timeless <timeless@mozdev.org> [Sun, 10 Apr 2016 20:55:37 +0000] rev 28861
pycompat: switch to util.stringio for py3 compat
timeless <timeless@mozdev.org> [Sun, 10 Apr 2016 21:32:08 +0000] rev 28860
py3: use multi-line import in test-wireproto.py
The reason I did it is that I had a later commit that was adding to the list.
timeless <timeless@mozdev.org> [Sun, 10 Apr 2016 21:32:05 +0000] rev 28859
py3: use absolute_import in test-hgweb-non-interactive.t
timeless <timeless@mozdev.org> [Sun, 10 Apr 2016 21:32:01 +0000] rev 28858
py3: use absolute_import in test-hgweb-no-request-uri.t
timeless <timeless@mozdev.org> [Sun, 10 Apr 2016 21:31:58 +0000] rev 28857
py3: use absolute_import in test-hgweb-no-path-info.t
Jun Wu <quark@fb.com> [Mon, 11 Apr 2016 00:18:27 +0100] rev 28856
chg: use fsetcloexec instead of closing lockfd manually
Since we have the fsetcloexec utility function, use it instead of closing
lockfd manually.
Jun Wu <quark@fb.com> [Mon, 11 Apr 2016 00:17:17 +0100] rev 28855
chg: extract the logic of setting FD_CLOEXEC to a utility function
Setting FD_CLOEXEC is useful for other fds such like lockfd and sockdirfd,
move the logic from hgc_open to util.
Jun Wu <quark@fb.com> [Sun, 10 Apr 2016 03:14:32 +0100] rev 28854
chg: add fchdirx as a utility function
As part of the series to support long socket paths, we need to use fchdir and
check its result in several places. Make it a utility function.
Jun Wu <quark@fb.com> [Sun, 10 Apr 2016 22:58:11 +0100] rev 28853
chg: check lockfd at freecmdserveropts
We check for sockdirfd at freecmdserveropts but not lockfd, which is a bit
strange to people new to the code. Add a comment and an assert to make it
clear that lockfd should be closed earlier.
Jun Wu <quark@fb.com> [Sun, 10 Apr 2016 23:56:00 +0100] rev 28852
chg: add sockdirfd to cmdserveropts
As part of the series to support long socket paths, we need to add the fd of
the directory to the cmdserveropts structure so we can use basenames instead
of full paths for sockname, redirectsockname, and lockfile.
Jun Wu <quark@fb.com> [Sun, 10 Apr 2016 21:56:05 +0100] rev 28851
chg: fix spelling in the error message about error waiting for cmdserver
This is a trivial spelling and grammar fix.
Gregory Szorc <gregory.szorc@gmail.com> [Sun, 10 Apr 2016 11:02:58 -0700] rev 28850
sslutil: document and slightly refactor validation logic
This main purpose of this patch is to make it clearer that fingerprint
pinning takes precedence over CA verification. This will make
subsequent refactoring to the validation code easier to read.
Gregory Szorc <gregory.szorc@gmail.com> [Sun, 10 Apr 2016 11:00:41 -0700] rev 28849
sslutil: require a server hostname when wrapping sockets (API)
All callers appear to be passing the hostname. So this shouldn't
break anything. By specifying the hostname, more validation options
from the ssl module are available to us. Although this patch stops
short of using them.
Gregory Szorc <gregory.szorc@gmail.com> [Sun, 10 Apr 2016 10:59:45 -0700] rev 28848
sslutil: move and document verify_mode assignment
Consolidating all the SSLContext options setting makes the code a
bit easier to read.
Gregory Szorc <gregory.szorc@gmail.com> [Sun, 10 Apr 2016 10:54:53 -0700] rev 28847
tests: use --insecure instead of web.cacerts=!
--insecure is the proper and documented way to do this. The end result
is the same: dispatch will set web.cacerts to ! when --insecure is
passed.
This patch is necessary to refactor handling of web.cacerts in upcoming
patches.