Patchwork [2,of,6] sslutil: require serverhostname argument (API)

login
register
mail settings
Submitter Gregory Szorc
Date May 15, 2016, 6:57 p.m.
Message ID <41885a60598f5d03437d.1463338639@ubuntu-vm-main>
Download mbox | patch
Permalink /patch/15119/
State Superseded
Headers show

Comments

Gregory Szorc - May 15, 2016, 6:57 p.m.
# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1462500618 25200
#      Thu May 05 19:10:18 2016 -0700
# Node ID 41885a60598f5d03437d8e481d48b45d411614a1
# Parent  076cdbe3bfbc412aece1e5adef2cc45456b3bf9b
sslutil: require serverhostname argument (API)

All callers now specify it. So we can require it.

The real purpose of this change is to store state on the socket
instance to make the validation function generic. This will be
evident in subsequent commits.

Patch

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -115,16 +115,19 @@  def wrapsocket(sock, keyfile, certfile, 
 
     In addition to the arguments supported by ``ssl.wrap_socket``, we allow
     the following additional arguments:
 
     * serverhostname - The expected hostname of the remote server. If the
       server (and client) support SNI, this tells the server which certificate
       to use.
     """
+    if not serverhostname:
+        raise error.Abort('serverhostname argument is required')
+
     # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
     # that both ends support, including TLS protocols. On legacy stacks,
     # the highest it likely goes in TLS 1.0. On modern stacks, it can
     # support TLS 1.2.
     #
     # The PROTOCOL_TLSv* constants select a specific TLS version
     # only (as opposed to multiple versions). So the method for
     # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and