Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/sslutil.py @ 28648:7fc787e5d8ec
sslutil: store OP_NO_SSL* constants in module scope
An upcoming patch will introduce a global SSLContext type so we
have a single function used to wrap sockets. Prepare for that by
introducing module level constants for disabling SSLv2 and SSLv3.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sun, 27 Mar 2016 10:47:24 -0700 |
| parents | 834d1c4ba749 |
| children | 7acab42ef184 |
comparison
equal
deleted
inserted
replaced
| 28647:834d1c4ba749 | 28648:7fc787e5d8ec |
|---|---|
| 26 # Depending on the version of Python being used, SSL/TLS support is either | 26 # Depending on the version of Python being used, SSL/TLS support is either |
| 27 # modern/secure or legacy/insecure. Many operations in this module have | 27 # modern/secure or legacy/insecure. Many operations in this module have |
| 28 # separate code paths depending on support in Python. | 28 # separate code paths depending on support in Python. |
| 29 | 29 |
| 30 hassni = getattr(ssl, 'HAS_SNI', False) | 30 hassni = getattr(ssl, 'HAS_SNI', False) |
| 31 | |
| 32 try: | |
| 33 OP_NO_SSLv2 = ssl.OP_NO_SSLv2 | |
| 34 OP_NO_SSLv3 = ssl.OP_NO_SSLv3 | |
| 35 except AttributeError: | |
| 36 OP_NO_SSLv2 = 0x1000000 | |
| 37 OP_NO_SSLv3 = 0x2000000 | |
| 31 | 38 |
| 32 _canloaddefaultcerts = False | 39 _canloaddefaultcerts = False |
| 33 try: | 40 try: |
| 34 # ssl.SSLContext was added in 2.7.9 and presence indicates modern | 41 # ssl.SSLContext was added in 2.7.9 and presence indicates modern |
| 35 # SSL/TLS features are available. | 42 # SSL/TLS features are available. |
| 46 # up a bunch of things in smart ways (strong ciphers, | 53 # up a bunch of things in smart ways (strong ciphers, |
| 47 # protocol versions, etc) and is upgraded by Python | 54 # protocol versions, etc) and is upgraded by Python |
| 48 # maintainers for us, but that breaks too many things to | 55 # maintainers for us, but that breaks too many things to |
| 49 # do it in a hurry. | 56 # do it in a hurry. |
| 50 sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) | 57 sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) |
| 51 sslcontext.options |= ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | 58 sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3 |
| 52 if certfile is not None: | 59 if certfile is not None: |
| 53 def password(): | 60 def password(): |
| 54 f = keyfile or certfile | 61 f = keyfile or certfile |
| 55 return ui.getpass(_('passphrase for %s: ') % f, '') | 62 return ui.getpass(_('passphrase for %s: ') % f, '') |
| 56 sslcontext.load_cert_chain(certfile, keyfile, password) | 63 sslcontext.load_cert_chain(certfile, keyfile, password) |