Mercurial Mercurial > mercurial / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: require a server hostname when wrapping sockets (API)
authorGregory Szorc <gregory.szorc@gmail.com>
Sun, 10 Apr 2016 11:00:41 -0700
changeset 28849 1fde84d42f9c
parent 28848 e330db205b20
child 28850 3819c349b194
sslutil: require a server hostname when wrapping sockets (API) All callers appear to be passing the hostname. So this shouldn't break anything. By specifying the hostname, more validation options from the ssl module are available to us. Although this patch stops short of using them.
mercurial/sslutil.py file | annotate | diff | comparison | revisions 
--- a/mercurial/sslutil.py	Sun Apr 10 10:59:45 2016 -0700
+++ b/mercurial/sslutil.py	Sun Apr 10 11:00:41 2016 -0700
@@ -120,6 +120,9 @@
       server (and client) support SNI, this tells the server which certificate
       to use.
     """
+    if not serverhostname:
+        raise error.Abort('serverhostname argument required')
+
     # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
     # that both ends support, including TLS protocols. On legacy stacks,
     # the highest it likely goes in TLS 1.0. On modern stacks, it can
mercurial