Mercurial failing on TLSv1.2 repos, but I wrote a patch

Warren Melnick wmelnick at millenniumweb.com
Mon Jul 20 11:37:57 CDT 2015


I am having problems working with repos which use TLSv1.2.  I tracked down the problem to an ssl wrapper which is using TLSv1 instead of SSLv23.

This small change fixed it for me:


--- mercurial-3.4.2-1/mercurial/sslutil.py 2015-07-01 18:46:36.000000000 -0400

+++ mercurial-3.4.2-2/mercurial/sslutil.py 2015-07-20 12:36:17.946962585 -0400

@@ -55,7 +55,7 @@ try:

                             ca_certs=None, serverhostname=None):

             sslsocket = ssl.wrap_socket(sock, keyfile, certfile,

                                         cert_reqs=cert_reqs, ca_certs=ca_certs,

-                                        ssl_version=ssl.PROTOCOL_TLSv1)

+                                        ssl_version=ssl.PROTOCOL_SSLv23)

             # check if wrap_socket failed silently because socket had been

             # closed

             # - see http://bugs.python.org/issue13721

Hope this helps out someone else.

Sincerely,
--
Warren Melnick
Director of IT & Security

[cid:3329740841_1500509]
Millennium Communications
6900 Jericho Tpke., Suite 100LL
Syosset, NY  11791
Tel:      516-682-8080 x258
Fax:     516-682-9090
Web:    www.millenniumweb.com<http://www.millenniumweb.com/>
Email:  wmelnick at millenniumweb.com<mailto:wmelnick at millenniumweb.com>

This electronic message transmission contains information from Millennium Communications, Inc. that may be confidential or privileged. The information is intended to be for the use of only the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify the sender by replying to this e-mail and immediately deleting this email and any attachments from your system along with any copies you may have made, electronic or otherwise.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://selenic.com/pipermail/mercurial-devel/attachments/20150720/da4a30ff/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: E3C086D6-E38A-4470-9344-710543CE95F4[31].png
Type: image/png
Size: 1680 bytes
Desc: E3C086D6-E38A-4470-9344-710543CE95F4[31].png
URL: <http://selenic.com/pipermail/mercurial-devel/attachments/20150720/da4a30ff/attachment.png>


More information about the Mercurial-devel mailing list