# HG changeset patch # User Yuya Nishihara # Date 1433507866 -32400 # Node ID 19fa0cb71cd3d9647eceedfa1bbb971e4caed552 # Parent 9d1c617159398bdb9f552fe312f5bac55521c28e ssl: drop support for Python < 2.6, require ssl module try-except clause is kept for readability of this patch, and it will be removed soon. diff -r 9d1c61715939 -r 19fa0cb71cd3 mercurial/help/config.txt --- a/mercurial/help/config.txt Fri Jun 05 21:25:28 2015 +0900 +++ b/mercurial/help/config.txt Fri Jun 05 21:37:46 2015 +0900 @@ -1423,10 +1423,6 @@ ``remotecmd`` remote command to use for clone/push/pull operations. Default is ``hg``. -``reportoldssl`` - Warn if an SSL certificate is unable to be used due to using Python - 2.5 or earlier. True or False. Default is True. - ``report_untrusted`` Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a trusted user or group. True or False. Default is True. diff -r 9d1c61715939 -r 19fa0cb71cd3 mercurial/sslutil.py --- a/mercurial/sslutil.py Fri Jun 05 21:25:28 2015 +0900 +++ b/mercurial/sslutil.py Fri Jun 05 21:37:46 2015 +0900 @@ -6,15 +6,13 @@ # # This software may be used and distributed according to the terms of the # GNU General Public License version 2 or any later version. -import os, sys +import os, sys, ssl from mercurial import util from mercurial.i18n import _ _canloaddefaultcerts = False try: - # avoid using deprecated/broken FakeSocket in python 2.6 - import ssl CERT_REQUIRED = ssl.CERT_REQUIRED try: ssl_context = ssl.SSLContext @@ -68,21 +66,7 @@ raise util.Abort(_('ssl connection failed')) return sslsocket except ImportError: - CERT_REQUIRED = 2 - - import socket, httplib - - def wrapsocket(sock, keyfile, certfile, ui, - cert_reqs=CERT_REQUIRED, - ca_certs=None, serverhostname=None): - if not util.safehasattr(socket, 'ssl'): - raise util.Abort(_('Python SSL support not found')) - if ca_certs: - raise util.Abort(_( - 'certificate checking requires Python 2.6')) - - ssl = socket.ssl(sock, keyfile, certfile) - return httplib.FakeSocket(sock, ssl) + raise def _verifycert(cert, hostname): '''Verify that cert (in socket.getpeercert() format) matches hostname. @@ -123,9 +107,6 @@ # CERT_REQUIRED means fetch the cert from the server all the time AND # validate it against the CA store provided in web.cacerts. -# -# We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally -# busted on those versions. def _plainapplepython(): """return true if this seems to be a pure Apple Python that @@ -183,17 +164,6 @@ host = self.host cacerts = self.ui.config('web', 'cacerts') hostfingerprint = self.ui.config('hostfingerprints', host) - if not getattr(sock, 'getpeercert', False): # python 2.5 ? - if hostfingerprint: - raise util.Abort(_("host fingerprint for %s can't be " - "verified (Python too old)") % host) - if strict: - raise util.Abort(_("certificate for %s can't be verified " - "(Python too old)") % host) - if self.ui.configbool('ui', 'reportoldssl', True): - self.ui.warn(_("warning: certificate for %s can't be verified " - "(Python too old)\n") % host) - return if not sock.cipher(): # work around http://bugs.python.org/issue13721 raise util.Abort(_('%s ssl connection error') % host)