Mercurial > hg-stable

changeset 44951:dd7c4a208a4e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: check for OpenSSL without TLS 1.0 support in one case It can only happen if supportedprotocols gets fixed to contain only correct items (see the FIXME above in the file).
author Manuel Jacob <me@manueljacob.de>
date Sun, 31 May 2020 12:07:17 +0200
parents abcd6db1f2cc
children 95c832849955
files mercurial/sslutil.py
diffstat 1 files changed, 2 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/sslutil.py	Sun May 31 11:10:21 2020 +0200
+++ b/mercurial/sslutil.py	Sun May 31 12:07:17 2020 +0200
@@ -553,6 +553,8 @@
     # footgun to kill security. Don't define it.
     exactprotocol = ui.config(b'devel', b'serverexactprotocol')
     if exactprotocol == b'tls1.0':
+        if b'tls1.0' not in supportedprotocols:
+            raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
         protocol = ssl.PROTOCOL_TLSv1
     elif exactprotocol == b'tls1.1':
         if b'tls1.1' not in supportedprotocols: