# HG changeset patch
# User Manuel Jacob <me@manueljacob.de>
# Date 1590919637 -7200
# Node ID dd7c4a208a4ed6c798330a21b13a349a020c877d
# Parent  abcd6db1f2cccc5615f58658439d05a19fc37c80
sslutil: check for OpenSSL without TLS 1.0 support in one case

It can only happen if supportedprotocols gets fixed to contain only correct
items (see the FIXME above in the file).

diff -r abcd6db1f2cc -r dd7c4a208a4e mercurial/sslutil.py
--- a/mercurial/sslutil.py	Sun May 31 11:10:21 2020 +0200
+++ b/mercurial/sslutil.py	Sun May 31 12:07:17 2020 +0200
@@ -553,6 +553,8 @@
     # footgun to kill security. Don't define it.
     exactprotocol = ui.config(b'devel', b'serverexactprotocol')
     if exactprotocol == b'tls1.0':
+        if b'tls1.0' not in supportedprotocols:
+            raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
         protocol = ssl.PROTOCOL_TLSv1
     elif exactprotocol == b'tls1.1':
         if b'tls1.1' not in supportedprotocols: