Valentin Gatien-Baron <valentin.gatienbaron@gmail.com> [Sat, 30 May 2020 11:36:30 -0400] rev 44904
rust: add a pointer for profiling to the README
As figuring out how to get useful profiles is not obvious.
Differential Revision: https://phab.mercurial-scm.org/D8603
Valentin Gatien-Baron <valentin.gatienbaron@gmail.com> [Sat, 30 May 2020 10:28:46 -0400] rev 44903
rust: update the mention of hgcli in rust/README.rst
This may not be exactly right, but it's better than before.
Differential Revision: https://phab.mercurial-scm.org/D8602
Manuel Jacob <me@manueljacob.de> [Mon, 01 Jun 2020 15:22:31 +0200] rev 44902
sslutil: fix comment to use inclusive or instead of exclusive or
The incorrect "either" was introduced by one of my recent patches.
Manuel Jacob <me@manueljacob.de> [Mon, 01 Jun 2020 14:34:22 +0200] rev 44901
sslutil: propagate return value ssl.PROTOCOL_SSLv23 from protocolsettings()
Also, protocolsettings() was renamed to commonssloptions() to reflect that
only the options are returned.
Manuel Jacob <me@manueljacob.de> [Mon, 01 Jun 2020 14:20:13 +0200] rev 44900
sslutil: stop storing protocol and options for SSLContext in settings dict
Call protocolsettings() where its return values are needed.
Manuel Jacob <me@manueljacob.de> [Mon, 01 Jun 2020 14:07:06 +0200] rev 44899
sslutil: rename 'minimumprotocolui' -> 'minimumprotocol'
Before, both 'minimumprotocolui' and 'minimumprotocol' were used, but meaning
the same.
Manuel Jacob <me@manueljacob.de> [Mon, 01 Jun 2020 03:51:54 +0200] rev 44898
sslutil: properly detect which TLS versions are supported by the ssl module
For the record, I contacted the CPython developers to remark that
unconditionally defining ssl.PROTOCOL_TLSv1_1 / ssl.PROTOCOL_TLSv1_2 is
problematic:
https://github.com/python/cpython/commit/
6e8cda91d92da72800d891b2fc2073ecbc134d98#r
39569316
Manuel Jacob <me@manueljacob.de> [Sun, 31 May 2020 22:31:49 +0200] rev 44897
sslutil: remove dead code (that failed if only TLS 1.0 is available)
We ensure in setup.py that TLS 1.1 or TLS 1.2 is present.
Manuel Jacob <me@manueljacob.de> [Sun, 31 May 2020 00:30:49 +0200] rev 44896
config: remove unused hostsecurity.disabletls10warning config
Manuel Jacob <me@manueljacob.de> [Sun, 31 May 2020 22:15:35 +0200] rev 44895
sslutil: remove dead code (that downgraded default minimum TLS version)
We ensure in setup.py that TLS 1.1 or TLS 1.2 is present.
Manuel Jacob <me@manueljacob.de> [Fri, 29 May 2020 22:47:58 +0200] rev 44894
sslutil: remove comment referring to unsupported legacy stacks
Manuel Jacob <me@manueljacob.de> [Sat, 30 May 2020 23:42:19 +0200] rev 44893
setup: require that Python has TLS 1.1 or TLS 1.2
This ensures that Mercurial never downgrades the minimum TLS version from
TLS 1.1+ to TLS 1.0+ and enables us to remove that compatibility code.
It is reasonable to expect that distributions having Python 2.7.9+ or having
backported modern features to the ssl module (which we require) have a OpenSSL
version supporting TLS 1.1 or TLS 1.2, as this is the main reason why
distributions would want to backport these features.
TLS 1.1 and TLS 1.2 are often either both enabled or both not enabled.
However, both can be disabled independently, at least on current Python /
OpenSSL versions.
For the record, I contacted the CPython developers to remark that
unconditionally defining ssl.PROTOCOL_TLSv1_1 / ssl.PROTOCOL_TLSv1_2 is
problematic:
https://github.com/python/cpython/commit/
6e8cda91d92da72800d891b2fc2073ecbc134d98#r
39569316
Manuel Jacob <me@manueljacob.de> [Sun, 31 May 2020 12:07:17 +0200] rev 44892
sslutil: check for OpenSSL without TLS 1.0 support in one case
It can only happen if supportedprotocols gets fixed to contain only correct
items (see the FIXME above in the file).
