Patchwork [3,of,7,V5] tests: use sslutil.wrapserversocket()

login
register
mail settings
Submitter Gregory Szorc
Date July 15, 2016, 5:14 p.m.
Message ID <c2f662dbcdb4146802ed.1468602841@ubuntu-vm-main>
Download mbox | patch
Permalink /patch/15889/
State Accepted
Headers show

Comments

Gregory Szorc - July 15, 2016, 5:14 p.m.
# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1468467667 25200
#      Wed Jul 13 20:41:07 2016 -0700
# Node ID c2f662dbcdb4146802ed254ddf6b205680c9b026
# Parent  74bd4bf8d6a6103f279648927467b817b94e1917
tests: use sslutil.wrapserversocket()

Like the built-in HTTPS server, this code was using the ssl module
directly and only using TLS 1.0. Like the built-in HTTPS server,
we switch it to use sslutil.wrapserversocket() so it can follow better
practices.
Yuya Nishihara - July 16, 2016, 12:58 a.m.
On Fri, 15 Jul 2016 10:14:01 -0700, Gregory Szorc wrote:
> # HG changeset patch
> # User Gregory Szorc <gregory.szorc@gmail.com>
> # Date 1468467667 25200
> #      Wed Jul 13 20:41:07 2016 -0700
> # Node ID c2f662dbcdb4146802ed254ddf6b205680c9b026
> # Parent  74bd4bf8d6a6103f279648927467b817b94e1917
> tests: use sslutil.wrapserversocket()

Queued 1-3 with "hgweb: pass ui into preparehttpserver" from V4, thanks.

It appears preceding patches were lost in the current tip.
Gregory Szorc - July 16, 2016, 1:20 a.m.
> On Jul 15, 2016, at 17:58, Yuya Nishihara <yuya@tcha.org> wrote:
> 
>> On Fri, 15 Jul 2016 10:14:01 -0700, Gregory Szorc wrote:
>> # HG changeset patch
>> # User Gregory Szorc <gregory.szorc@gmail.com>
>> # Date 1468467667 25200
>> #      Wed Jul 13 20:41:07 2016 -0700
>> # Node ID c2f662dbcdb4146802ed254ddf6b205680c9b026
>> # Parent  74bd4bf8d6a6103f279648927467b817b94e1917
>> tests: use sslutil.wrapserversocket()
> 
> Queued 1-3 with "hgweb: pass ui into preparehttpserver" from V4, thanks.
> 
> It appears preceding patches were lost in the current tip.

I had previous versions pruned from the committed repo. And I dropped them from V5 because I misinterpreted your reply on V4 email as queueing them.

What do you want me to do? I can resend or you could find the missing patches from the V4 series.
Yuya Nishihara - July 16, 2016, 4:58 a.m.
On Fri, 15 Jul 2016 18:20:13 -0700, Gregory Szorc wrote:
> > On Jul 15, 2016, at 17:58, Yuya Nishihara <yuya@tcha.org> wrote:
> >> On Fri, 15 Jul 2016 10:14:01 -0700, Gregory Szorc wrote:
> >> # HG changeset patch
> >> # User Gregory Szorc <gregory.szorc@gmail.com>
> >> # Date 1468467667 25200
> >> #      Wed Jul 13 20:41:07 2016 -0700
> >> # Node ID c2f662dbcdb4146802ed254ddf6b205680c9b026
> >> # Parent  74bd4bf8d6a6103f279648927467b817b94e1917
> >> tests: use sslutil.wrapserversocket()
> > 
> > Queued 1-3 with "hgweb: pass ui into preparehttpserver" from V4, thanks.
> > 
> > It appears preceding patches were lost in the current tip.
> 
> I had previous versions pruned from the committed repo. And I dropped them from V5 because I misinterpreted your reply on V4 email as queueing them.

Okay, I salvaged them from V4 and pushed as:

53de8255ec4e sslutil: update comment about create_default_context()
a935cd7d51a6 sslutil: prevent CRIME
Gregory Szorc - July 16, 2016, 5:27 a.m.
> On Jul 15, 2016, at 21:58, Yuya Nishihara <yuya@tcha.org> wrote:
> 
> On Fri, 15 Jul 2016 18:20:13 -0700, Gregory Szorc wrote:
>>>> On Jul 15, 2016, at 17:58, Yuya Nishihara <yuya@tcha.org> wrote:
>>>> On Fri, 15 Jul 2016 10:14:01 -0700, Gregory Szorc wrote:
>>>> # HG changeset patch
>>>> # User Gregory Szorc <gregory.szorc@gmail.com>
>>>> # Date 1468467667 25200
>>>> #      Wed Jul 13 20:41:07 2016 -0700
>>>> # Node ID c2f662dbcdb4146802ed254ddf6b205680c9b026
>>>> # Parent  74bd4bf8d6a6103f279648927467b817b94e1917
>>>> tests: use sslutil.wrapserversocket()
>>> 
>>> Queued 1-3 with "hgweb: pass ui into preparehttpserver" from V4, thanks.
>>> 
>>> It appears preceding patches were lost in the current tip.
>> 
>> I had previous versions pruned from the committed repo. And I dropped them from V5 because I misinterpreted your reply on V4 email as queueing them.
> 
> Okay, I salvaged them from V4 and pushed as:
> 
> 53de8255ec4e sslutil: update comment about create_default_context()
> a935cd7d51a6 sslutil: prevent CRIME

You must have done this literally as I was rebasing and patchbombing V6. The similar timing is almost scary.

I guess you can discard the first few patches from V6!

Patch

diff --git a/tests/dummysmtpd.py b/tests/dummysmtpd.py
--- a/tests/dummysmtpd.py
+++ b/tests/dummysmtpd.py
@@ -7,16 +7,18 @@  from __future__ import absolute_import
 import asyncore
 import optparse
 import smtpd
 import ssl
 import sys
 
 from mercurial import (
     cmdutil,
+    sslutil,
+    ui as uimod,
 )
 
 def log(msg):
     sys.stdout.write(msg)
     sys.stdout.flush()
 
 class dummysmtpserver(smtpd.SMTPServer):
     def __init__(self, localaddr):
@@ -30,21 +32,20 @@  class dummysmtpsecureserver(dummysmtpser
         dummysmtpserver.__init__(self, localaddr)
         self._certfile = certfile
 
     def handle_accept(self):
         pair = self.accept()
         if not pair:
             return
         conn, addr = pair
+        ui = uimod.ui()
         try:
             # wrap_socket() would block, but we don't care
-            conn = ssl.wrap_socket(conn, server_side=True,
-                                   certfile=self._certfile,
-                                   ssl_version=ssl.PROTOCOL_TLSv1)
+            conn = sslutil.wrapserversocket(conn, ui, certfile=self._certfile)
         except ssl.SSLError:
             log('%s ssl error\n' % addr[0])
             conn.close()
             return
         smtpd.SMTPChannel(self, conn, addr)
 
 def run():
     try: