← Back to branch summary

~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/transport/http/_urllib2_wrappers.py

  • Committer: Jelmer Vernooij
  • Date: 2012-04-16 11:08:11 UTC
  • mfrom: (6521 +trunk)
  • mto: This revision was merged to the branch mainline in revision 6522.
  • Revision ID: jelmer@samba.org-20120416110811-0y996ihqy9o2bb1t
Merge bzr.dev.

Show diffs side-by-side

added added

removed removed

Lines of Context:
bzrlib/transport/http/_urllib2_wrappers.py
86
86
    # XXX: Needs checking, can't trust the interweb ;) -- vila 2012-01-25
87
87
    u'/etc/openssl/certs/ca-certificates.crt', # Solaris
88
88
    ]
89
 
 
90
89
def default_ca_certs():
91
90
    if sys.platform == 'win32':
92
 
        return os.path.join(os.path.dirname(sys.executable), u"ca_bundle.crt")
 
91
        return os.path.join(os.path.dirname(sys.executable), u"cacert.pem")
93
92
    elif sys.platform == 'darwin':
94
93
        # FIXME: Needs some default value for osx, waiting for osx installers
95
94
        # guys feedback -- vila 2012-01-25
122
121
    except KeyError:
123
122
        raise ValueError("invalid value %s" % unicode_str)
124
123
 
 
124
def default_ca_reqs():
 
125
    if sys.platform in ('win32', 'darwin'):
 
126
        # FIXME: Once we get a native access to root certificates there, this
 
127
        # won't needed anymore. See http://pad.lv/920455 -- vila 2012-02-15
 
128
        return u'none'
 
129
    else:
 
130
        return u'required'
125
131
 
126
132
opt_ssl_ca_certs = config.Option('ssl.ca_certs',
127
133
        from_unicode=ca_certs_from_store,
137
143
""")
138
144
 
139
145
opt_ssl_cert_reqs = config.Option('ssl.cert_reqs',
140
 
        default=u"required",
 
146
        default=default_ca_reqs,
141
147
        from_unicode=cert_reqs_from_store,
142
148
        invalid='error',
143
149
        help="""\
470
476
        # FIXME JRV 2011-12-18: Use location config here?
471
477
        config_stack = config.GlobalStack()
472
478
        cert_reqs = config_stack.get('ssl.cert_reqs')
 
479
        if self.proxied_host is not None:
 
480
            host = self.proxied_host.split(":", 1)[0]
 
481
        else:
 
482
            host = self.host
473
483
        if cert_reqs == ssl.CERT_NONE:
474
 
            trace.warning("Not checking SSL certificate for %s: %d",
475
 
                self.host, self.port)
 
484
            trace.warning("Not checking SSL certificate for %s", host)
476
485
            ca_certs = None
477
486
        else:
478
487
            if self.ca_certs is None:
497
506
            raise
498
507
        if cert_reqs == ssl.CERT_REQUIRED:
499
508
            peer_cert = ssl_sock.getpeercert()
500
 
            match_hostname(peer_cert, self.host)
 
509
            match_hostname(peer_cert, host)
501
510
 
502
511
        # Wrap the ssl socket before anybody use it
503
512
        self._wrap_socket_for_reporting(ssl_sock)