Mercurial > hg

changeset 13248:00411a4fa1bb stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
url: fix UnicodeDecodeError on certificate verification error SSLSocket.getpeercert() returns tuple containing unicode for 'subject'. Since Mercurial does't support IDN at all, it just returns error for non-ascii certname.
author Yuya Nishihara <yuya@tcha.org>
date Sat, 08 Jan 2011 21:52:25 +0900
parents a01c52b08c5f
children 75d0c38a0bca
files mercurial/url.py tests/test-url.py
diffstat 2 files changed, 9 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/url.py	Sat Jan 08 11:18:38 2011 +0100
+++ b/mercurial/url.py	Sat Jan 08 21:52:25 2011 +0900
@@ -498,7 +498,11 @@
     for s in cert.get('subject', []):
         key, value = s[0]
         if key == 'commonName':
-            certname = value.lower()
+            try:
+                # 'subject' entries are unicode
+                certname = value.lower().encode('ascii')
+            except UnicodeEncodeError:
+                return _('IDN in certificate not supported')
             if (certname == dnsname or
                 '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1]):
                 return None
--- a/tests/test-url.py	Sat Jan 08 11:18:38 2011 +0100
+++ b/tests/test-url.py	Sat Jan 08 21:52:25 2011 +0900
@@ -36,3 +36,7 @@
       'no commonName found in certificate')
 check(_verifycert(None, 'example.com'),
       'no certificate received')
+
+# Unicode (IDN) certname isn't supported
+check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'),
+      'IDN in certificate not supported')