Rev 6259: The https test server will now refuse connections if an ssl error occurs during the handshake. Ssl errors and certificate errors aborts requests without re-trying them. in file:///home/vila/src/bzr/reviews/urllib-verifies-ssl-certs/
Vincent Ladeuil
v.ladeuil+lp at free.fr
Thu Jan 19 17:14:27 UTC 2012
At file:///home/vila/src/bzr/reviews/urllib-verifies-ssl-certs/
------------------------------------------------------------
revno: 6259
revision-id: v.ladeuil+lp at free.fr-20120119171427-xhxthhw3mtz35hpf
parent: v.ladeuil+lp at free.fr-20120119163608-77v8z7firiewep4o
committer: Vincent Ladeuil <v.ladeuil+lp at free.fr>
branch nick: urllib-verifies-ssl-certs
timestamp: Thu 2012-01-19 18:14:27 +0100
message:
The https test server will now refuse connections if an ssl error occurs during the handshake. Ssl errors and certificate errors aborts requests without re-trying them.
-------------- next part --------------
=== modified file 'bzrlib/tests/https_server.py'
--- a/bzrlib/tests/https_server.py 2011-01-10 22:20:12 +0000
+++ b/bzrlib/tests/https_server.py 2012-01-19 17:14:27 +0000
@@ -49,7 +49,13 @@
serving = test_server.TestingTCPServerMixin.verify_request(
self, request, client_address)
if serving:
- request.do_handshake()
+ try:
+ request.do_handshake()
+ except ssl.SSLError, e:
+ # FIXME: We proabaly want more tests to capture which ssl
+ # errors are worth reporting but mostly our tests want an https
+ # server that works -- vila 2012-01-19
+ return False
return serving
def ignored_exceptions_during_shutdown(self, e):
=== modified file 'bzrlib/transport/http/_urllib2_wrappers.py'
--- a/bzrlib/transport/http/_urllib2_wrappers.py 2012-01-04 23:47:39 +0000
+++ b/bzrlib/transport/http/_urllib2_wrappers.py 2012-01-19 17:14:27 +0000
@@ -413,13 +413,12 @@
return
dnsnames.append(value)
if len(dnsnames) > 1:
- raise errors.CertificateError("hostname %r "
- "doesn't match either of %s"
+ raise errors.CertificateError(
+ "hostname %r doesn't match either of %s"
% (hostname, ', '.join(map(repr, dnsnames))))
elif len(dnsnames) == 1:
- raise errors.CertificateError("hostname %r "
- "doesn't match %r"
- % (hostname, dnsnames[0]))
+ raise errors.CertificateError("hostname %r doesn't match %r" %
+ (hostname, dnsnames[0]))
else:
raise errors.CertificateError("no appropriate commonName or "
"subjectAltName fields were found")
@@ -788,6 +787,10 @@
% (request, request.connection.sock.getsockname())
response = connection.getresponse()
convert_to_addinfourl = True
+ except (ssl.SSLError, errors.CertificateError):
+ # Something is wrong with either the certificate or the hostname,
+ # re-trying won't help
+ raise
except (socket.gaierror, httplib.BadStatusLine, httplib.UnknownProtocol,
socket.error, httplib.HTTPException):
response = self.retry_or_raise(http_class, request, first_try)
More information about the bazaar-commits
mailing list