hgweb: use sslutil.wrapserversocket() This patch transitions the built-in HTTPS server to use sslutil for creating the server socket. As part of this transition, we implement developer-only config options to control CA loading and whether to require client certificates. This eliminates the need for the custom extension in test-https.t to define these. There is a slight change in behavior with regards to protocol selection. Before, we would always use the TLS 1.0 constant to define the protocol version. This would *only* use TLS 1.0. sslutil defaults to TLS 1.0+. So this patch improves the security of `hg serve` out of the box by allowing it to use TLS 1.1 and 1.2 (if available).

#require no-pure

A script to generate nasty diff worst-case scenarios:

  $ cat > s.py <<EOF
  > import random
  > for x in xrange(100000):
  >     print
  >     if random.randint(0, 100) >= 50:
  >         x += 1
  >     print hex(x)
  > EOF

  $ hg init a
  $ cd a

Check in a big file:

  $ python ../s.py > a
  $ hg ci -qAm0

Modify it:

  $ python ../s.py > a

Time a check-in, should never take more than 10 seconds user time:

  $ hg ci --time -m1
  time: real .* secs .user [0-9][.].* sys .* (re)