[PATCH stable resend] url: fix UnicodeDecodeError on certificate verification error
Yuya Nishihara
yuya at tcha.org
Sat Jan 8 12:54:06 UTC 2011
# HG changeset patch
# User Yuya Nishihara <yuya at tcha.org>
# Date 1294491145 -32400
# Branch stable
# Node ID 74ed7f84498b066d6d90c97a3b15240b499365c1
# Parent 0b30e6148ec5e672662b714b3012c91d7487996e
url: fix UnicodeDecodeError on certificate verification error
SSLSockect.getpeercert() returns tuple containing unicode for 'subject'.
Since Mercurial does't support IDN at all, it just returns error for non-ascii
certname.
diff --git a/mercurial/url.py b/mercurial/url.py
--- a/mercurial/url.py
+++ b/mercurial/url.py
@@ -498,7 +498,11 @@ def _verifycert(cert, hostname):
for s in cert.get('subject', []):
key, value = s[0]
if key == 'commonName':
- certname = value.lower()
+ try:
+ # 'subject' entries are unicode
+ certname = value.lower().encode('ascii')
+ except UnicodeEncodeError:
+ return _('IDN in certificate not supported')
if (certname == dnsname or
'.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1]):
return None
diff --git a/tests/test-url.py b/tests/test-url.py
--- a/tests/test-url.py
+++ b/tests/test-url.py
@@ -36,3 +36,7 @@ check(_verifycert({'subject': ()},
'no commonName found in certificate')
check(_verifycert(None, 'example.com'),
'no certificate received')
+
+# Unicode (IDN) certname isn't supported
+check(_verifycert(cert(u'\u4f8b.jp'), 'exmaple.jp'),
+ 'IDN in certificate not supported')
More information about the Mercurial-devel
mailing list