Mercurial Mercurial > mercurial / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
url: validity (notBefore/notAfter) is checked by OpenSSL (issue2407)
authorMads Kiilerich <mads@kiilerich.com>
Sun, 17 Oct 2010 04:14:06 +0200
changeset 12742 6ab4a7d3c179
parent 12741 949dfdb3ad2d
child 12743 4c4aeaab2339
url: validity (notBefore/notAfter) is checked by OpenSSL (issue2407) Removing the check from our code makes https with cacerts check work with Python < 2.6.
mercurial/url.py file | annotate | diff | comparison | revisions
tests/test-url.py file | annotate | diff | comparison | revisions 
--- a/mercurial/url.py	Sun Oct 17 04:13:50 2010 +0200
+++ b/mercurial/url.py	Sun Oct 17 04:14:06 2010 +0200
@@ -7,7 +7,7 @@
 # This software may be used and distributed according to the terms of the
 # GNU General Public License version 2 or any later version.
 
-import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO, time
+import urllib, urllib2, urlparse, httplib, os, re, socket, cStringIO
 import __builtin__
 from i18n import _
 import keepalive, util
@@ -487,19 +487,13 @@
         return keepalive.HTTPHandler._start_transaction(self, h, req)
 
 def _verifycert(cert, hostname):
-    '''Verify that cert (in socket.getpeercert() format) matches hostname and is 
-    valid at this time. CRLs and subjectAltName are not handled.
+    '''Verify that cert (in socket.getpeercert() format) matches hostname.
+    CRLs and subjectAltName are not handled.
     
     Returns error message if any problems are found and None on success.
     '''
     if not cert:
         return _('no certificate received')
-    notafter = cert.get('notAfter')
-    if notafter and time.time() > ssl.cert_time_to_seconds(notafter):
-        return _('certificate expired %s') % notafter
-    notbefore = cert.get('notBefore')
-    if notbefore and time.time() < ssl.cert_time_to_seconds(notbefore):
-        return _('certificate not valid before %s') % notbefore
     dnsname = hostname.lower()
     for s in cert.get('subject', []):
         key, value = s[0]
--- a/tests/test-url.py	Sun Oct 17 04:13:50 2010 +0200
+++ b/tests/test-url.py	Sun Oct 17 04:14:06 2010 +0200
@@ -1,9 +1,5 @@
 #!/usr/bin/env python
 import sys
-try:
-    import ssl
-except ImportError:
-    sys.exit(80)
 
 def check(a, b):
     if a != b:
@@ -36,17 +32,7 @@
 check(_verifycert(cert('*o'), 'foo'),
       'certificate is for *o')
 
-import time
-lastyear = time.gmtime().tm_year - 1
-nextyear = time.gmtime().tm_year + 1
-check(_verifycert({'notAfter': 'May  9 00:00:00 %s GMT' % lastyear},
-                  'example.com'),
-      'certificate expired May  9 00:00:00 %s GMT' % lastyear)
-check(_verifycert({'notBefore': 'May  9 00:00:00 %s GMT' % nextyear},
-                  'example.com'),
-      'certificate not valid before May  9 00:00:00 %s GMT' % nextyear)
-check(_verifycert({'notAfter': 'Sep 29 15:29:48 %s GMT' % nextyear,
-                   'subject': ()},
+check(_verifycert({'subject': ()},
                   'example.com'),
       'no commonName found in certificate')
 check(_verifycert(None, 'example.com'),
mercurial