This is an archive of the discontinued Mercurial Phabricator instance.

Differential D3955

mail: modernize check for Python-with-TLS
ClosedPublic

Authored by durin42 on Jul 16 2018, 7:16 PM.

Details

Reviewers
indygreg
Group Reviewers
hg-reviewers
Commits
rHG569d662816de: mail: modernize check for Python-with-TLS
Summary

We used to be going indirectly through the socket module, but now we
just check for the ssl module.

Diff Detail

Repository
rHG Mercurial
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

durin42 created this revision.Jul 16 2018, 7:16 PM
yuja added a subscriber: yuja.Jul 17 2018, 9:25 AM

+def _pyhastls():
+ """Returns true iff Python has TLS support, false otherwise."""
+ try:
+ import ssl
+ getattr(ssl, 'HAS_TLS', False)
+ return True
+ except ImportError:
+ return False

Maybe we can simply remove the check since we've dropped support for
Python 2.5.

durin42 added a comment.Jul 17 2018, 9:30 PM

Maybe we can simply remove the check since we've dropped support for
Python 2.5.

No, we're looking to see if the ssl module is importable - if it's not, that means Python was compiled without TLS support (which is an option, even on 3.x and 2.7). I'm just sniffing for this particular attribute to force the import. Maybe I should add a comment?

yuja added a comment.Jul 18 2018, 7:48 AM
>   Maybe we can simply remove the check since we've dropped support for
>   Python 2.5.
No, we're looking to see if the ssl module is importable - if it's not, that means Python was compiled without TLS support (which is an option, even on 3.x and 2.7). I'm just sniffing for this particular attribute to force the import.

That's true, but I don't think we've ever had support for Python 2.6+ without
OpenSSL. Some commands would work thanks to our demandimport, but it also means
some stdlib modules (e.g. httlib) would be broken because import ssl doesn't
fail.

durin42 updated this revision to Diff 10191.Aug 9 2018, 4:43 PM
durin42 updated this revision to Diff 10195.Aug 9 2018, 4:48 PM
indygreg accepted this revision.Aug 9 2018, 11:00 PM
indygreg added a subscriber: indygreg.

I think this utility function should live in sslutil.py.

mercurial/mail.py
85–92

We may want to consider moving this to sslutil.py and refactoring sslutil.py to not crash and burn if the ssl module doesn't work (which I'm pretty sure it will do today).

This revision is now accepted and ready to land.Aug 9 2018, 11:00 PM
Closed by commit rHG569d662816de: mail: modernize check for Python-with-TLS (authored by durin42). · Explain WhyAug 9 2018, 11:02 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathPackages
Mmercurial/mail.py (11 lines)

Diff 10247

mercurial/mail.py

new_socket = socket.create_connection((host, port), timeout) new_socket = socket.create_connection((host, port), timeout)
new_socket = sslutil.wrapsocket(new_socket, new_socket = sslutil.wrapsocket(new_socket,
self.keyfile, self.certfile, self.keyfile, self.certfile,
ui=self._ui, ui=self._ui,
serverhostname=self._host) serverhostname=self._host)
self.file = smtplib.SSLFakeFile(new_socket) self.file = smtplib.SSLFakeFile(new_socket)
return new_socket return new_socket
def _pyhastls():
"""Returns true iff Python has TLS support, false otherwise."""
try:
import ssl
getattr(ssl, 'HAS_TLS', False)
return True
except ImportError:
return False
indygregUnsubmitted
Not Done

We may want to consider moving this to sslutil.py and refactoring sslutil.py to not crash and burn if the ssl module doesn't work (which I'm pretty sure it will do today).

indygreg: We may want to consider moving this to `sslutil.py` and refactoring `sslutil.py` to not crash…
def _smtp(ui): def _smtp(ui):
'''build an smtp connection and return a function to send mail''' '''build an smtp connection and return a function to send mail'''
local_hostname = ui.config('smtp', 'local_hostname') local_hostname = ui.config('smtp', 'local_hostname')
tls = ui.config('smtp', 'tls') tls = ui.config('smtp', 'tls')
# backward compatible: when tls = true, we use starttls. # backward compatible: when tls = true, we use starttls.
starttls = tls == 'starttls' or stringutil.parsebool(tls) starttls = tls == 'starttls' or stringutil.parsebool(tls)
smtps = tls == 'smtps' smtps = tls == 'smtps'
if (starttls or smtps) and not util.safehasattr(socket, 'ssl'): if (starttls or smtps) and not _pyhastls():
raise error.Abort(_("can't use TLS: Python SSL support not installed")) raise error.Abort(_("can't use TLS: Python SSL support not installed"))
mailhost = ui.config('smtp', 'host') mailhost = ui.config('smtp', 'host')
if not mailhost: if not mailhost:
raise error.Abort(_('smtp.host not configured - cannot send mail')) raise error.Abort(_('smtp.host not configured - cannot send mail'))
if smtps: if smtps:
ui.note(_('(using smtps)\n')) ui.note(_('(using smtps)\n'))
s = SMTPS(ui, local_hostname=local_hostname, host=mailhost) s = SMTPS(ui, local_hostname=local_hostname, host=mailhost)
elif starttls: elif starttls: