sslutil: synchronize hostname matching logic with CPython
sslutil contains its own hostname matching logic. CPython has code
for the same intent. However, it is only available to Python 2.7.9+
(or distributions that have backported 2.7.9's ssl module
improvements).
This patch effectively imports CPython's hostname matching code
from its ssl.py into sslutil.py. The hostname matching code itself
is pretty similar. However, the DNS name matching code is much more
robust and spec conformant.
As the test changes show, this changes some behavior around
wildcard handling and IDNA matching. The new behavior allows
wildcards in the middle of words (e.g. 'f*.com' matches 'foo.com')
This is spec compliant according to RFC 6125 Section 6.5.3 item 3.
There is one test where the matcher is more strict. Before,
'*.a.com' matched '.a.com'. Now it doesn't match. Strictly speaking
this is a security vulnerability.
Minimal hgk check
$ echo "[extensions]" >> $HGRCPATH
$ echo "hgk=" >> $HGRCPATH
$ hg init repo
$ cd repo
$ echo a > a
$ hg ci -Am adda
adding a
$ hg debug-cat-file commit 0
tree a0c8bcbbb45c
parent 000000000000
author test 0 0
revision 0
branch default
phase draft
adda
$ echo b > b
$ hg ci -Am addb
adding b
$ hg log -T '{node}\n'
102a90ea7b4a3361e4082ed620918c261189a36a
07f4944404050f47db2e5c5071e0e84e7a27bba9
$ hg debug-diff-tree 07f494440405 102a90ea7b4a
:000000 100664 000000000000 1e88685f5dde N b b
$ hg debug-diff-tree 07f494440405 102a90ea7b4a --patch
diff --git a/b b/b
new file mode 100644
--- /dev/null
+++ b/b
@@ -0,0 +1,1 @@
+b
Ensure that diff-tree output isn't affected by diffopts
$ hg --config diff.noprefix=True debug-diff-tree 07f494440405 102a90ea7b4a
:000000 100664 000000000000 1e88685f5dde N b b
$ hg --config diff.noprefix=True debug-diff-tree --patch 07f494440405 102a90ea7b4a
diff --git a/b b/b
new file mode 100644
--- /dev/null
+++ b/b
@@ -0,0 +1,1 @@
+b
$ cd ..