changeset 28849:1fde84d42f9c

sslutil: require a server hostname when wrapping sockets (API) All callers appear to be passing the hostname. So this shouldn't break anything. By specifying the hostname, more validation options from the ssl module are available to us. Although this patch stops short of using them.
author Gregory Szorc <gregory.szorc@gmail.com>
date Sun, 10 Apr 2016 11:00:41 -0700
parents e330db205b20
children 3819c349b194
files mercurial/sslutil.py
diffstat 1 files changed, 3 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/sslutil.py	Sun Apr 10 10:59:45 2016 -0700
+++ b/mercurial/sslutil.py	Sun Apr 10 11:00:41 2016 -0700
@@ -120,6 +120,9 @@
       server (and client) support SNI, this tells the server which certificate
       to use.
     """
+    if not serverhostname:
+        raise error.Abort('serverhostname argument required')
+
     # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
     # that both ends support, including TLS protocols. On legacy stacks,
     # the highest it likely goes in TLS 1.0. On modern stacks, it can