Patchwork [1,of,5,V2] sslutil: require serverhostname argument (API)

login
register
mail settings
Submitter Gregory Szorc
Date May 15, 2016, 11:18 p.m.
Message ID <56ceced54f4efb6da734.1463354318@ubuntu-vm-main>
Download mbox | patch
Permalink /patch/15124/
State Accepted
Headers show

Comments

Gregory Szorc - May 15, 2016, 11:18 p.m.
# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1462500618 25200
#      Thu May 05 19:10:18 2016 -0700
# Node ID 56ceced54f4efb6da734e24af29b34d0aabc3d6c
# Parent  f8b87a779c87586aa043bcd6030369715edfc9c1
sslutil: require serverhostname argument (API)

All callers now specify it. So we can require it.

Requiring the argument means SNI will always work if supported
by Python.

The main reason for this change is to store state on the socket
instance to make the validation function generic. This will be
evident in subsequent commits.

Patch

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -115,16 +115,19 @@  def wrapsocket(sock, keyfile, certfile, 
 
     In addition to the arguments supported by ``ssl.wrap_socket``, we allow
     the following additional arguments:
 
     * serverhostname - The expected hostname of the remote server. If the
       server (and client) support SNI, this tells the server which certificate
       to use.
     """
+    if not serverhostname:
+        raise error.Abort('serverhostname argument is required')
+
     # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
     # that both ends support, including TLS protocols. On legacy stacks,
     # the highest it likely goes in TLS 1.0. On modern stacks, it can
     # support TLS 1.2.
     #
     # The PROTOCOL_TLSv* constants select a specific TLS version
     # only (as opposed to multiple versions). So the method for
     # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and