changeset 28653:1eb0bd8adf39

sslutil: add docstring to wrapsocket() Security should not be opaque.
author Gregory Szorc <gregory.szorc@gmail.com>
date Sun, 27 Mar 2016 13:13:19 -0700
parents c617614aefd2
children 5474dc73680f
files mercurial/sslutil.py
diffstat 1 files changed, 12 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/sslutil.py	Sun Mar 27 11:39:39 2016 -0700
+++ b/mercurial/sslutil.py	Sun Mar 27 13:13:19 2016 -0700
@@ -108,6 +108,18 @@
 
 def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE,
                ca_certs=None, serverhostname=None):
+    """Add SSL/TLS to a socket.
+
+    This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane
+    choices based on what security options are available.
+
+    In addition to the arguments supported by ``ssl.wrap_socket``, we allow
+    the following additional arguments:
+
+    * serverhostname - The expected hostname of the remote server. If the
+      server (and client) support SNI, this tells the server which certificate
+      to use.
+    """
     # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
     # that both ends support, including TLS protocols. On legacy stacks,
     # the highest it likely goes in TLS 1.0. On modern stacks, it can