Mercurial > hg
comparison mercurial/sslutil.py @ 49057:27ef2aa953dd
sslutil: support TLSV1_ALERT_PROTOCOL_VERSION reason code
It looks like python 3.10 returns a different reason code on protocol
version mismatch.
Differential Revision: https://phab.mercurial-scm.org/D12491
| author | Julien Cristau <jcristau@debian.org> |
|---|---|
| date | Sat, 09 Apr 2022 14:41:55 +0200 |
| parents | 50bd2910d162 |
| children | eec5e00e782d |
comparison
equal
deleted
inserted
replaced
| 49056:7ea2bd2043d1 | 49057:27ef2aa953dd |
|---|---|
| 423 # This error occurs when the client and server don't share a | 423 # This error occurs when the client and server don't share a |
| 424 # common/supported SSL/TLS protocol. We've disabled SSLv2 and SSLv3 | 424 # common/supported SSL/TLS protocol. We've disabled SSLv2 and SSLv3 |
| 425 # outright. Hopefully the reason for this error is that we require | 425 # outright. Hopefully the reason for this error is that we require |
| 426 # TLS 1.1+ and the server only supports TLS 1.0. Whatever the | 426 # TLS 1.1+ and the server only supports TLS 1.0. Whatever the |
| 427 # reason, try to emit an actionable warning. | 427 # reason, try to emit an actionable warning. |
| 428 if e.reason == 'UNSUPPORTED_PROTOCOL': | 428 if e.reason in ( |
| 429 'UNSUPPORTED_PROTOCOL', | |
| 430 'TLSV1_ALERT_PROTOCOL_VERSION', | |
| 431 ): | |
| 429 # We attempted TLS 1.0+. | 432 # We attempted TLS 1.0+. |
| 430 if settings[b'minimumprotocol'] == b'tls1.0': | 433 if settings[b'minimumprotocol'] == b'tls1.0': |
| 431 # We support more than just TLS 1.0+. If this happens, | 434 # We support more than just TLS 1.0+. If this happens, |
| 432 # the likely scenario is either the client or the server | 435 # the likely scenario is either the client or the server |
| 433 # is really old. (e.g. server doesn't support TLS 1.0+ or | 436 # is really old. (e.g. server doesn't support TLS 1.0+ or |