Manuel Jacob <me@manueljacob.de> [Sun, 31 May 2020 11:10:21 +0200] rev 44891
sslutil: don't set minimum TLS version to 1.0 if 1.2 but not 1.1 is available
This case isn't very likely, but possible, especially if supportedprotocols
gets fixed to contain only correct items (see the FIXME above in the file).
Manuel Jacob <me@manueljacob.de> [Sun, 31 May 2020 11:41:03 +0200] rev 44890
sslutil: add FIXME about supportedprotocols possibly containing too many items
Manuel Jacob <me@manueljacob.de> [Sun, 31 May 2020 10:47:38 +0200] rev 44889
sslutil: fix names of variables containing minimum protocol strings
When working in this module, I found it very confusing that "protocol" as a
variable name could mean either "minimum protocol string" or an exact version
(as a string or ssl.PROTOCOL_* value). This patch prefixes variables of the
former type with "minimum".
Manuel Jacob <me@manueljacob.de> [Sun, 31 May 2020 09:55:45 +0200] rev 44888
sslutil: stop returning argument as third return value of protocolsettings()
The third return value was always the same as the argument.
Manuel Jacob <me@manueljacob.de> [Sat, 30 May 2020 23:18:57 +0200] rev 44887
relnotes: note that we now require modern SSL/TLS features in Python
Manuel Jacob <me@manueljacob.de> [Sat, 30 May 2020 19:04:53 +0200] rev 44886
tests: stop checking for optional, now impossible output
In
7dd63a8cb1ee, the code that could output that line was removed.
Valentin Gatien-Baron <valentin.gatienbaron@gmail.com> [Sat, 30 May 2020 10:19:53 -0400] rev 44885
rust: remove one more occurrence of re2
Differential Revision: https://phab.mercurial-scm.org/D8601
Valentin Gatien-Baron <valentin.gatienbaron@gmail.com> [Tue, 26 May 2020 07:03:11 -0400] rev 44884
scmutil: clarify getuipathfn comment
Differential Revision: https://phab.mercurial-scm.org/D8600
Augie Fackler <augie@google.com> [Thu, 28 May 2020 09:51:13 -0400] rev 44883
githelp: add some minimal help for pickaxe functionality
Due to a conversation in work chat, I realized this is actually pretty
well-hidden in Mercurial.
Differential Revision: https://phab.mercurial-scm.org/D8590
Raphaël Gomès <rgomes@octobus.net> [Fri, 17 Apr 2020 10:41:05 +0200] rev 44882
rust: remove duplicate import
Differential Revision: https://phab.mercurial-scm.org/D8456
Manuel Jacob <me@manueljacob.de> [Sat, 30 May 2020 05:27:53 +0200] rev 44881
tests: remove "sslcontext" check
Now that we require the presence of ssl.SSLContext in setup.py, the check
would always return `True`.
Manuel Jacob <me@manueljacob.de> [Sat, 30 May 2020 03:23:58 +0200] rev 44880
sslutil: eliminate `_canloaddefaultcerts` by constant-folding code using it
Manuel Jacob <me@manueljacob.de> [Sat, 30 May 2020 05:08:02 +0200] rev 44879
tests: remove "defaultcacerts" check
`sslutil._canloaddefaultcerts` is always true (and will be removed).
Manuel Jacob <me@manueljacob.de> [Fri, 29 May 2020 21:30:04 +0200] rev 44878
sslutil: eliminate `modernssl` by constant-folding code using it
Manuel Jacob <me@manueljacob.de> [Sat, 30 May 2020 04:59:13 +0200] rev 44877
hgweb: avoid using `sslutil.modernssl`
`sslutil.modernssl` is going to be removed. Since the point of using this
attribute was to check the importability of the `sslutil`, a different
attribute can be used. `sslutil.wrapserversocket` is used because it’s anyway
used a few lines below.
Manuel Jacob <me@manueljacob.de> [Fri, 29 May 2020 22:31:26 +0200] rev 44876
sslutil: remove comments referring to removed SSLContext emulation class
Manuel Jacob <me@manueljacob.de> [Fri, 29 May 2020 21:18:22 +0200] rev 44875
sslutil: remove code checking for presence of ssl.SSLContext
Now that we require the presence of ssl.SSLContext in setup.py, we can remove
this code.