# HG changeset patch # User pacien # Date 1681378128 -7200 # Node ID 698ffff7024bfeba5c51d5fc3a03098f22d5beae # Parent 9f33d12f6f4833ffd0c7159b60f0753891afd89b configitems: make devel.serverexactprotocol look dangerous Because it is. diff -r 9f33d12f6f48 -r 698ffff7024b i18n/ja.po --- a/i18n/ja.po Thu Apr 13 04:12:31 2023 +0200 +++ b/i18n/ja.po Thu Apr 13 11:28:48 2023 +0200 @@ -37064,8 +37064,8 @@ msgstr "利用中の Python では TLS 1.2 が未サポートです" #, python-format -msgid "invalid value for serverexactprotocol: %s" -msgstr "不正な serverexactprotocol 指定値: %s" +msgid "invalid value for server-insecure-exact-protocol: %s" +msgstr "不正な server-insecure-exact-protocol 指定値: %s" #, python-format msgid "too many wildcards in certificate DNS name: %s" diff -r 9f33d12f6f48 -r 698ffff7024b i18n/pt_BR.po --- a/i18n/pt_BR.po Thu Apr 13 04:12:31 2023 +0200 +++ b/i18n/pt_BR.po Thu Apr 13 11:28:48 2023 +0200 @@ -38342,8 +38342,8 @@ msgstr "TLS 1.2 não é suportado por esta versão do Python" #, python-format -msgid "invalid value for serverexactprotocol: %s" -msgstr "valor inválido para serverexactprotocol: %s" +msgid "invalid value for server-insecure-exact-protocol: %s" +msgstr "valor inválido para server-insecure-exact-protocol: %s" #, python-format msgid "too many wildcards in certificate DNS name: %s" diff -r 9f33d12f6f48 -r 698ffff7024b mercurial/configitems.py --- a/mercurial/configitems.py Thu Apr 13 04:12:31 2023 +0200 +++ b/mercurial/configitems.py Thu Apr 13 11:28:48 2023 +0200 @@ -688,9 +688,11 @@ b'servercafile', default=b'', ) +# This config option is intended for use in tests only. It is a giant +# footgun to kill security. Don't define it. coreconfigitem( b'devel', - b'serverexactprotocol', + b'server-insecure-exact-protocol', default=b'', ) coreconfigitem( diff -r 9f33d12f6f48 -r 698ffff7024b mercurial/sslutil.py --- a/mercurial/sslutil.py Thu Apr 13 04:12:31 2023 +0200 +++ b/mercurial/sslutil.py Thu Apr 13 11:28:48 2023 +0200 @@ -553,7 +553,7 @@ # This config option is intended for use in tests only. It is a giant # footgun to kill security. Don't define it. - exactprotocol = ui.config(b'devel', b'serverexactprotocol') + exactprotocol = ui.config(b'devel', b'server-insecure-exact-protocol') if exactprotocol == b'tls1.0': if b'tls1.0' not in supportedprotocols: raise error.Abort(_(b'TLS 1.0 not supported by this Python')) @@ -583,7 +583,8 @@ sslcontext.maximum_version = ssl.TLSVersion.TLSv1_2 elif exactprotocol: raise error.Abort( - _(b'invalid value for serverexactprotocol: %s') % exactprotocol + _(b'invalid value for server-insecure-exact-protocol: %s') + % exactprotocol ) else: # Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both @@ -594,7 +595,7 @@ # This config option is intended for use in tests only. It is a giant # footgun to kill security. Don't define it. - exactprotocol = ui.config(b'devel', b'serverexactprotocol') + exactprotocol = ui.config(b'devel', b'server-insecure-exact-protocol') if exactprotocol == b'tls1.0': if b'tls1.0' not in supportedprotocols: raise error.Abort(_(b'TLS 1.0 not supported by this Python')) @@ -609,7 +610,8 @@ protocol = ssl.PROTOCOL_TLSv1_2 elif exactprotocol: raise error.Abort( - _(b'invalid value for serverexactprotocol: %s') % exactprotocol + _(b'invalid value for server-insecure-exact-protocol: %s') + % exactprotocol ) # We /could/ use create_default_context() here since it doesn't load diff -r 9f33d12f6f48 -r 698ffff7024b tests/test-https.t --- a/tests/test-https.t Thu Apr 13 04:12:31 2023 +0200 +++ b/tests/test-https.t Thu Apr 13 11:28:48 2023 +0200 @@ -344,13 +344,13 @@ $ cd test $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \ - > --config devel.serverexactprotocol=tls1.0 + > --config devel.server-insecure-exact-protocol=tls1.0 $ cat ../hg0.pid >> $DAEMON_PIDS $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \ - > --config devel.serverexactprotocol=tls1.1 + > --config devel.server-insecure-exact-protocol=tls1.1 $ cat ../hg1.pid >> $DAEMON_PIDS $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \ - > --config devel.serverexactprotocol=tls1.2 + > --config devel.server-insecure-exact-protocol=tls1.2 $ cat ../hg2.pid >> $DAEMON_PIDS $ cd ..