/brz/remove-bazaar : contents of breezy/transport/http/__init_

: (revision 7532)

To get this branch, use:

bzr branch
http://gegoxaren.bato24.eu/bzr/brz/remove-bazaar

4763.2.4 by John Arbash Meinel merge bzr.2.1 in preparation for NEWS entry.	1	# Copyright (C) 2005-2010 Canonical Ltd
1540.3.18 by Martin Pool Style review fixes (thanks robertc)	2	#
1185.11.19 by John Arbash Meinel Testing put and append, also testing agaist file-like objects as well as strings.	3	# This program is free software; you can redistribute it and/or modify
	4	# it under the terms of the GNU General Public License as published by
	5	# the Free Software Foundation; either version 2 of the License, or
	6	# (at your option) any later version.
1540.3.18 by Martin Pool Style review fixes (thanks robertc)	7	#
1185.11.19 by John Arbash Meinel Testing put and append, also testing agaist file-like objects as well as strings.	8	# This program is distributed in the hope that it will be useful,
	9	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	10	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	11	# GNU General Public License for more details.
1540.3.18 by Martin Pool Style review fixes (thanks robertc)	12	#
1185.11.19 by John Arbash Meinel Testing put and append, also testing agaist file-like objects as well as strings.	13	# You should have received a copy of the GNU General Public License
	14	# along with this program; if not, write to the Free Software
4183.7.1 by Sabin Iacob update FSF mailing address	15	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
1540.3.3 by Martin Pool Review updates of pycurl transport	16
	17	"""Base implementation of Transport over http.
	18
	19	There are separate implementation modules for each http client implementation.
907.1.21 by John Arbash Meinel Adding http transport as a valid transport protocol.	20	"""
	21
7296.2.1 by Jelmer Vernooĳ Integrate _urllib2_wrappers.	22	DEBUG = 0
7296.2.1 by Jelmer Vernooĳ Integrate _urllib2_wrappers.	23
6450.2.1 by Vincent Ladeuil Avoid invalid range access errors on whole files when using http transport	24	import os
7296.2.1 by Jelmer Vernooĳ Integrate _urllib2_wrappers.	25	import ssl
2172.3.2 by v.ladeuil+lp at free Fix the missing import and typos in comments.	26	import sys
7490.159.1 by Jelmer Vernooĳ Split urllib out.	27
7490.159.1 by Jelmer Vernooĳ Split urllib out.	28
6624 by Jelmer Vernooĳ Merge Python3 porting work ('py3 pokes')	29	from ... import (
7490.159.1 by Jelmer Vernooĳ Split urllib out.	30	version_string as breezy_version,
7296.2.1 by Jelmer Vernooĳ Integrate _urllib2_wrappers.	31	config,
2018.2.2 by Andrew Bennetts Implement HTTP smart server.	32	)
1540.3.6 by Martin Pool [merge] update from bzr.dev	33
7296.2.1 by Jelmer Vernooĳ Integrate _urllib2_wrappers.	34
7296.10.4 by Jelmer Vernooĳ Allow overriding user agent.	35	def default_user_agent():
	36	return 'Breezy/%s' % breezy_version
	37
	38
7296.2.1 by Jelmer Vernooĳ Integrate _urllib2_wrappers.	39	# Note for packagers: if there is no package providing certs for your platform,
	40	# the curl project produces http://curl.haxx.se/ca/cacert.pem weekly.
	41	_ssl_ca_certs_known_locations = [
	42	u'/etc/ssl/certs/ca-certificates.crt', # Ubuntu/debian/gentoo
	43	u'/etc/pki/tls/certs/ca-bundle.crt', # Fedora/CentOS/RH
	44	u'/etc/ssl/ca-bundle.pem', # OpenSuse
	45	u'/etc/ssl/cert.pem', # OpenSuse
	46	u"/usr/local/share/certs/ca-root-nss.crt", # FreeBSD
	47	# XXX: Needs checking, can't trust the interweb ;) -- vila 2012-01-25
	48	u'/etc/openssl/certs/ca-certificates.crt', # Solaris
	49	]
	50
	51
	52	def default_ca_certs():
	53	if sys.platform == 'win32':
	54	return os.path.join(os.path.dirname(sys.executable), u"cacert.pem")
	55	elif sys.platform == 'darwin':
	56	# FIXME: Needs some default value for osx, waiting for osx installers
	57	# guys feedback -- vila 2012-01-25
	58	pass
	59	else:
	60	# Try known locations for friendly OSes providing the root certificates
	61	# without making them hard to use for any https client.
	62	for path in _ssl_ca_certs_known_locations:
	63	if os.path.exists(path):
	64	# First found wins
	65	return path
	66	# A default path that makes sense and will be mentioned in the error
	67	# presented to the user, even if not correct for all platforms
	68	return _ssl_ca_certs_known_locations[0]
	69
	70
	71	def ca_certs_from_store(path):
	72	if not os.path.exists(path):
	73	raise ValueError("ca certs path %s does not exist" % path)
	74	return path
	75
	76
	77	def cert_reqs_from_store(unicode_str):
	78	import ssl
	79	try:
	80	return {"required": ssl.CERT_REQUIRED,
	81	"none": ssl.CERT_NONE}[unicode_str]
	82	except KeyError:
	83	raise ValueError("invalid value %s" % unicode_str)
	84
	85
	86	def default_ca_reqs():
	87	if sys.platform in ('win32', 'darwin'):
	88	# FIXME: Once we get a native access to root certificates there, this
	89	# won't needed anymore. See http://pad.lv/920455 -- vila 2012-02-15
	90	return u'none'
	91	else:
	92	return u'required'
	93
	94
	95	opt_ssl_ca_certs = config.Option('ssl.ca_certs',
	96	from_unicode=ca_certs_from_store,
	97	default=default_ca_certs,
	98	invalid='warning',
	99	help="""\
	100	Path to certification authority certificates to trust.
	101
	102	This should be a valid path to a bundle containing all root Certificate
103	Authorities used to verify an https server certificate.
104
105	Use ssl.cert_reqs=none to disable certificate verification.
106	""")
107
108	opt_ssl_cert_reqs = config.Option('ssl.cert_reqs',
109	default=default_ca_reqs,
110	from_unicode=cert_reqs_from_store,
111	invalid='error',
112	help="""\
113	Whether to require a certificate from the remote side. (default:required)
114
115	Possible values:
116	* none: Certificates ignored
117	* required: Certificates required and validated
118	""")