# HG changeset patch # User Mads Kiilerich # Date 1287598774 -7200 # Node ID 763be3cd084a04022e62a613bba5b6a4d9767291 # Parent 191d0fd5c2fdb6fa3b810cfb7b484c54191138cf hgweb: use Pythons ssl module for HTTPS serve when using Python 2.6 or later pyOpenSSL apparently doesn't work for Python 2.7 and isn't very actively maintained. The built-in ssl module seems like a long-term winner, so we now use that with Python 2.6 and higher. diff -r 191d0fd5c2fd -r 763be3cd084a mercurial/hgweb/server.py --- a/mercurial/hgweb/server.py Wed Oct 20 20:19:32 2010 +0200 +++ b/mercurial/hgweb/server.py Wed Oct 20 20:19:34 2010 +0200 @@ -214,6 +214,26 @@ self.close_connection = True pass +class _httprequesthandlerssl(_httprequesthandler): + """HTTPS handler based on Pythons ssl module (introduced in 2.6)""" + + url_scheme = 'https' + + @staticmethod + def preparehttpserver(httpserver, ssl_cert): + try: + import ssl + ssl.wrap_socket + except ImportError: + raise util.Abort(_("SSL support is unavailable")) + httpserver.socket = ssl.wrap_socket(httpserver.socket, server_side=True, + certfile=ssl_cert, ssl_version=ssl.PROTOCOL_SSLv3) + + def setup(self): + self.connection = self.request + self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) + self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) + try: from threading import activeCount _mixin = SocketServer.ThreadingMixIn @@ -265,7 +285,10 @@ def create_server(ui, app): if ui.config('web', 'certificate'): - handler = _httprequesthandleropenssl + if sys.version_info >= (2, 6): + handler = _httprequesthandlerssl + else: + handler = _httprequesthandleropenssl else: handler = _httprequesthandler diff -r 191d0fd5c2fd -r 763be3cd084a tests/hghave --- a/tests/hghave Wed Oct 20 20:19:32 2010 +0200 +++ b/tests/hghave Wed Oct 20 20:19:34 2010 +0200 @@ -181,7 +181,6 @@ def has_ssl(): try: - from OpenSSL.SSL import SysCallError, ZeroReturnError import ssl return True except ImportError: @@ -207,7 +206,7 @@ "outer-repo": (has_outer_repo, "outer repo"), "p4": (has_p4, "Perforce server and client"), "pygments": (has_pygments, "Pygments source highlighting library"), - "ssl": (has_ssl, "python ssl and openssl modules"), + "ssl": (has_ssl, "python >= 2.6 ssl module"), "svn": (has_svn, "subversion client and admin tools"), "svn-bindings": (has_svn_bindings, "subversion python bindings"), "symlink": (has_symlink, "symbolic links"), diff -r 191d0fd5c2fd -r 763be3cd084a tests/test-https.t --- a/tests/test-https.t Wed Oct 20 20:19:32 2010 +0200 +++ b/tests/test-https.t Wed Oct 20 20:19:34 2010 +0200 @@ -1,12 +1,7 @@ -Proper https client requires the built-in ssl from Python 2.6, -and https serve requires the full OpenSSL module. +Proper https client requires the built-in ssl from Python 2.6. $ "$TESTDIR/hghave" ssl || exit 80 -HTTPS serve seems to be broken on Python 2.7: - - $ [ "`python -c 'import sys; print sys.version_info[:2]'`" = '(2, 6)' ] || exit 80 - Certificates created with: printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \ openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem