[PATCH V2] sslutil - add tls 1.3 support - done during IETF101 Hackathon

Matt Harbison mharbison72 at gmail.com
Thu Mar 29 23:12:12 EDT 2018 

On Thu, 29 Mar 2018 11:51:20 -0400, Codarren Velvindron  
<codarren at hackers.mu> wrote:

> Hello Yuya,
>
> As usual, thank you for your review.
>
> Could you elaborate on below statement please?
>
> "Can you narrow the scope of '#if tls1.3'? It requires very recent  
> versions
> of Python."
>
> Best Regards,
> Codarren
>
> On Mon, Mar 26, 2018 at 5:18 PM, Yuya Nishihara <yuya at tcha.org> wrote:
>
>> On Mon, 26 Mar 2018 13:43:59 +0400, Codarren Velvindron wrote:
>> > # HG changeset patch
>> > # User Codarren Velvindron <codarren at hackers.mu>
>> > # Date 1522053522 -14400
>> > #      Mon Mar 26 12:38:42 2018 +0400
>> > # Node ID e11770b0adde6283965cafff1d6214a048417bfe
>> > # Parent  6715e8035b4ff9379a80f5413a4e9148114ab256
>> > sslutil: add tls 1.3 support
>>
>> [...]
>>
>> > -#if sslcontext tls1.2
>> > +#if sslcontext tls1.3

By changing the conditional here to 1.3, you are requiring support for 1.3  
in order to run the 1.2 tests below.  So instead of changing this line,  
just use #endif after the 1.2 test, and open a 1.3 conditional around the  
1.3 tests.  (Sadly, nested #if isn't supported.)

>> >  Start servers running supported TLS versions
>> >
>> >    $ cd test
>> > @@ -456,6 +457,9 @@
>> >    $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid  
>> --certificate=$PRIV \
>> >    > --config devel.serverexactprotocol=tls1.2
>> >    $ cat ../hg2.pid >> $DAEMON_PIDS
>> > +  $ hg serve -p $HGPORT3 -d --pid-file=../hg3.pid  
>> --certificate=$PRIV \
>> > +  > --config devel.serverexactprotocol=tls1.3
>> > +  $ cat ../hg3.pid >> $DAEMON_PIDS
>> >    $ cd ..
>> >
>> >  Clients talking same TLS versions work
>> > @@ -466,6 +470,8 @@
>> >    5fed3813f7f5
>> >    $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id
>> https://localhost:$HGPORT2/
>> >    5fed3813f7f5
>> > +  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.3 id
>> https://localhost:$HGPORT3/
>> > +  5fed3813f7f5
>>
>> Can you narrow the scope of '#if tls1.3'? It requires very recent  
>> versions
>> of Python.
>>
>> Other than that, the patch looks good to me. Thanks.

More information about the Mercurial-devel mailing list