--- a/mercurial/url.py Wed Feb 16 04:28:11 2011 +0100
+++ b/mercurial/url.py Wed Feb 16 04:36:36 2011 +0100
@@ -542,13 +542,20 @@
return _('no commonName or subjectAltName found in certificate')
if has_https:
- class BetterHTTPS(httplib.HTTPSConnection):
- send = keepalive.safesend
+ class httpsconnection(httplib.HTTPSConnection):
+ response_class = keepalive.HTTPResponse
+ # must be able to send big bundle as stream.
+ send = _gen_sendfile(keepalive.safesend)
+ getresponse = keepalive.wrapgetresponse(httplib.HTTPSConnection)
def connect(self):
self.sock = _create_connection((self.host, self.port))
host = self.host
+ if self.realhostport: # use CONNECT proxy
+ something = _generic_proxytunnel(self)
+ host = self.realhostport.rsplit(':', 1)[0]
+
cacerts = self.ui.config('web', 'cacerts')
hostfingerprint = self.ui.config('hostfingerprints', host)
@@ -592,22 +599,6 @@
'(check web.cacerts config setting)\n') %
host)
- class httpsconnection(BetterHTTPS):
- response_class = keepalive.HTTPResponse
- # must be able to send big bundle as stream.
- send = _gen_sendfile(BetterHTTPS.send)
- getresponse = keepalive.wrapgetresponse(httplib.HTTPSConnection)
-
- def connect(self):
- if self.realhostport: # use CONNECT proxy
- self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- self.sock.connect((self.host, self.port))
- if _generic_proxytunnel(self):
- self.sock = _ssl_wrap_socket(self.sock, self.key_file,
- self.cert_file)
- else:
- BetterHTTPS.connect(self)
-
class httpshandler(keepalive.KeepAliveHandler, urllib2.HTTPSHandler):
def __init__(self, ui):
keepalive.KeepAliveHandler.__init__(self)
--- a/tests/test-https.t Wed Feb 16 04:28:11 2011 +0100
+++ b/tests/test-https.t Wed Feb 16 04:36:36 2011 +0100
@@ -261,10 +261,8 @@
Test https with cert problems through proxy
$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-other.pem
- pulling from https://localhost:$HGPORT/
- searching for changes
- no changes found
+ abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
+ [255]
$ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
- pulling from https://localhost:$HGPORT2/
- searching for changes
- no changes found
+ abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
+ [255]