D2687: sslutil: lots of unicode/bytes cleanup
This revision was automatically updated to reflect the committed changes.
Closed by commit rHG424994a0adfd: sslutil: lots of unicode/bytes cleanup
(authored by durin42, committed by ).
CHANGED PRIOR TO COMMIT
https://phab.mercurial-scm.org/D2687?vs=6646&id=6665#toc
REPOSITORY
rHG Mercurial
CHANGES SINCE LAST UPDATE
https://phab.mercurial-scm.org/D2687?vs=6646&id=6665
REVISION DETAIL
https://phab.mercurial-scm.org/D2687
AFFECTED FILES
mercurial/sslutil.py
CHANGE DETAILS
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -113,6 +113,7 @@
Returns a dict of settings relevant to that hostname.
"""
+bhostname = pycompat.bytesurl(hostname)
s = {
# Whether we should attempt to load default/available CA certs
# if an explicit ``cafile`` is not defined.
@@ -162,14 +163,14 @@
ui.warn(_('warning: connecting to %s using legacy security '
'technology (TLS 1.0); see '
'https://mercurial-scm.org/wiki/SecureConnections for '
- 'more info\n') % hostname)
+ 'more info\n') % bhostname)
defaultprotocol = 'tls1.0'
key = 'minimumprotocol'
protocol = ui.config('hostsecurity', key, defaultprotocol)
validateprotocol(protocol, key)
-key = '%s:minimumprotocol' % hostname
+key = '%s:minimumprotocol' % bhostname
protocol = ui.config('hostsecurity', key, protocol)
validateprotocol(protocol, key)
@@ -182,25 +183,25 @@
s['protocol'], s['ctxoptions'], s['protocolui'] =
protocolsettings(protocol)
ciphers = ui.config('hostsecurity', 'ciphers')
-ciphers = ui.config('hostsecurity', '%s:ciphers' % hostname, ciphers)
+ciphers = ui.config('hostsecurity', '%s:ciphers' % bhostname, ciphers)
s['ciphers'] = ciphers
# Look for fingerprints in [hostsecurity] section. Value is a list
# of : strings.
-fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname)
+fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % bhostname)
for fingerprint in fingerprints:
if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))):
raise error.Abort(_('invalid fingerprint for %s: %s') % (
-hostname, fingerprint),
+bhostname, fingerprint),
hint=_('must begin with "sha1:", "sha256:", '
'or "sha512:"'))
alg, fingerprint = fingerprint.split(':', 1)
fingerprint = fingerprint.replace(':', '').lower()
s['certfingerprints'].append((alg, fingerprint))
# Fingerprints from [hostfingerprints] are always SHA-1.
-for fingerprint in ui.configlist('hostfingerprints', hostname):
+for fingerprint in ui.configlist('hostfingerprints', bhostname):
fingerprint = fingerprint.replace(':', '').lower()
s['certfingerprints'].append(('sha1', fingerprint))
s['legacyfingerprint'] = True
@@ -223,11 +224,11 @@
# If both fingerprints and a per-host ca file are specified, issue a
warning
# because users should not be surprised about what security is or isn't
# being performed.
-cafile = ui.config('hostsecurity', '%s:verifycertsfile' % hostname)
+cafile = ui.config('hostsecurity', '%s:verifycertsfile' % bhostname)
if s['certfingerprints'] and cafile:
ui.warn(_('(hostsecurity.%s:verifycertsfile ignored when host '
'fingerprints defined; using host fingerprints for '
- 'verification)\n') % hostname)
+ 'verification)\n') % bhostname)
# Try to hook up CA certificate validation unless something above
# makes it not necessary.
@@ -237,8 +238,8 @@
cafile = util.expandpath(cafile)
if not os.path.exists(cafile):
raise error.Abort(_('path specified by %s does not exist: %s')
%
- ('hostsecurity.%s:verifycertsfile' %
hostname,
- cafile))
+ ('hostsecurity.%s:verifycertsfile' % (
+ bhostname,), cafile))
s['cafile'] = cafile
else:
# Find global certificates file in config.
@@ -390,7 +391,7 @@
else:
msg = e.args[1]
raise error.Abort(_('error loading CA file %s: %s') % (
- settings['cafile'], msg),
+ settings['cafile'], util.forcebytestr(msg)),
hint=_('file is empty or malformed?'))
caloaded = True
elif settings['allowloaddefaultcerts']:
@@ -583,8 +584,10 @@
pats = []
if not dn:
return False
+dn = pycompat.bytesurl(dn)
+hostname = pycompat.bytesurl(hostname)
-piece
D2687: sslutil: lots of unicode/bytes cleanup
durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REVISION SUMMARY
In general, we handle hostnames as bytes, except where Python forces
them to be unicodes.
