Mercurial > hg
view tests/check-perf-code.py @ 33492:14af04391fb9
win32: add a method to trigger the Crypto API to complete a certificate chain
I started a thread[1] on the mailing list awhile ago, but the short version is
that Windows doesn't ship with a full list of certificates[2]. Even if the
server sends the whole chain, if Windows doesn't have the appropriate
certificate pre-installed in its "Third-Party Root Certification Authorities"
store, connections mysteriously fail with:
abort: error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
Windows expects the application to call the methods invoked here as part of the
certificate verification, triggering a call out to Windows update if necessary,
to complete the trust chain. The python bug to add this support[3] hasn't had
any recent activity, and isn't targeting py27 anyway.
The only work around that I could find (besides figuring out the certificate and
walking through the import wizard) is to browse to the site in Internet
Explorer. Opening the page with FireFox or Chrome didn't work. That's a pretty
obscure way to fix a pretty obscure problem. We go to great lengths to
demystify various SSL errors, but this case is clearly lacking. Let's try to
make things easier to diagnose and fix.
When I had trouble figuring out how to get ctypes to work with all of the API
pointers, I found that there are other python projects[4] using this API to
achieve the same thing.
[1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-April/096501.html
[2] https://support.microsoft.com/en-us/help/931125/how-to-get-a-root-certificate-update-for-windows
[3] https://bugs.python.org/issue20916
[4] https://github.com/nvaccess/nvda/blob/3b86bce2066b1934df14b96f2e83369900860ecf/source/updateCheck.py#L511
| author | Matt Harbison <matt_harbison@yahoo.com> |
|---|---|
| date | Wed, 29 Mar 2017 23:45:23 -0400 |
| parents | bd872f64a8ba |
| children | eb8a8af4cbd0 |
line wrap: on
line source
#!/usr/bin/env python # # check-perf-code - (historical) portability checker for contrib/perf.py from __future__ import absolute_import import os import sys # write static check patterns here perfpypats = [ [ (r'(branchmap|repoview)\.subsettable', "use getbranchmapsubsettable() for early Mercurial"), (r'\.(vfs|svfs|opener|sopener)', "use getvfs()/getsvfs() for early Mercurial"), (r'ui\.configint', "use getint() instead of ui.configint() for early Mercurial"), ], # warnings [ ] ] def modulewhitelist(names): replacement = [('.py', ''), ('.c', ''), # trim suffix ('mercurial%s' % (os.sep), ''), # trim "mercurial/" path ] ignored = {'__init__'} modules = {} # convert from file name to module name, and count # of appearances for name in names: name = name.strip() for old, new in replacement: name = name.replace(old, new) if name not in ignored: modules[name] = modules.get(name, 0) + 1 # list up module names, which appear multiple times whitelist = [] for name, count in modules.items(): if count > 1: whitelist.append(name) return whitelist if __name__ == "__main__": # in this case, it is assumed that result of "hg files" at # multiple revisions is given via stdin whitelist = modulewhitelist(sys.stdin) assert whitelist, "module whitelist is empty" # build up module whitelist check from file names given at runtime perfpypats[0].append( # this matching pattern assumes importing modules from # "mercurial" package in the current style below, for simplicity # # from mercurial import ( # foo, # bar, # baz # ) ((r'from mercurial import [(][a-z0-9, \n#]*\n(?! *%s,|^[ #]*\n|[)])' % ',| *'.join(whitelist)), "import newer module separately in try clause for early Mercurial" )) # import contrib/check-code.py as checkcode assert 'RUNTESTDIR' in os.environ, "use check-perf-code.py in *.t script" contribpath = os.path.join(os.environ['RUNTESTDIR'], '..', 'contrib') sys.path.insert(0, contribpath) checkcode = __import__('check-code') # register perf.py specific entry with "checks" in check-code.py checkcode.checks.append(('perf.py', r'contrib/perf.py$', '', checkcode.pyfilters, perfpypats)) sys.exit(checkcode.main())