Patchwork [5,of,6] sslutil: move and document verify_mode assignment

login
register
mail settings
Submitter Gregory Szorc
Date March 28, 2016, 6:21 a.m.
Message ID <dca2139096ad8c263eaa.1459146094@ubuntu-vm-main>
Download mbox | patch
Permalink /patch/14103/
State Superseded
Commit e330db205b20ff811d3efc088f4aa67cba23eca7
Headers show

Comments

Gregory Szorc - March 28, 2016, 6:21 a.m.
# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1459114159 25200
#      Sun Mar 27 14:29:19 2016 -0700
# Node ID dca2139096ad8c263eaa1cfe589814259d92f3b7
# Parent  cbe771e8d36d3e9685ede77ea37c42d4b4868cb8
sslutil: move and document verify_mode assignment

This makes the code a bit easier to read.
timeless - March 28, 2016, 4:43 p.m.
On Mon, Mar 28, 2016 at 2:21 AM, Gregory Szorc <gregory.szorc@gmail.com> wrote:
> +    # This does work on our fake SSLContext.

I'm not sure you mean "this actually does something" or "this operates on"

Patch

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -171,22 +171,25 @@  def wrapsocket(sock, keyfile, certfile, 
         protocol = ssl.PROTOCOL_TLSv1
 
     # TODO use ssl.create_default_context() on modernssl.
     sslcontext = SSLContext(protocol)
 
     # This is a no-op on old Python.
     sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3
 
+    # This does work on our fake SSLContext.
+    sslcontext.verify_mode = cert_reqs
+
     if certfile is not None:
         def password():
             f = keyfile or certfile
             return ui.getpass(_('passphrase for %s: ') % f, '')
         sslcontext.load_cert_chain(certfile, keyfile, password)
-    sslcontext.verify_mode = cert_reqs
+
     if ca_certs is not None:
         sslcontext.load_verify_locations(cafile=ca_certs)
     else:
         # This is a no-op on old Python.
         sslcontext.load_default_certs()
 
     sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)
     # check if wrap_socket failed silently because socket had been