Mercurial Mercurial > hg / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgweb: use Pythons ssl module for HTTPS serve when using Python 2.6 or later
authorMads Kiilerich <mads@kiilerich.com>
Wed, 20 Oct 2010 20:19:34 +0200
changeset 12784 763be3cd084a
parent 12783 191d0fd5c2fd
child 12785 c7d23b4ca4ba
child 12788 de793925862e
hgweb: use Pythons ssl module for HTTPS serve when using Python 2.6 or later pyOpenSSL apparently doesn't work for Python 2.7 and isn't very actively maintained. The built-in ssl module seems like a long-term winner, so we now use that with Python 2.6 and higher.
mercurial/hgweb/server.py file | annotate | diff | comparison | revisions
tests/hghave file | annotate | diff | comparison | revisions
tests/test-https.t file | annotate | diff | comparison | revisions 
--- a/mercurial/hgweb/server.py	Wed Oct 20 20:19:32 2010 +0200
+++ b/mercurial/hgweb/server.py	Wed Oct 20 20:19:34 2010 +0200
@@ -214,6 +214,26 @@
             self.close_connection = True
             pass
 
+class _httprequesthandlerssl(_httprequesthandler):
+    """HTTPS handler based on Pythons ssl module (introduced in 2.6)"""
+
+    url_scheme = 'https'
+
+    @staticmethod
+    def preparehttpserver(httpserver, ssl_cert):
+        try:
+            import ssl
+            ssl.wrap_socket
+        except ImportError:
+            raise util.Abort(_("SSL support is unavailable"))
+        httpserver.socket = ssl.wrap_socket(httpserver.socket, server_side=True,
+            certfile=ssl_cert, ssl_version=ssl.PROTOCOL_SSLv3)
+
+    def setup(self):
+        self.connection = self.request
+        self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
+        self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
+
 try:
     from threading import activeCount
     _mixin = SocketServer.ThreadingMixIn
@@ -265,7 +285,10 @@
 def create_server(ui, app):
 
     if ui.config('web', 'certificate'):
-        handler = _httprequesthandleropenssl
+        if sys.version_info >= (2, 6):
+            handler = _httprequesthandlerssl
+        else:
+            handler = _httprequesthandleropenssl
     else:
         handler = _httprequesthandler
 
--- a/tests/hghave	Wed Oct 20 20:19:32 2010 +0200
+++ b/tests/hghave	Wed Oct 20 20:19:34 2010 +0200
@@ -181,7 +181,6 @@
 
 def has_ssl():
     try:
-        from OpenSSL.SSL import SysCallError, ZeroReturnError
         import ssl
         return True
     except ImportError:
@@ -207,7 +206,7 @@
     "outer-repo": (has_outer_repo, "outer repo"),
     "p4": (has_p4, "Perforce server and client"),
     "pygments": (has_pygments, "Pygments source highlighting library"),
-    "ssl": (has_ssl, "python ssl and openssl modules"),
+    "ssl": (has_ssl, "python >= 2.6 ssl module"),
     "svn": (has_svn, "subversion client and admin tools"),
     "svn-bindings": (has_svn_bindings, "subversion python bindings"),
     "symlink": (has_symlink, "symbolic links"),
--- a/tests/test-https.t	Wed Oct 20 20:19:32 2010 +0200
+++ b/tests/test-https.t	Wed Oct 20 20:19:34 2010 +0200
@@ -1,12 +1,7 @@
-Proper https client requires the built-in ssl from Python 2.6,
-and https serve requires the full OpenSSL module.
+Proper https client requires the built-in ssl from Python 2.6.
 
   $ "$TESTDIR/hghave" ssl || exit 80
 
-HTTPS serve seems to be broken on Python 2.7:
-
-  $ [ "`python -c 'import sys; print sys.version_info[:2]'`" = '(2, 6)' ] || exit 80
-
 Certificates created with:
  printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \
  openssl req -newkey rsa:512 -keyout priv.pem -nodes -x509 -days 9000 -out pub.pem
Mercurial