D2687: sslutil: lots of unicode/bytes cleanup
This revision was automatically updated to reflect the committed changes. Closed by commit rHG424994a0adfd: sslutil: lots of unicode/bytes cleanup (authored by durin42, committed by ). CHANGED PRIOR TO COMMIT https://phab.mercurial-scm.org/D2687?vs=6646&id=6665#toc REPOSITORY rHG Mercurial CHANGES SINCE LAST UPDATE https://phab.mercurial-scm.org/D2687?vs=6646&id=6665 REVISION DETAIL https://phab.mercurial-scm.org/D2687 AFFECTED FILES mercurial/sslutil.py CHANGE DETAILS diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py --- a/mercurial/sslutil.py +++ b/mercurial/sslutil.py @@ -113,6 +113,7 @@ Returns a dict of settings relevant to that hostname. """ +bhostname = pycompat.bytesurl(hostname) s = { # Whether we should attempt to load default/available CA certs # if an explicit ``cafile`` is not defined. @@ -162,14 +163,14 @@ ui.warn(_('warning: connecting to %s using legacy security ' 'technology (TLS 1.0); see ' 'https://mercurial-scm.org/wiki/SecureConnections for ' - 'more info\n') % hostname) + 'more info\n') % bhostname) defaultprotocol = 'tls1.0' key = 'minimumprotocol' protocol = ui.config('hostsecurity', key, defaultprotocol) validateprotocol(protocol, key) -key = '%s:minimumprotocol' % hostname +key = '%s:minimumprotocol' % bhostname protocol = ui.config('hostsecurity', key, protocol) validateprotocol(protocol, key) @@ -182,25 +183,25 @@ s['protocol'], s['ctxoptions'], s['protocolui'] = protocolsettings(protocol) ciphers = ui.config('hostsecurity', 'ciphers') -ciphers = ui.config('hostsecurity', '%s:ciphers' % hostname, ciphers) +ciphers = ui.config('hostsecurity', '%s:ciphers' % bhostname, ciphers) s['ciphers'] = ciphers # Look for fingerprints in [hostsecurity] section. Value is a list # of : strings. -fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname) +fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % bhostname) for fingerprint in fingerprints: if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))): raise error.Abort(_('invalid fingerprint for %s: %s') % ( -hostname, fingerprint), +bhostname, fingerprint), hint=_('must begin with "sha1:", "sha256:", ' 'or "sha512:"')) alg, fingerprint = fingerprint.split(':', 1) fingerprint = fingerprint.replace(':', '').lower() s['certfingerprints'].append((alg, fingerprint)) # Fingerprints from [hostfingerprints] are always SHA-1. -for fingerprint in ui.configlist('hostfingerprints', hostname): +for fingerprint in ui.configlist('hostfingerprints', bhostname): fingerprint = fingerprint.replace(':', '').lower() s['certfingerprints'].append(('sha1', fingerprint)) s['legacyfingerprint'] = True @@ -223,11 +224,11 @@ # If both fingerprints and a per-host ca file are specified, issue a warning # because users should not be surprised about what security is or isn't # being performed. -cafile = ui.config('hostsecurity', '%s:verifycertsfile' % hostname) +cafile = ui.config('hostsecurity', '%s:verifycertsfile' % bhostname) if s['certfingerprints'] and cafile: ui.warn(_('(hostsecurity.%s:verifycertsfile ignored when host ' 'fingerprints defined; using host fingerprints for ' - 'verification)\n') % hostname) + 'verification)\n') % bhostname) # Try to hook up CA certificate validation unless something above # makes it not necessary. @@ -237,8 +238,8 @@ cafile = util.expandpath(cafile) if not os.path.exists(cafile): raise error.Abort(_('path specified by %s does not exist: %s') % - ('hostsecurity.%s:verifycertsfile' % hostname, - cafile)) + ('hostsecurity.%s:verifycertsfile' % ( + bhostname,), cafile)) s['cafile'] = cafile else: # Find global certificates file in config. @@ -390,7 +391,7 @@ else: msg = e.args[1] raise error.Abort(_('error loading CA file %s: %s') % ( - settings['cafile'], msg), + settings['cafile'], util.forcebytestr(msg)), hint=_('file is empty or malformed?')) caloaded = True elif settings['allowloaddefaultcerts']: @@ -583,8 +584,10 @@ pats = [] if not dn: return False +dn = pycompat.bytesurl(dn) +hostname = pycompat.bytesurl(hostname) -piece
