Mercurial Mercurial > hg / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: add docstring to wrapsocket()
authorGregory Szorc <gregory.szorc@gmail.com>
Sun, 27 Mar 2016 13:13:19 -0700
changeset 28653 1eb0bd8adf39
parent 28652 c617614aefd2
child 28654 5474dc73680f
sslutil: add docstring to wrapsocket() Security should not be opaque.
mercurial/sslutil.py file | annotate | diff | comparison | revisions 
--- a/mercurial/sslutil.py	Sun Mar 27 11:39:39 2016 -0700
+++ b/mercurial/sslutil.py	Sun Mar 27 13:13:19 2016 -0700
@@ -108,6 +108,18 @@
 
 def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE,
                ca_certs=None, serverhostname=None):
+    """Add SSL/TLS to a socket.
+
+    This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane
+    choices based on what security options are available.
+
+    In addition to the arguments supported by ``ssl.wrap_socket``, we allow
+    the following additional arguments:
+
+    * serverhostname - The expected hostname of the remote server. If the
+      server (and client) support SNI, this tells the server which certificate
+      to use.
+    """
     # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
     # that both ends support, including TLS protocols. On legacy stacks,
     # the highest it likely goes in TLS 1.0. On modern stacks, it can
Mercurial