Mercurial > hg
view mercurial/dummycert.pem @ 36367:043e77f3be09
sshpeer: return framed file object when needed
Currently, wireproto.wirepeer has a default implementation of
_submitbatch() and sshv1peer has a very similar implementation.
The main difference is that sshv1peer is aware of the total amount
of bytes it can read whereas the default implementation reads the
stream until no more data is returned. The default implementation
works for HTTP, since there is a known end to HTTP responses (either
Content-Length or 0 sized chunk).
This commit teaches sshv1peer to use our just-introduced "cappedreader"
class for wrapping a file object to limit the number of bytes that
can be read. We do this by introducing an argument to specify whether
the response is framed. If set, we returned a cappedreader instance
instead of the raw pipe.
_call() always has framed responses. So we set this argument
unconditionally and then .read() the entirety of the result.
Strictly speaking, we don't need to use cappedreader in this case
and can inline frame decoding/read logic. But I like when things
are consistent. The overhead should be negligible.
_callstream() and _callcompressable() are special: whether framing
is used depends on the specific command. So, we define a set
of commands that have framed response. It currently only
contains "batch."
As a result of this change, the one-off implementation of
_submitbatch() in sshv1peer can be removed since it is now
safe to .read() the response's file object until end of stream.
cappedreader takes care of not overrunning the frame.
Differential Revision: https://phab.mercurial-scm.org/D2380
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Wed, 21 Feb 2018 08:35:48 -0800 |
| parents | d7f7f1860f00 |
| children |
line wrap: on
line source
A dummy certificate that will make OS X 10.6+ Python use the system CA certificate store: -----BEGIN CERTIFICATE----- MIIBIzCBzgIJANjmj39sb3FmMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNVBAMTDmhn LmV4YW1wbGUuY29tMB4XDTE0MDgzMDA4NDU1OVoXDTE0MDgyOTA4NDU1OVowGTEX MBUGA1UEAxMOaGcuZXhhbXBsZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA mh/ZySGlcq0ALNLmA1gZqt61HruywPrRk6WyrLJRgt+X7OP9FFlEfl2tzHfzqvmK CtSQoPINWOdAJMekBYFgKQIDAQABMA0GCSqGSIb3DQEBBQUAA0EAF9h49LkSqJ6a IlpogZuUHtihXeKZBsiktVIDlDccYsNy0RSh9XxUfhk+XMLw8jBlYvcltSXdJ7We aKdQRekuMQ== -----END CERTIFICATE----- This certificate was generated to be syntactically valid but never be usable; it expired before it became valid. Created as: $ cat > cn.conf << EOT > [req] > distinguished_name = req_distinguished_name > [req_distinguished_name] > commonName = Common Name > commonName_default = no.example.com > EOT $ openssl req -nodes -new -x509 -keyout /dev/null \ > -out dummycert.pem -days -1 -config cn.conf -subj '/CN=hg.example.com' To verify the content of this certificate: $ openssl x509 -in dummycert.pem -noout -text Certificate: Data: Version: 1 (0x0) Serial Number: 15629337334278746470 (0xd8e68f7f6c6f7166) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hg.example.com Validity Not Before: Aug 30 08:45:59 2014 GMT Not After : Aug 29 08:45:59 2014 GMT Subject: CN=hg.example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: 00:9a:1f:d9:c9:21:a5:72:ad:00:2c:d2:e6:03:58: 19:aa:de:b5:1e:bb:b2:c0:fa:d1:93:a5:b2:ac:b2: 51:82:df:97:ec:e3:fd:14:59:44:7e:5d:ad:cc:77: f3:aa:f9:8a:0a:d4:90:a0:f2:0d:58:e7:40:24:c7: a4:05:81:60:29 Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption 17:d8:78:f4:b9:12:a8:9e:9a:22:5a:68:81:9b:94:1e:d8:a1: 5d:e2:99:06:c8:a4:b5:52:03:94:37:1c:62:c3:72:d1:14:a1: f5:7c:54:7e:19:3e:5c:c2:f0:f2:30:65:62:f7:25:b5:25:dd: 27:b5:9e:68:a7:50:45:e9:2e:31