[MERGE] Implement native python ssl support for https

Vincent Ladeuil v.ladeuil+lp at free.fr
Thu Jan 8 14:56:16 GMT 2009


>>>>> "Ian" == Ian Clatworthy <ian.clatworthy at internode.on.net> writes:

    Ian> Vincent Ladeuil wrote:
    >> This patch starts using the ssl module provided by python-2.6 to
    >> implement https support for our urllib https client.
    >> 
    >> As a first step it mainly provides an https test server and add a
    >> test permutation for both pycurl and urllib to exercise it
    >> against all our current transport tests.

    Ian> Assuming the usages of openssl are correct in the create_ssls.py
    Ian> tool you've written, the rest looks good to me.

    Ian> bb:tweak

    Ian> A NEWS entry under TESTING would be good.

Ok.

    >> +        return sslconn, addr
    >> +
    >> +class TestingHTTPSServer(TestingHTTPSServerMixin,

    Ian> Extra blank line needed between classes.

    >> +    # Provides usable defaults since an https server requires both a

    Ian> s/since an/since a/

    >> +# Directory containing all ssl files, keys or certificates
    >> +base_dir = osutils.dirname(osutils.realpath(__file__))
    >> +
    >> +def build_path(name):

    Ian> Extra blank line before function.

    >> +    if tests.HTTPSServerFeature.available():
    >> +        from bzrlib.tests import (
    >> +            https_server,
    >> +            ssl_certs,
    >> +            )
    >> +
    >> +        class HTTPS_pycurl_transport(PyCurlTransport):
    >> +
    >> +            def __init__(self, base, _from_transport=None):
    >> +                super(HTTPS_pycurl_transport, self).__init__(base,
    >> +                                                             _from_transport)
    >> +                self.cabundle = str(ssl_certs.build_path('ca.crt'))
    >> +
    >> +        permutations.append((HTTPS_pycurl_transport,
    >> +                             https_server.HTTPSServer_PyCurl))

    >> +    if tests.HTTPSServerFeature.available():
    >> +        from bzrlib.tests import https_server
    >> +        permutations.append((HttpTransport_urllib,
    >> +                             https_server.HTTPSServer_urllib))

    Ian> Why did you not declare a HTTPS_urllib_transport like you did
    Ian> a HTTP_pycurl_transport?

Because the urllib one doesn't verify certificates yet, so it
doesn't need the extra parameters.

It also helps to ensure that the https server is correctly
implemented by testing it with pycurl which is supposed to be
correct regarding https.

        Vincent




More information about the bazaar mailing list