Mercurial > hg
comparison mercurial/sslutil.py @ 37084:f0b6fbea00cf
stringutil: bulk-replace call sites to point to new module
This might conflict with other patches floating around, sorry.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Thu, 22 Mar 2018 21:56:20 +0900 |
| parents | 4c71a26a4009 |
| children | a8a902d7176e |
comparison
equal
deleted
inserted
replaced
| 37083:f99d64e8a4e4 | 37084:f0b6fbea00cf |
|---|---|
| 18 from . import ( | 18 from . import ( |
| 19 error, | 19 error, |
| 20 node, | 20 node, |
| 21 pycompat, | 21 pycompat, |
| 22 util, | 22 util, |
| 23 ) | |
| 24 from .utils import ( | |
| 25 stringutil, | |
| 23 ) | 26 ) |
| 24 | 27 |
| 25 # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added | 28 # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added |
| 26 # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are | 29 # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are |
| 27 # all exposed via the "ssl" module. | 30 # all exposed via the "ssl" module. |
| 372 if settings['ciphers']: | 375 if settings['ciphers']: |
| 373 try: | 376 try: |
| 374 sslcontext.set_ciphers(pycompat.sysstr(settings['ciphers'])) | 377 sslcontext.set_ciphers(pycompat.sysstr(settings['ciphers'])) |
| 375 except ssl.SSLError as e: | 378 except ssl.SSLError as e: |
| 376 raise error.Abort( | 379 raise error.Abort( |
| 377 _('could not set ciphers: %s') % util.forcebytestr(e.args[0]), | 380 _('could not set ciphers: %s') |
| 381 % stringutil.forcebytestr(e.args[0]), | |
| 378 hint=_('change cipher string (%s) in config') % | 382 hint=_('change cipher string (%s) in config') % |
| 379 settings['ciphers']) | 383 settings['ciphers']) |
| 380 | 384 |
| 381 if certfile is not None: | 385 if certfile is not None: |
| 382 def password(): | 386 def password(): |
| 391 if len(e.args) == 1: # pypy has different SSLError args | 395 if len(e.args) == 1: # pypy has different SSLError args |
| 392 msg = e.args[0] | 396 msg = e.args[0] |
| 393 else: | 397 else: |
| 394 msg = e.args[1] | 398 msg = e.args[1] |
| 395 raise error.Abort(_('error loading CA file %s: %s') % ( | 399 raise error.Abort(_('error loading CA file %s: %s') % ( |
| 396 settings['cafile'], util.forcebytestr(msg)), | 400 settings['cafile'], stringutil.forcebytestr(msg)), |
| 397 hint=_('file is empty or malformed?')) | 401 hint=_('file is empty or malformed?')) |
| 398 caloaded = True | 402 caloaded = True |
| 399 elif settings['allowloaddefaultcerts']: | 403 elif settings['allowloaddefaultcerts']: |
| 400 # This is a no-op on old Python. | 404 # This is a no-op on old Python. |
| 401 sslcontext.load_default_certs() | 405 sslcontext.load_default_certs() |
| 640 if key == 'DNS': | 644 if key == 'DNS': |
| 641 try: | 645 try: |
| 642 if _dnsnamematch(value, hostname): | 646 if _dnsnamematch(value, hostname): |
| 643 return | 647 return |
| 644 except wildcarderror as e: | 648 except wildcarderror as e: |
| 645 return util.forcebytestr(e.args[0]) | 649 return stringutil.forcebytestr(e.args[0]) |
| 646 | 650 |
| 647 dnsnames.append(value) | 651 dnsnames.append(value) |
| 648 | 652 |
| 649 if not dnsnames: | 653 if not dnsnames: |
| 650 # The subject is only checked when there is no DNS in subjectAltName. | 654 # The subject is only checked when there is no DNS in subjectAltName. |
| 661 | 665 |
| 662 try: | 666 try: |
| 663 if _dnsnamematch(value, hostname): | 667 if _dnsnamematch(value, hostname): |
| 664 return | 668 return |
| 665 except wildcarderror as e: | 669 except wildcarderror as e: |
| 666 return util.forcebytestr(e.args[0]) | 670 return stringutil.forcebytestr(e.args[0]) |
| 667 | 671 |
| 668 dnsnames.append(value) | 672 dnsnames.append(value) |
| 669 | 673 |
| 670 if len(dnsnames) > 1: | 674 if len(dnsnames) > 1: |
| 671 return _('certificate is for %s') % ', '.join(dnsnames) | 675 return _('certificate is for %s') % ', '.join(dnsnames) |