setblocking(0) | 404 sock.setblocking(0) |
| 394 self.sock = sock | 405 self.sock = sock |
| 395 | 406 |