This fixes all the tracebacks I was seeing in test-https.t, but
there's still some ECONNRESET weirdness that I can't hunt down...
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D2687
AFFECTED FILES
mercurial/sslutil.py
CHANGE DETAILS
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -113,6 +113,7 @@
Returns a dict of settings relevant to that hostname.
"""
+bhostname = pycompat.bytesurl(hostname)
s = {
# Whether we should attempt to load default/available CA certs
# if an explicit ``cafile`` is not defined.
@@ -162,14 +163,14 @@
ui.warn(_('warning: connecting to %s using legacy security '
'technology (TLS 1.0); see '
'https://mercurial-scm.org/wiki/SecureConnections for '
- 'more info\n') % hostname)
+ 'more info\n') % bhostname)
defaultprotocol = 'tls1.0'
key = 'minimumprotocol'
protocol = ui.config('hostsecurity', key, defaultprotocol)
validateprotocol(protocol, key)
-key = '%s:minimumprotocol' % hostname
+key = '%s:minimumprotocol' % bhostname
protocol = ui.config('hostsecurity', key, protocol)
validateprotocol(protocol, key)
@@ -182,25 +183,25 @@
s['protocol'], s['ctxoptions'], s['protocolui'] =
protocolsettings(protocol)
ciphers = ui.config('hostsecurity', 'ciphers')
-ciphers = ui.config('hostsecurity', '%s:ciphers' % hostname, ciphers)
+ciphers = ui.config('hostsecurity', '%s:ciphers' % bhostname, ciphers)
s['ciphers'] = ciphers
# Look for fingerprints in [hostsecurity] section. Value is a list
# of : strings.
-fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname)
+fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % bhostname)
for fingerprint in fingerprints:
if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))):
raise error.Abort(_('invalid fingerprint for %s: %s') % (
-hostname, fingerprint),
+bhostname, fingerprint),
hint=_('must begin with "sha1:", "sha256:", '
'or "sha512:"'))
alg, fingerprint = fingerprint.split(':', 1)
fingerprint = fingerprint.replace(':', '').lower()
s['certfingerprints'].append((alg, fingerprint))
# Fingerprints from [hostfingerprints] are always SHA-1.
-for fingerprint in ui.configlist('hostfingerprints', hostname):
+for fingerprint in ui.configlist('hostfingerprints', bhostname):
fingerprint = fingerprint.replace(':', '').lower()
s['certfingerprints'].append(('sha1', fingerprint))
s['legacyfingerprint'] = True
@@ -223,11 +224,11 @@
# If both fingerprints and a per-host ca file are specified, issue a
warning
# because users should not be surprised about what security is or isn't
# being performed.
-cafile = ui.config('hostsecurity', '%s:verifycertsfile' % hostname)
+cafile = ui.config('hostsecurity', '%s:verifycertsfile' % bhostname)
if s['certfingerprints'] and cafile:
ui.warn(_('(hostsecurity.%s:verifycertsfile ignored when host '
'fingerprints defined; using host fingerprints for '
- 'verification)\n') % hostname)
+ 'verification)\n') % bhostname)
# Try to hook up CA certificate validation unless something above
# makes it not necessary.
@@ -237,8 +238,8 @@
cafile = util.expandpath(cafile)
if not os.path.exists(cafile):
raise error.Abort(_('path specified by %s does not exist: %s')
%
- ('hostsecurity.%s:verifycertsfile' %
hostname,
- cafile))
+ ('hostsecurity.%s:verifycertsfile' % (
+ bhostname,), cafile))
s['cafile'] = cafile
else:
# Find global certificates file in config.
@@ -390,7 +391,7 @@
else:
msg = e.args[1]
raise error.Abort(_('error loading CA file %s: %s') % (
- settings['cafile'], msg),
+ settings['cafile'], util.forcebytestr(msg)),
hint=_('file is empty or malformed?'))
caloaded = True
elif settings['allowloaddefaultcerts']:
@@ -583,8 +584,10 @@
pats = []
if not dn:
return False
+dn = pycompat.bytesurl(dn)
+hostname = pycompat.bytesurl(hostname)
