Mercurial > public > mercurial-scm > hg
comparison mercurial/url.py @ 13248:00411a4fa1bb stable
url: fix UnicodeDecodeError on certificate verification error
SSLSocket.getpeercert() returns tuple containing unicode for 'subject'.
Since Mercurial does't support IDN at all, it just returns error for non-ascii
certname.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Sat, 08 Jan 2011 21:52:25 +0900 |
| parents | b335882c2f21 |
| children | 75d0c38a0bca |
comparison
equal
deleted
inserted
replaced
| 13246:a01c52b08c5f | 13248:00411a4fa1bb |
|---|---|
| 496 return _('no certificate received') | 496 return _('no certificate received') |
| 497 dnsname = hostname.lower() | 497 dnsname = hostname.lower() |
| 498 for s in cert.get('subject', []): | 498 for s in cert.get('subject', []): |
| 499 key, value = s[0] | 499 key, value = s[0] |
| 500 if key == 'commonName': | 500 if key == 'commonName': |
| 501 certname = value.lower() | 501 try: |
| 502 # 'subject' entries are unicode | |
| 503 certname = value.lower().encode('ascii') | |
| 504 except UnicodeEncodeError: | |
| 505 return _('IDN in certificate not supported') | |
| 502 if (certname == dnsname or | 506 if (certname == dnsname or |
| 503 '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1]): | 507 '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1]): |
| 504 return None | 508 return None |
| 505 return _('certificate is for %s') % certname | 509 return _('certificate is for %s') % certname |
| 506 return _('no commonName found in certificate') | 510 return _('no commonName found in certificate') |