Mercurial > hg
view mercurial/encoding.py @ 12592:f2937d6492c5 stable
url: verify correctness of https server certificates (issue2407)
Pythons SSL module verifies that certificates received for HTTPS are valid
according to the specified cacerts, but it doesn't verify that the certificate
is for the host we connect to.
We now explicitly verify that the commonName in the received certificate
matches the requested hostname and is valid for the time being.
This is a minimal patch where we try to fail to the safe side, but we do still
rely on Python's SSL functionality and do not try to implement the standards
fully and correctly. CRLs and subjectAltName are not handled and proxies
haven't been considered.
This change might break connections to some sites if cacerts is specified and
the certificates (by our definition) isn't correct. The workaround is to
disable cacerts which in most cases isn't much worse than it was before with
cacerts.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Fri, 01 Oct 2010 00:46:59 +0200 |
parents | 2be70ca17311 |
children | c327bfa5e831 |
line wrap: on
line source
# encoding.py - character transcoding support for Mercurial # # Copyright 2005-2009 Matt Mackall <mpm@selenic.com> and others # # This software may be used and distributed according to the terms of the # GNU General Public License version 2 or any later version. import error import sys, unicodedata, locale, os def _getpreferredencoding(): ''' On darwin, getpreferredencoding ignores the locale environment and always returns mac-roman. http://bugs.python.org/issue6202 fixes this for Python 2.7 and up. This is the same corrected code for earlier Python versions. However, we can't use a version check for this method, as some distributions patch Python to fix this. Instead, we use it as a 'fixer' for the mac-roman encoding, as it is unlikely that this encoding is the actually expected. ''' try: locale.CODESET except AttributeError: # Fall back to parsing environment variables :-( return locale.getdefaultlocale()[1] oldloc = locale.setlocale(locale.LC_CTYPE) locale.setlocale(locale.LC_CTYPE, "") result = locale.nl_langinfo(locale.CODESET) locale.setlocale(locale.LC_CTYPE, oldloc) return result _encodingfixers = { '646': lambda: 'ascii', 'ANSI_X3.4-1968': lambda: 'ascii', 'mac-roman': _getpreferredencoding } try: encoding = os.environ.get("HGENCODING") if not encoding: encoding = locale.getpreferredencoding() or 'ascii' encoding = _encodingfixers.get(encoding, lambda: encoding)() except locale.Error: encoding = 'ascii' encodingmode = os.environ.get("HGENCODINGMODE", "strict") fallbackencoding = 'ISO-8859-1' def tolocal(s): """ Convert a string from internal UTF-8 to local encoding All internal strings should be UTF-8 but some repos before the implementation of locale support may contain latin1 or possibly other character sets. We attempt to decode everything strictly using UTF-8, then Latin-1, and failing that, we use UTF-8 and replace unknown characters. """ for e in ('UTF-8', fallbackencoding): try: u = s.decode(e) # attempt strict decoding return u.encode(encoding, "replace") except LookupError, k: raise error.Abort("%s, please check your locale settings" % k) except UnicodeDecodeError: pass u = s.decode("utf-8", "replace") # last ditch return u.encode(encoding, "replace") def fromlocal(s): """ Convert a string from the local character encoding to UTF-8 We attempt to decode strings using the encoding mode set by HGENCODINGMODE, which defaults to 'strict'. In this mode, unknown characters will cause an error message. Other modes include 'replace', which replaces unknown characters with a special Unicode character, and 'ignore', which drops the character. """ try: return s.decode(encoding, encodingmode).encode("utf-8") except UnicodeDecodeError, inst: sub = s[max(0, inst.start - 10):inst.start + 10] raise error.Abort("decoding near '%s': %s!" % (sub, inst)) except LookupError, k: raise error.Abort("%s, please check your locale settings" % k) def colwidth(s): "Find the column width of a UTF-8 string for display" d = s.decode(encoding, 'replace') if hasattr(unicodedata, 'east_asian_width'): w = unicodedata.east_asian_width return sum([w(c) in 'WFA' and 2 or 1 for c in d]) return len(d)