Mercurial > hg

diff hgext/clonebundles.py @ 26645:2faa7671a4b3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
clonebundles: filter on SNI requirement Server Name Indication (SNI) is commonly used in CDNs and other hosted environments. Unfortunately, Python <2.7.9 does not support SNI and when these older Python versions attempt to negotiate TLS to an SNI server, they raise an opaque error like "_ssl.c:507: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure." We introduce a manifest attribute to denote the URL requires SNI and have clients without SNI support filter these entries.
author Gregory Szorc <gregory.szorc@gmail.com>
date Tue, 13 Oct 2015 10:59:41 -0700
parents 74de1c59f71c
children 23c0da28c034
line wrap: on
line diff
--- a/hgext/clonebundles.py	Tue Oct 13 11:45:30 2015 -0700
+++ b/hgext/clonebundles.py	Tue Oct 13 10:59:41 2015 -0700
@@ -49,6 +49,19 @@
    The actual value doesn't impact client behavior beyond filtering:
    clients will still sniff the bundle type from the header of downloaded
    files.
+
+REQUIRESNI
+   Whether Server Name Indication (SNI) is required to connect to the URL.
+   SNI allows servers to use multiple certificates on the same IP. It is
+   somewhat common in CDNs and other hosting providers. Older Python
+   versions do not support SNI. Defining this attribute enables clients
+   with older Python versions to filter this entry.
+
+   If this is defined, it is important to advertise a non-SNI fallback
+   URL or clients running old Python releases may not be able to clone
+   with the clonebundles facility.
+
+   Value should be "true".
 """
 
 from mercurial import (