url: merge BetterHTTPS with httpsconnection to get some proxy https validation
authorMads Kiilerich <mads@kiilerich.com>
Wed, 16 Feb 2011 04:36:36 +0100
changeset 13424 08f9c587141f
parent 13423 4e60dad2261f
child 13425 0fe36c347c00
url: merge BetterHTTPS with httpsconnection to get some proxy https validation
mercurial/url.py
tests/test-https.t
--- a/mercurial/url.py	Wed Feb 16 04:28:11 2011 +0100
+++ b/mercurial/url.py	Wed Feb 16 04:36:36 2011 +0100
@@ -542,13 +542,20 @@
     return _('no commonName or subjectAltName found in certificate')
 
 if has_https:
-    class BetterHTTPS(httplib.HTTPSConnection):
-        send = keepalive.safesend
+    class httpsconnection(httplib.HTTPSConnection):
+        response_class = keepalive.HTTPResponse
+        # must be able to send big bundle as stream.
+        send = _gen_sendfile(keepalive.safesend)
+        getresponse = keepalive.wrapgetresponse(httplib.HTTPSConnection)
 
         def connect(self):
             self.sock = _create_connection((self.host, self.port))
 
             host = self.host
+            if self.realhostport: # use CONNECT proxy
+                something = _generic_proxytunnel(self)
+                host = self.realhostport.rsplit(':', 1)[0]
+
             cacerts = self.ui.config('web', 'cacerts')
             hostfingerprint = self.ui.config('hostfingerprints', host)
 
@@ -592,22 +599,6 @@
                                    '(check web.cacerts config setting)\n') %
                                  host)
 
-    class httpsconnection(BetterHTTPS):
-        response_class = keepalive.HTTPResponse
-        # must be able to send big bundle as stream.
-        send = _gen_sendfile(BetterHTTPS.send)
-        getresponse = keepalive.wrapgetresponse(httplib.HTTPSConnection)
-
-        def connect(self):
-            if self.realhostport: # use CONNECT proxy
-                self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-                self.sock.connect((self.host, self.port))
-                if _generic_proxytunnel(self):
-                    self.sock = _ssl_wrap_socket(self.sock, self.key_file,
-                            self.cert_file)
-            else:
-                BetterHTTPS.connect(self)
-
     class httpshandler(keepalive.KeepAliveHandler, urllib2.HTTPSHandler):
         def __init__(self, ui):
             keepalive.KeepAliveHandler.__init__(self)
--- a/tests/test-https.t	Wed Feb 16 04:28:11 2011 +0100
+++ b/tests/test-https.t	Wed Feb 16 04:36:36 2011 +0100
@@ -261,10 +261,8 @@
 Test https with cert problems through proxy
 
   $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-other.pem
-  pulling from https://localhost:$HGPORT/
-  searching for changes
-  no changes found
+  abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
+  [255]
   $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --config web.cacerts=pub-expired.pem https://localhost:$HGPORT2/
-  pulling from https://localhost:$HGPORT2/
-  searching for changes
-  no changes found
+  abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
+  [255]