D2687: sslutil: lots of unicode/bytes cleanup
durin42 created this revision. Herald added a subscriber: mercurial-devel. Herald added a reviewer: hg-reviewers. REVISION SUMMARY In general, we handle hostnames as bytes, except where Python forces them to be unicodes. This fixes all the tracebacks I was seeing in test-https.t, but there's still some ECONNRESET weirdness that I can't hunt down... REPOSITORY rHG Mercurial REVISION DETAIL https://phab.mercurial-scm.org/D2687 AFFECTED FILES mercurial/sslutil.py CHANGE DETAILS diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py --- a/mercurial/sslutil.py +++ b/mercurial/sslutil.py @@ -113,6 +113,7 @@ Returns a dict of settings relevant to that hostname. """ +bhostname = pycompat.bytesurl(hostname) s = { # Whether we should attempt to load default/available CA certs # if an explicit ``cafile`` is not defined. @@ -162,14 +163,14 @@ ui.warn(_('warning: connecting to %s using legacy security ' 'technology (TLS 1.0); see ' 'https://mercurial-scm.org/wiki/SecureConnections for ' - 'more info\n') % hostname) + 'more info\n') % bhostname) defaultprotocol = 'tls1.0' key = 'minimumprotocol' protocol = ui.config('hostsecurity', key, defaultprotocol) validateprotocol(protocol, key) -key = '%s:minimumprotocol' % hostname +key = '%s:minimumprotocol' % bhostname protocol = ui.config('hostsecurity', key, protocol) validateprotocol(protocol, key) @@ -182,25 +183,25 @@ s['protocol'], s['ctxoptions'], s['protocolui'] = protocolsettings(protocol) ciphers = ui.config('hostsecurity', 'ciphers') -ciphers = ui.config('hostsecurity', '%s:ciphers' % hostname, ciphers) +ciphers = ui.config('hostsecurity', '%s:ciphers' % bhostname, ciphers) s['ciphers'] = ciphers # Look for fingerprints in [hostsecurity] section. Value is a list # of : strings. -fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname) +fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % bhostname) for fingerprint in fingerprints: if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))): raise error.Abort(_('invalid fingerprint for %s: %s') % ( -hostname, fingerprint), +bhostname, fingerprint), hint=_('must begin with "sha1:", "sha256:", ' 'or "sha512:"')) alg, fingerprint = fingerprint.split(':', 1) fingerprint = fingerprint.replace(':', '').lower() s['certfingerprints'].append((alg, fingerprint)) # Fingerprints from [hostfingerprints] are always SHA-1. -for fingerprint in ui.configlist('hostfingerprints', hostname): +for fingerprint in ui.configlist('hostfingerprints', bhostname): fingerprint = fingerprint.replace(':', '').lower() s['certfingerprints'].append(('sha1', fingerprint)) s['legacyfingerprint'] = True @@ -223,11 +224,11 @@ # If both fingerprints and a per-host ca file are specified, issue a warning # because users should not be surprised about what security is or isn't # being performed. -cafile = ui.config('hostsecurity', '%s:verifycertsfile' % hostname) +cafile = ui.config('hostsecurity', '%s:verifycertsfile' % bhostname) if s['certfingerprints'] and cafile: ui.warn(_('(hostsecurity.%s:verifycertsfile ignored when host ' 'fingerprints defined; using host fingerprints for ' - 'verification)\n') % hostname) + 'verification)\n') % bhostname) # Try to hook up CA certificate validation unless something above # makes it not necessary. @@ -237,8 +238,8 @@ cafile = util.expandpath(cafile) if not os.path.exists(cafile): raise error.Abort(_('path specified by %s does not exist: %s') % - ('hostsecurity.%s:verifycertsfile' % hostname, - cafile)) + ('hostsecurity.%s:verifycertsfile' % ( + bhostname,), cafile)) s['cafile'] = cafile else: # Find global certificates file in config. @@ -390,7 +391,7 @@ else: msg = e.args[1] raise error.Abort(_('error loading CA file %s: %s') % ( - settings['cafile'], msg), + settings['cafile'], util.forcebytestr(msg)), hint=_('file is empty or malformed?')) caloaded = True elif settings['allowloaddefaultcerts']: @@ -583,8 +584,10 @@ pats = [] if not dn: return False +dn = pycompat.bytesurl(dn) +hostname = pycompat.bytesurl(hostname)