← Back to branch summary

~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/transport/http/_urllib2_wrappers.py

  • Committer: Vincent Ladeuil
  • Date: 2012-01-31 16:36:53 UTC
  • mto: (6437.23.3 2.5)
  • mto: This revision was merged to the branch mainline in revision 6458.
  • Revision ID: v.ladeuil+lp@free.fr-20120131163653-j5z45vjfx8a6h2d0
Feedback from mgz.

Show diffs side-by-side

added added

removed removed

Lines of Context:
bzrlib/transport/http/_urllib2_wrappers.py
126
126
opt_ssl_ca_certs = config.Option('ssl.ca_certs',
127
127
        from_unicode=ca_certs_from_store,
128
128
        default=default_ca_certs,
129
 
        invalid='error',
 
129
        invalid='warning',
130
130
        help="""\
131
131
Path to certification authority certificates to trust.
 
132
 
 
133
This should be a valid path to a bundle containing all root Certificate
 
134
Authorities used to verify an https server certificate.
 
135
 
 
136
Use ssl.cert_reqs=none to disable certificate verification.
132
137
""")
133
138
 
134
139
opt_ssl_cert_reqs = config.Option('ssl.cert_reqs',
466
471
        config_stack = config.GlobalStack()
467
472
        cert_reqs = config_stack.get('ssl.cert_reqs')
468
473
        if cert_reqs == ssl.CERT_NONE:
469
 
            trace.warning("not checking SSL certificates for %s: %d",
 
474
            trace.warning("Not checking SSL certificate for %s: %d",
470
475
                self.host, self.port)
471
476
            ca_certs = None
472
477
        else:
476
481
                ca_certs = self.ca_certs
477
482
            if ca_certs is None:
478
483
                trace.warning(
479
 
                    "no valid trusted SSL CA certificates file set. See "
 
484
                    "No valid trusted SSL CA certificates file set. See "
480
485
                    "'bzr help ssl.ca_certs' for more information on setting "
481
 
                    "trusted CA's.")
 
486
                    "trusted CAs.")
482
487
        try:
483
488
            ssl_sock = ssl.wrap_socket(self.sock, self.key_file, self.cert_file,
484
489
                cert_reqs=cert_reqs, ca_certs=ca_certs)
485
490
        except ssl.SSLError, e:
486
 
            if e.errno != ssl.SSL_ERROR_SSL:
487
 
                raise
488
 
            trace.note(
489
 
                "To disable SSL certificate verification, use "
490
 
                "-Ossl.cert_reqs=none. See ``bzr help ssl.ca_certs`` for "
491
 
                "more information on specifying trusted CA certificates.")
 
491
            if e.errno == ssl.SSL_ERROR_SSL:
 
492
                trace.note(
 
493
                    "To disable SSL certificate verification, use "
 
494
                    "-Ossl.cert_reqs=none. See ``bzr help ssl.ca_certs`` for "
 
495
                    "more information on specifying trusted CAs.")
492
496
            raise
493
497
        if cert_reqs == ssl.CERT_REQUIRED:
494
498
            peer_cert = ssl_sock.getpeercert()