Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/sslutil.py @ 19490:074bd02352c0 stable
sslutil: force SSLv3 on Python 2.6 and later (issue3905)
We can't (easily) force SSL version on older Pythons, but on 2.6 and
later we can force SSLv3, which is safer and widely supported. This
also appears to work around a bug in IIS detailed in issue 3905.
| author | Augie Fackler <raf@durin42.com> |
|---|---|
| date | Wed, 24 Jul 2013 14:51:13 -0400 |
| parents | 2d7fac049d3a |
| children | f2871c30e6a7 |
comparison
equal
deleted
inserted
replaced
| 19489:42fcb2f7787d | 19490:074bd02352c0 |
|---|---|
| 15 import ssl | 15 import ssl |
| 16 CERT_REQUIRED = ssl.CERT_REQUIRED | 16 CERT_REQUIRED = ssl.CERT_REQUIRED |
| 17 def ssl_wrap_socket(sock, keyfile, certfile, | 17 def ssl_wrap_socket(sock, keyfile, certfile, |
| 18 cert_reqs=ssl.CERT_NONE, ca_certs=None): | 18 cert_reqs=ssl.CERT_NONE, ca_certs=None): |
| 19 sslsocket = ssl.wrap_socket(sock, keyfile, certfile, | 19 sslsocket = ssl.wrap_socket(sock, keyfile, certfile, |
| 20 cert_reqs=cert_reqs, ca_certs=ca_certs) | 20 cert_reqs=cert_reqs, ca_certs=ca_certs, |
| 21 ssl_version=ssl.PROTOCOL_SSLv3) | |
| 21 # check if wrap_socket failed silently because socket had been closed | 22 # check if wrap_socket failed silently because socket had been closed |
| 22 # - see http://bugs.python.org/issue13721 | 23 # - see http://bugs.python.org/issue13721 |
| 23 if not sslsocket.cipher(): | 24 if not sslsocket.cipher(): |
| 24 raise util.Abort(_('ssl connection failed')) | 25 raise util.Abort(_('ssl connection failed')) |
| 25 return sslsocket | 26 return sslsocket |