hgweb: use sslutil.wrapserversocket() This patch transitions the built-in HTTPS server to use sslutil for creating the server socket. As part of this transition, we implement developer-only config options to control CA loading and whether to require client certificates. This eliminates the need for the custom extension in test-https.t to define these. There is a slight change in behavior with regards to protocol selection. Before, we would always use the TLS 1.0 constant to define the protocol version. This would *only* use TLS 1.0. sslutil defaults to TLS 1.0+. So this patch improves the security of `hg serve` out of the box by allowing it to use TLS 1.1 and 1.2 (if available).

# Extension to write out fake unsupported records into the merge state
#
#

from __future__ import absolute_import

from mercurial import (
    cmdutil,
    merge,
)

cmdtable = {}
command = cmdutil.command(cmdtable)

@command('fakemergerecord',
         [('X', 'mandatory', None, 'add a fake mandatory record'),
          ('x', 'advisory', None, 'add a fake advisory record')], '')
def fakemergerecord(ui, repo, *pats, **opts):
    ms = merge.mergestate.read(repo)
    records = ms._makerecords()
    if opts.get('mandatory'):
        records.append(('X', 'mandatory record'))
    if opts.get('advisory'):
        records.append(('x', 'advisory record'))
    ms._writerecords(records)