Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/sslutil.py @ 29224:7424f4294199
sslutil: require serverhostname argument (API)
All callers now specify it. So we can require it.
Requiring the argument means SNI will always work if supported
by Python.
The main reason for this change is to store state on the socket
instance to make the validation function generic. This will be
evident in subsequent commits.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Thu, 05 May 2016 19:10:18 -0700 |
| parents | ef316c653b7f |
| children | b115eed11780 |
comparison
equal
deleted
inserted
replaced
| 29223:c04ad3d3c651 | 29224:7424f4294199 |
|---|---|
| 118 | 118 |
| 119 * serverhostname - The expected hostname of the remote server. If the | 119 * serverhostname - The expected hostname of the remote server. If the |
| 120 server (and client) support SNI, this tells the server which certificate | 120 server (and client) support SNI, this tells the server which certificate |
| 121 to use. | 121 to use. |
| 122 """ | 122 """ |
| 123 if not serverhostname: | |
| 124 raise error.Abort('serverhostname argument is required') | |
| 125 | |
| 123 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol | 126 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol |
| 124 # that both ends support, including TLS protocols. On legacy stacks, | 127 # that both ends support, including TLS protocols. On legacy stacks, |
| 125 # the highest it likely goes in TLS 1.0. On modern stacks, it can | 128 # the highest it likely goes in TLS 1.0. On modern stacks, it can |
| 126 # support TLS 1.2. | 129 # support TLS 1.2. |
| 127 # | 130 # |