Mercurial > hg
view hgext/parentrevspec.py @ 12592:f2937d6492c5 stable
url: verify correctness of https server certificates (issue2407)
Pythons SSL module verifies that certificates received for HTTPS are valid
according to the specified cacerts, but it doesn't verify that the certificate
is for the host we connect to.
We now explicitly verify that the commonName in the received certificate
matches the requested hostname and is valid for the time being.
This is a minimal patch where we try to fail to the safe side, but we do still
rely on Python's SSL functionality and do not try to implement the standards
fully and correctly. CRLs and subjectAltName are not handled and proxies
haven't been considered.
This change might break connections to some sites if cacerts is specified and
the certificates (by our definition) isn't correct. The workaround is to
disable cacerts which in most cases isn't much worse than it was before with
cacerts.
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Fri, 01 Oct 2010 00:46:59 +0200 |
| parents | 08a0f04b56bd |
| children |
line wrap: on
line source
# Mercurial extension to make it easy to refer to the parent of a revision # # Copyright (C) 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br> # # This software may be used and distributed according to the terms of the # GNU General Public License version 2 or any later version. '''interpret suffixes to refer to ancestor revisions This extension allows you to use git-style suffixes to refer to the ancestors of a specific revision. For example, if you can refer to a revision as "foo", then:: foo^N = Nth parent of foo foo^0 = foo foo^1 = first parent of foo foo^2 = second parent of foo foo^ = foo^1 foo~N = Nth first grandparent of foo foo~0 = foo foo~1 = foo^1 = foo^ = first parent of foo foo~2 = foo^1^1 = foo^^ = first parent of first parent of foo ''' from mercurial import error def reposetup(ui, repo): if not repo.local(): return class parentrevspecrepo(repo.__class__): def lookup(self, key): try: _super = super(parentrevspecrepo, self) return _super.lookup(key) except error.RepoError: pass circ = key.find('^') tilde = key.find('~') if circ < 0 and tilde < 0: raise elif circ >= 0 and tilde >= 0: end = min(circ, tilde) else: end = max(circ, tilde) cl = self.changelog base = key[:end] try: node = _super.lookup(base) except error.RepoError: # eek - reraise the first error return _super.lookup(key) rev = cl.rev(node) suffix = key[end:] i = 0 while i < len(suffix): # foo^N => Nth parent of foo # foo^0 == foo # foo^1 == foo^ == 1st parent of foo # foo^2 == 2nd parent of foo if suffix[i] == '^': j = i + 1 p = cl.parentrevs(rev) if j < len(suffix) and suffix[j].isdigit(): j += 1 n = int(suffix[i + 1:j]) if n > 2 or n == 2 and p[1] == -1: raise else: n = 1 if n: rev = p[n - 1] i = j # foo~N => Nth first grandparent of foo # foo~0 = foo # foo~1 = foo^1 == foo^ == 1st parent of foo # foo~2 = foo^1^1 == foo^^ == 1st parent of 1st parent of foo elif suffix[i] == '~': j = i + 1 while j < len(suffix) and suffix[j].isdigit(): j += 1 if j == i + 1: raise n = int(suffix[i + 1:j]) for k in xrange(n): rev = cl.parentrevs(rev)[0] i = j else: raise return cl.node(rev) repo.__class__ = parentrevspecrepo