Tue, 26 Mar 2013 02:28:10 +0900 sslutil: abort if peer certificate is not verified for secure use
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:28:10 +0900] rev 18887
sslutil: abort if peer certificate is not verified for secure use Before this patch, "sslutil.validator" may returns successfully, even if peer certificate is not verified because there is no information in "[hostfingerprints]" and "[web] cacerts". To prevent from sending authentication credential to untrustable SMTP server, validation should be aborted if peer certificate is not verified. This patch introduces "strict" optional argument, and "sslutil.validator" will abort if it is True and peer certificate is not verified.
Tue, 26 Mar 2013 02:27:43 +0900 smtp: add the class to verify the certificate of the SMTP server for SMTPS
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:27:43 +0900] rev 18886
smtp: add the class to verify the certificate of the SMTP server for SMTPS Original "smtplib.SMTP_SSL" has no route to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket creation. This causes that "getpeercert()" on SSL socket returns empty dict, so the peer certificate for SMTPS can't be verified. This patch introduces the "SMTPS" class derived from "smtplib.SMTP" to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket creation. "SMTPS" class is derived directly from "smtplib.SMTP", because amount of "smtplib.SMTP_SSL" definition derived from "smtplib.SMTP" is as same as one needed to override it. This patch defines "SMTPS" class, only when "smtplib.SMTP" class has "_get_socket()" method, because this makes using SSL socket instead of normal socket easy. "smtplib.SMTP" class of Python 2.5.x or earlier doesn't have this method. Omitting SMTPS support for them is reasonable, because "smtplib.SMTP_SSL" is already unavailable for them before this patch. Almost all code of "SMTPS" class is imported from "smtplib.SMTP_SSL" of Python 2.7.3, but it differs from original code in point below: - "ssl.wrap_socket()" is replaced by "sslutil.ssl_wrap_socket()" for compatibility between Python versions
Tue, 26 Mar 2013 02:27:23 +0900 smtp: add the class to verify the certificate of the SMTP server for STARTTLS
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:27:23 +0900] rev 18885
smtp: add the class to verify the certificate of the SMTP server for STARTTLS Original "smtplib.SMTP" has no route to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket creation. This causes that "getpeercert()" on SSL socket returns empty dict, so the peer certificate for STARTTLS can't be verified. This patch introduces the "STARTTLS" class derived from "smtplib.SMTP" to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket creation. Almost all code of "starttls()" in this class is imported from "smtplib.SMTP" of Python 2.7.3, but it differs from original code in points below: - "self.ehlo_or_helo_if_needed()" invocation is omitted, because: - "ehlo_or_helo_if_needed()" is available with Python 2.6 or later, and - "ehlo()" is explicitly invoked in "mercurial.mail._smtp()" - "if not _have_ssl:" check is omitted, because: - "_have_ssl" is available with Python 2.6 or later, and - same checking is done in "mercurial.sslutil.ssl_wrap_socket()" - "ssl.wrap_socket()" is replaced by "sslutil.ssl_wrap_socket()" for compatibility between Python versions - use "sock.recv()" also as "sock.read()", if "sock" doesn't have "read()" method with Python 2.5.x or earlier, "sslutil.ssl_wrap_socket()" returns "httplib.FakeSocket"-ed object, and it doesn't have "read()" method, which is invoked via "smtplib.SSLFakeFile".
Sun, 07 Apr 2013 23:25:50 -0700 template: allow unquoted int function arguments
Brendan Cully <brendan@kublai.com> [Sun, 07 Apr 2013 23:25:50 -0700] rev 18884
template: allow unquoted int function arguments
Mon, 08 Apr 2013 09:44:26 -0700 Merge with main
Brendan Cully <brendan@kublai.com> [Mon, 08 Apr 2013 09:44:26 -0700] rev 18883
Merge with main
Sat, 06 Apr 2013 19:50:03 -0700 graft: use missing ancestors algorithm to find earlier grafts
Siddharth Agarwal <sid0@fb.com> [Sat, 06 Apr 2013 19:50:03 -0700] rev 18882
graft: use missing ancestors algorithm to find earlier grafts When the revisions to graft are numerically close to the destination, this avoids two walks up the DAG, which for a repository with over 470,000 changesets translates to around 2.2 seconds.
Sat, 06 Apr 2013 20:05:17 -0700 graft: find ancestors of destination lazily
Siddharth Agarwal <sid0@fb.com> [Sat, 06 Apr 2013 20:05:17 -0700] rev 18881
graft: find ancestors of destination lazily When the revisions to graft are numerically close to the destination, this avoids one walk up the DAG, which for a repository with over 470,000 changesets translates to around 1.1 seconds.
Fri, 05 Apr 2013 12:21:38 -0500 merge with crew
Matt Mackall <mpm@selenic.com> [Fri, 05 Apr 2013 12:21:38 -0500] rev 18880
merge with crew
Fri, 05 Apr 2013 12:20:14 -0500 sslutil: try harder to avoid getpeercert problems
Matt Mackall <mpm@selenic.com> [Fri, 05 Apr 2013 12:20:14 -0500] rev 18879
sslutil: try harder to avoid getpeercert problems We wrap both calls to getpeercert in a try/except to make sure we catch its bogus AttributeError.
Thu, 04 Apr 2013 20:22:29 -0700 copies._forwardcopies: use set operations to find missing files
Siddharth Agarwal <sid0@fb.com> [Thu, 04 Apr 2013 20:22:29 -0700] rev 18878
copies._forwardcopies: use set operations to find missing files This is a performance win for a number of reasons: - We don't iterate over contexts, which avoids a completely unnecessary sorted call + the O(number of files) abstraction cost of doing that. - We don't check membership in a context, which avoids another O(number of files) abstraction cost. - We iterate over the manifests in C instead of Python. For a large repo with 170,000 files, this improves perfpathcopies from 0.34 seconds to 0.07. Anything that uses pathcopies, such as rebase or diff --git between two revisions, benefits.
(0) -10000 -3000 -1000 -300 -100 -10 +10 +100 +300 +1000 +3000 +10000 +30000 tip