hgweb: use sslutil.wrapserversocket() This patch transitions the built-in HTTPS server to use sslutil for creating the server socket. As part of this transition, we implement developer-only config options to control CA loading and whether to require client certificates. This eliminates the need for the custom extension in test-https.t to define these. There is a slight change in behavior with regards to protocol selection. Before, we would always use the TLS 1.0 constant to define the protocol version. This would *only* use TLS 1.0. sslutil defaults to TLS 1.0+. So this patch improves the security of `hg serve` out of the box by allowing it to use TLS 1.1 and 1.2 (if available).

#!/usr/bin/env python

from __future__ import absolute_import

import os
import sys

os.chdir(os.getenv('TESTTMP'))

if sys.argv[1] != "user@dummy":
    sys.exit(-1)

os.environ["SSH_CLIENT"] = "127.0.0.1 1 2"

log = open("dummylog", "ab")
log.write("Got arguments")
for i, arg in enumerate(sys.argv[1:]):
    log.write(" %d:%s" % (i + 1, arg))
log.write("\n")
log.close()
hgcmd = sys.argv[2]
if os.name == 'nt':
    # hack to make simple unix single quote quoting work on windows
    hgcmd = hgcmd.replace("'", '"')
r = os.system(hgcmd)
sys.exit(bool(r))