Mercurial > public > mercurial-scm > hg-stable

diff mercurial/url.py @ 12742:6ab4a7d3c179

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
url: validity (notBefore/notAfter) is checked by OpenSSL (issue2407) Removing the check from our code makes https with cacerts check work with Python < 2.6.
author Mads Kiilerich <mads@kiilerich.com>
date Sun, 17 Oct 2010 04:14:06 +0200
parents 1393a81b3bdc
children 614f0d8724ab
line wrap: on
line diff
--- a/mercurial/url.py	Sun Oct 17 04:13:50 2010 +0200
+++ b/mercurial/url.py	Sun Oct 17 04:14:06 2010 +0200
@@ -7,7 +7,7 @@
 # This software may be used and distributed according to the terms of the
 # GNU General Public License version 2 or any later version.
 
-import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO, time
+import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO
 import __builtin__
 from i18n import _
 import keepalive, util
@@ -487,19 +487,13 @@
         return keepalive.HTTPHandler._start_transaction(self, h, req)
 
 def _verifycert(cert, hostname):
-    '''Verify that cert (in socket.getpeercert() format) matches hostname and is 
-    valid at this time. CRLs and subjectAltName are not handled.
+    '''Verify that cert (in socket.getpeercert() format) matches hostname.
+    CRLs and subjectAltName are not handled.
     
     Returns error message if any problems are found and None on success.
     '''
     if not cert:
         return _('no certificate received')
-    notafter = cert.get('notAfter')
-    if notafter and time.time() > ssl.cert_time_to_seconds(notafter):
-        return _('certificate expired %s') % notafter
-    notbefore = cert.get('notBefore')
-    if notbefore and time.time() < ssl.cert_time_to_seconds(notbefore):
-        return _('certificate not valid before %s') % notbefore
     dnsname = hostname.lower()
     for s in cert.get('subject', []):
         key, value = s[0]