sslutil: check for OpenSSL without TLS 1.0 support in one case
It can only happen if supportedprotocols gets fixed to contain only correct
items (see the FIXME above in the file).
--- a/mercurial/sslutil.py Sun May 31 11:10:21 2020 +0200
+++ b/mercurial/sslutil.py Sun May 31 12:07:17 2020 +0200
@@ -553,6 +553,8 @@
# footgun to kill security. Don't define it.
exactprotocol = ui.config(b'devel', b'serverexactprotocol')
if exactprotocol == b'tls1.0':
+ if b'tls1.0' not in supportedprotocols:
+ raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
protocol = ssl.PROTOCOL_TLSv1
elif exactprotocol == b'tls1.1':
if b'tls1.1' not in supportedprotocols: