Mercurial > hg
comparison mercurial/sslutil.py @ 44890:4942c1bdd080
sslutil: add FIXME about supportedprotocols possibly containing too many items
| author | Manuel Jacob <me@manueljacob.de> |
|---|---|
| date | Sun, 31 May 2020 11:41:03 +0200 |
| parents | ceb7318013d5 |
| children | abcd6db1f2cc |
comparison
equal
deleted
inserted
replaced
| 44889:ceb7318013d5 | 44890:4942c1bdd080 |
|---|---|
| 44 | 44 |
| 45 hassni = getattr(ssl, 'HAS_SNI', False) | 45 hassni = getattr(ssl, 'HAS_SNI', False) |
| 46 | 46 |
| 47 # TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled | 47 # TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled |
| 48 # against doesn't support them. | 48 # against doesn't support them. |
| 49 # FIXME: Since CPython commit 6e8cda91d92da72800d891b2fc2073ecbc134d98 | |
| 50 # individual TLS versions can be turned on and off, and the | |
| 51 # ssl.PROTOCOL_TLSv1_* constants are always defined. | |
| 52 # This means that, on unusual configurations, the following dict may contain | |
| 53 # too many entries. A proper fix would be to check ssl.HAS_TLSv* where | |
| 54 # available (Python 3.7+). Before that, this module should be proofed against | |
| 55 # all possible combinations. | |
| 49 supportedprotocols = {b'tls1.0'} | 56 supportedprotocols = {b'tls1.0'} |
| 50 if util.safehasattr(ssl, b'PROTOCOL_TLSv1_1'): | 57 if util.safehasattr(ssl, b'PROTOCOL_TLSv1_1'): |
| 51 supportedprotocols.add(b'tls1.1') | 58 supportedprotocols.add(b'tls1.1') |
| 52 if util.safehasattr(ssl, b'PROTOCOL_TLSv1_2'): | 59 if util.safehasattr(ssl, b'PROTOCOL_TLSv1_2'): |
| 53 supportedprotocols.add(b'tls1.2') | 60 supportedprotocols.add(b'tls1.2') |