Mercurial Mercurial > hg-stable / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: drop support for clients of sslutil specifying a TLS version
authorAugie Fackler <augie@google.com>
Wed, 14 Jan 2015 15:31:16 -0500
changeset 23849 58080815f667
parent 23848 c5456b64eb07
child 23850 e1931f7cd977
sslutil: drop support for clients of sslutil specifying a TLS version We really just want to support the newest thing possible, so we may as well consolidate that knowledge into this module. Right now this doesn't change any behavior, but a future change will fix the defaults for Python 2.7.9 so we can use slightly better defaults there (which is the only place it's possible at the moment.)
mercurial/sslutil.py file | annotate | diff | comparison | revisions 
--- a/mercurial/sslutil.py	Wed Jan 07 00:07:29 2015 -0800
+++ b/mercurial/sslutil.py	Wed Jan 14 15:31:16 2015 -0500
@@ -18,10 +18,9 @@
     try:
         ssl_context = ssl.SSLContext
 
-        def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
-                            cert_reqs=ssl.CERT_NONE, ca_certs=None,
-                            serverhostname=None):
-            sslcontext = ssl.SSLContext(ssl_version)
+        def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE,
+                            ca_certs=None, serverhostname=None):
+            sslcontext = ssl.SSLContext(PROTOCOL_TLSv1)
             if certfile is not None:
                 sslcontext.load_cert_chain(certfile, keyfile)
             sslcontext.verify_mode = cert_reqs
@@ -37,12 +36,11 @@
                 raise util.Abort(_('ssl connection failed'))
             return sslsocket
     except AttributeError:
-        def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
-                            cert_reqs=ssl.CERT_NONE, ca_certs=None,
-                            serverhostname=None):
+        def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE,
+                            ca_certs=None, serverhostname=None):
             sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
                                         cert_reqs=cert_reqs, ca_certs=ca_certs,
-                                        ssl_version=ssl_version)
+                                        ssl_version=PROTOCOL_TLSv1)
             # check if wrap_socket failed silently because socket had been
             # closed
             # - see http://bugs.python.org/issue13721
@@ -56,9 +54,8 @@
 
     import socket, httplib
 
-    def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
-                        cert_reqs=CERT_REQUIRED, ca_certs=None,
-                        serverhostname=None):
+    def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=CERT_REQUIRED,
+                        ca_certs=None, serverhostname=None):
         if not util.safehasattr(socket, 'ssl'):
             raise util.Abort(_('Python SSL support not found'))
         if ca_certs:
@@ -126,8 +123,7 @@
             exe.startswith('/system/library/frameworks/python.framework/'))
 
 def sslkwargs(ui, host):
-    kws = {'ssl_version': PROTOCOL_TLSv1,
-           }
+    kws = {}
     hostfingerprint = ui.config('hostfingerprints', host)
     if hostfingerprint:
         return kws
hg-stable