Mercurial > hg
comparison mercurial/sslutil.py @ 44899:4ca1110991c4
sslutil: rename 'minimumprotocolui' -> 'minimumprotocol'
Before, both 'minimumprotocolui' and 'minimumprotocol' were used, but meaning
the same.
| author | Manuel Jacob <me@manueljacob.de> |
|---|---|
| date | Mon, 01 Jun 2020 14:07:06 +0200 |
| parents | d61c05450b37 |
| children | 38e3df9ff1e7 |
comparison
equal
deleted
inserted
replaced
| 44898:d61c05450b37 | 44899:4ca1110991c4 |
|---|---|
| 79 b'legacyfingerprint': False, | 79 b'legacyfingerprint': False, |
| 80 # PROTOCOL_* constant to use for SSLContext.__init__. | 80 # PROTOCOL_* constant to use for SSLContext.__init__. |
| 81 b'protocol': None, | 81 b'protocol': None, |
| 82 # String representation of minimum protocol to be used for UI | 82 # String representation of minimum protocol to be used for UI |
| 83 # presentation. | 83 # presentation. |
| 84 b'minimumprotocolui': None, | 84 b'minimumprotocol': None, |
| 85 # ssl.CERT_* constant used by SSLContext.verify_mode. | 85 # ssl.CERT_* constant used by SSLContext.verify_mode. |
| 86 b'verifymode': None, | 86 b'verifymode': None, |
| 87 # Defines extra ssl.OP* bitwise options to set. | 87 # Defines extra ssl.OP* bitwise options to set. |
| 88 b'ctxoptions': None, | 88 b'ctxoptions': None, |
| 89 # OpenSSL Cipher List to use (instead of default). | 89 # OpenSSL Cipher List to use (instead of default). |
| 121 # We always print a "connection security to %s is disabled..." message when | 121 # We always print a "connection security to %s is disabled..." message when |
| 122 # --insecure is used. So no need to print anything more here. | 122 # --insecure is used. So no need to print anything more here. |
| 123 if ui.insecureconnections: | 123 if ui.insecureconnections: |
| 124 minimumprotocol = b'tls1.0' | 124 minimumprotocol = b'tls1.0' |
| 125 | 125 |
| 126 s[b'minimumprotocolui'] = minimumprotocol | 126 s[b'minimumprotocol'] = minimumprotocol |
| 127 s[b'protocol'], s[b'ctxoptions'] = protocolsettings(minimumprotocol) | 127 s[b'protocol'], s[b'ctxoptions'] = protocolsettings(minimumprotocol) |
| 128 | 128 |
| 129 ciphers = ui.config(b'hostsecurity', b'ciphers') | 129 ciphers = ui.config(b'hostsecurity', b'ciphers') |
| 130 ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers) | 130 ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers) |
| 131 s[b'ciphers'] = ciphers | 131 s[b'ciphers'] = ciphers |
| 400 # outright. Hopefully the reason for this error is that we require | 400 # outright. Hopefully the reason for this error is that we require |
| 401 # TLS 1.1+ and the server only supports TLS 1.0. Whatever the | 401 # TLS 1.1+ and the server only supports TLS 1.0. Whatever the |
| 402 # reason, try to emit an actionable warning. | 402 # reason, try to emit an actionable warning. |
| 403 if e.reason == 'UNSUPPORTED_PROTOCOL': | 403 if e.reason == 'UNSUPPORTED_PROTOCOL': |
| 404 # We attempted TLS 1.0+. | 404 # We attempted TLS 1.0+. |
| 405 if settings[b'minimumprotocolui'] == b'tls1.0': | 405 if settings[b'minimumprotocol'] == b'tls1.0': |
| 406 # We support more than just TLS 1.0+. If this happens, | 406 # We support more than just TLS 1.0+. If this happens, |
| 407 # the likely scenario is either the client or the server | 407 # the likely scenario is either the client or the server |
| 408 # is really old. (e.g. server doesn't support TLS 1.0+ or | 408 # is really old. (e.g. server doesn't support TLS 1.0+ or |
| 409 # client doesn't support modern TLS versions introduced | 409 # client doesn't support modern TLS versions introduced |
| 410 # several years from when this comment was written). | 410 # several years from when this comment was written). |
| 445 b'(could not negotiate a common security protocol (%s+) ' | 445 b'(could not negotiate a common security protocol (%s+) ' |
| 446 b'with %s; the likely cause is Mercurial is configured ' | 446 b'with %s; the likely cause is Mercurial is configured ' |
| 447 b'to be more secure than the server can support)\n' | 447 b'to be more secure than the server can support)\n' |
| 448 ) | 448 ) |
| 449 % ( | 449 % ( |
| 450 settings[b'minimumprotocolui'], | 450 settings[b'minimumprotocol'], |
| 451 pycompat.bytesurl(serverhostname), | 451 pycompat.bytesurl(serverhostname), |
| 452 ) | 452 ) |
| 453 ) | 453 ) |
| 454 ui.warn( | 454 ui.warn( |
| 455 _( | 455 _( |