[PATCH 1 of 3 ssl-followups] sslutil: drop support for clients of sslutil specifying a TLS version
Augie Fackler
raf at durin42.com
Wed Jan 14 20:53:25 UTC 2015
# HG changeset patch
# User Augie Fackler <augie at google.com>
# Date 1421267476 18000
# Wed Jan 14 15:31:16 2015 -0500
# Node ID 46f317f81963553a3a8280c0085560b708baad64
# Parent 40d582ff434f3fdca4f78655503bb177388dda66
sslutil: drop support for clients of sslutil specifying a TLS version
We really just want to support the newest thing possible, so we may as
well consolidate that knowledge into this module. Right now this
doesn't change any behavior, but a future change will fix the defaults
for Python 2.7.9 so we can use slightly better defaults there (which
is the only place it's possible at the moment.)
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -18,10 +18,9 @@ try:
try:
ssl_context = ssl.SSLContext
- def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
- cert_reqs=ssl.CERT_NONE, ca_certs=None,
- serverhostname=None):
- sslcontext = ssl.SSLContext(ssl_version)
+ def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE,
+ ca_certs=None, serverhostname=None):
+ sslcontext = ssl.SSLContext(PROTOCOL_TLSv1)
if certfile is not None:
sslcontext.load_cert_chain(certfile, keyfile)
sslcontext.verify_mode = cert_reqs
@@ -37,12 +36,11 @@ try:
raise util.Abort(_('ssl connection failed'))
return sslsocket
except AttributeError:
- def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
- cert_reqs=ssl.CERT_NONE, ca_certs=None,
- serverhostname=None):
+ def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE,
+ ca_certs=None, serverhostname=None):
sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
cert_reqs=cert_reqs, ca_certs=ca_certs,
- ssl_version=ssl_version)
+ ssl_version=PROTOCOL_TLSv1)
# check if wrap_socket failed silently because socket had been
# closed
# - see http://bugs.python.org/issue13721
@@ -56,9 +54,8 @@ except ImportError:
import socket, httplib
- def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
- cert_reqs=CERT_REQUIRED, ca_certs=None,
- serverhostname=None):
+ def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=CERT_REQUIRED,
+ ca_certs=None, serverhostname=None):
if not util.safehasattr(socket, 'ssl'):
raise util.Abort(_('Python SSL support not found'))
if ca_certs:
@@ -126,8 +123,7 @@ def _plainapplepython():
exe.startswith('/system/library/frameworks/python.framework/'))
def sslkwargs(ui, host):
- kws = {'ssl_version': PROTOCOL_TLSv1,
- }
+ kws = {}
hostfingerprint = ui.config('hostfingerprints', host)
if hostfingerprint:
return kws
More information about the Mercurial-devel
mailing list