[PATCH] httpconnection: force SSLv3 if the ssl module is available
Augie Fackler
raf at durin42.com
Wed May 15 14:32:07 CDT 2013
# HG changeset patch
# User Augie Fackler <raf at durin42.com>
# Date 1368646190 14400
# Wed May 15 15:29:50 2013 -0400
# Branch stable
# Node ID 900ab7c23f9ed458a8fc58ad3db239de8568f87b
# Parent 278057693a1ddb93f95fa641e30e7a966ac98434
httpconnection: force SSLv3 if the ssl module is available
diff --git a/mercurial/httpconnection.py b/mercurial/httpconnection.py
--- a/mercurial/httpconnection.py
+++ b/mercurial/httpconnection.py
@@ -279,6 +279,13 @@
kwargs['keyfile'] = keyfile
if certfile:
kwargs['certfile'] = certfile
+ try:
+ import ssl
+ kwargs['ssl_version'] = ssl.PROTOCOL_SSLv3
+ except ImportError:
+ # Python < 2.6 won't have an ssl module, so we can't force SSLv3.
+ pass
+
kwargs.update(sslutil.sslkwargs(self.ui, host))
More information about the Mercurial-devel
mailing list