[Bug 5034] New: Reversed logic in sslutil.py breaks Mercurial on Mac
mercurial-bugs at selenic.com
mercurial-bugs at selenic.com
Fri Jan 8 15:26:26 UTC 2016
https://bz.mercurial-scm.org/show_bug.cgi?id=5034
Bug ID: 5034
Summary: Reversed logic in sslutil.py breaks Mercurial on Mac
Product: Mercurial
Version: stable branch
Hardware: Macintosh
OS: Mac OS
Status: UNCONFIRMED
Severity: bug
Priority: urgent
Component: Mercurial
Assignee: bugzilla at selenic.com
Reporter: gabor.stefanik at nng.com
CC: mercurial-devel at selenic.com
sslutil.py has this line:
> sslcontext.options &= ssl.OP_NO_SSLv2 & ssl.OP_NO_SSLv3
This is incorrect, as ssl.OP_NO_SSLv2 & ssl.OP_NO_SSLv3 == 0, so this simply
clears all options set.
Since Python on OS X Yosemite ships with a version of openssl that doesn't
support unsetting existing options, this causes a crash when accessing repos
over https:
> ValueError: can't clear options before OpenSSL 0.9.8m
The comment above this line suggests that it is supposed to disable SSLv2 and
SSLv3, to prevent POODLE. In that case, the correct line is:
> sslcontext.options |= ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Mercurial-devel
mailing list