mercurial-scm/hg: comparison mercurial/sslutil.py

equal deleted inserted replaced

-:f7ccbc2776b7
+:21b536f01eda
 try:
 ssl_context = ssl.SSLContext
 _canloaddefaultcerts = util.safehasattr(ssl_context,
 'load_default_certs')
-def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE,
+def ssl_wrap_socket(sock, keyfile, certfile, ui,
+cert_reqs=ssl.CERT_NONE,
 ca_certs=None, serverhostname=None):
 # Allow any version of SSL starting with TLSv1 and
 # up. Note that specifying TLSv1 here prohibits use of
 # newer standards (like TLSv1_2), so this is the right way
 # to do this. Note that in the future it'd be better to
 # maintainers for us, but that breaks too many things to
 # do it in a hurry.
 sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
 sslcontext.options &= ssl.OP_NO_SSLv2 & ssl.OP_NO_SSLv3
 if certfile is not None:
-sslcontext.load_cert_chain(certfile, keyfile)
+def password():
+f = keyfile or certfile
+return ui.getpass(_('passphrase for %s: ') % f, '')
+sslcontext.load_cert_chain(certfile, keyfile, password)
 sslcontext.verify_mode = cert_reqs
 if ca_certs is not None:
 sslcontext.load_verify_locations(cafile=ca_certs)
 elif _canloaddefaultcerts:
 sslcontext.load_default_certs()
 # - see http://bugs.python.org/issue13721
 if not sslsocket.cipher():
 raise util.Abort(_('ssl connection failed'))
 return sslsocket
 except AttributeError:
-def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE,
+def ssl_wrap_socket(sock, keyfile, certfile, ui,
+cert_reqs=ssl.CERT_NONE,
 ca_certs=None, serverhostname=None):
 sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
 cert_reqs=cert_reqs, ca_certs=ca_certs,
 ssl_version=ssl.PROTOCOL_TLSv1)
 # check if wrap_socket failed silently because socket had been
 except ImportError:
 CERT_REQUIRED = 2
 import socket, httplib
-def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=CERT_REQUIRED,
+def ssl_wrap_socket(sock, keyfile, certfile, ui,
+cert_reqs=CERT_REQUIRED,
 ca_certs=None, serverhostname=None):
 if not util.safehasattr(socket, 'ssl'):
 raise util.Abort(_('Python SSL support not found'))
 if ca_certs:
 raise util.Abort(_(
 if _canloaddefaultcerts:
 return None
 return '!'
 def sslkwargs(ui, host):
-kws = {}
+kws = {'ui': ui}
 hostfingerprint = ui.config('hostfingerprints', host)
 if hostfingerprint:
 return kws
 cacerts = ui.config('web', 'cacerts')
 if cacerts == '!':

changeset 25415	21b536f01eda
parent 24614	241d98d84aed
child 25429	9d1c61715939