Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/sslutil.py @ 28849:1fde84d42f9c
sslutil: require a server hostname when wrapping sockets (API)
All callers appear to be passing the hostname. So this shouldn't
break anything. By specifying the hostname, more validation options
from the ssl module are available to us. Although this patch stops
short of using them.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sun, 10 Apr 2016 11:00:41 -0700 |
| parents | e330db205b20 |
| children | 3819c349b194 |
comparison
equal
deleted
inserted
replaced
| 28848:e330db205b20 | 28849:1fde84d42f9c |
|---|---|
| 118 | 118 |
| 119 * serverhostname - The expected hostname of the remote server. If the | 119 * serverhostname - The expected hostname of the remote server. If the |
| 120 server (and client) support SNI, this tells the server which certificate | 120 server (and client) support SNI, this tells the server which certificate |
| 121 to use. | 121 to use. |
| 122 """ | 122 """ |
| 123 if not serverhostname: | |
| 124 raise error.Abort('serverhostname argument required') | |
| 125 | |
| 123 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol | 126 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol |
| 124 # that both ends support, including TLS protocols. On legacy stacks, | 127 # that both ends support, including TLS protocols. On legacy stacks, |
| 125 # the highest it likely goes in TLS 1.0. On modern stacks, it can | 128 # the highest it likely goes in TLS 1.0. On modern stacks, it can |
| 126 # support TLS 1.2. | 129 # support TLS 1.2. |
| 127 # | 130 # |