changeset 25430:19fa0cb71cd3

ssl: drop support for Python < 2.6, require ssl module try-except clause is kept for readability of this patch, and it will be removed soon.
author Yuya Nishihara <yuya@tcha.org>
date Fri, 05 Jun 2015 21:37:46 +0900
parents 9d1c61715939
children 96159068c506
files mercurial/help/config.txt mercurial/sslutil.py
diffstat 2 files changed, 2 insertions(+), 36 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/help/config.txt	Fri Jun 05 21:25:28 2015 +0900
+++ b/mercurial/help/config.txt	Fri Jun 05 21:37:46 2015 +0900
@@ -1423,10 +1423,6 @@
 ``remotecmd``
     remote command to use for clone/push/pull operations. Default is ``hg``.
 
-``reportoldssl``
-    Warn if an SSL certificate is unable to be used due to using Python
-    2.5 or earlier. True or False. Default is True.
-
 ``report_untrusted``
     Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a
     trusted user or group. True or False. Default is True.
--- a/mercurial/sslutil.py	Fri Jun 05 21:25:28 2015 +0900
+++ b/mercurial/sslutil.py	Fri Jun 05 21:37:46 2015 +0900
@@ -6,15 +6,13 @@
 #
 # This software may be used and distributed according to the terms of the
 # GNU General Public License version 2 or any later version.
-import os, sys
+import os, sys, ssl
 
 from mercurial import util
 from mercurial.i18n import _
 
 _canloaddefaultcerts = False
 try:
-    # avoid using deprecated/broken FakeSocket in python 2.6
-    import ssl
     CERT_REQUIRED = ssl.CERT_REQUIRED
     try:
         ssl_context = ssl.SSLContext
@@ -68,21 +66,7 @@
                 raise util.Abort(_('ssl connection failed'))
             return sslsocket
 except ImportError:
-    CERT_REQUIRED = 2
-
-    import socket, httplib
-
-    def wrapsocket(sock, keyfile, certfile, ui,
-                   cert_reqs=CERT_REQUIRED,
-                   ca_certs=None, serverhostname=None):
-        if not util.safehasattr(socket, 'ssl'):
-            raise util.Abort(_('Python SSL support not found'))
-        if ca_certs:
-            raise util.Abort(_(
-                'certificate checking requires Python 2.6'))
-
-        ssl = socket.ssl(sock, keyfile, certfile)
-        return httplib.FakeSocket(sock, ssl)
+    raise
 
 def _verifycert(cert, hostname):
     '''Verify that cert (in socket.getpeercert() format) matches hostname.
@@ -123,9 +107,6 @@
 
 # CERT_REQUIRED means fetch the cert from the server all the time AND
 # validate it against the CA store provided in web.cacerts.
-#
-# We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally
-# busted on those versions.
 
 def _plainapplepython():
     """return true if this seems to be a pure Apple Python that
@@ -183,17 +164,6 @@
         host = self.host
         cacerts = self.ui.config('web', 'cacerts')
         hostfingerprint = self.ui.config('hostfingerprints', host)
-        if not getattr(sock, 'getpeercert', False): # python 2.5 ?
-            if hostfingerprint:
-                raise util.Abort(_("host fingerprint for %s can't be "
-                                   "verified (Python too old)") % host)
-            if strict:
-                raise util.Abort(_("certificate for %s can't be verified "
-                                   "(Python too old)") % host)
-            if self.ui.configbool('ui', 'reportoldssl', True):
-                self.ui.warn(_("warning: certificate for %s can't be verified "
-                               "(Python too old)\n") % host)
-            return
 
         if not sock.cipher(): # work around http://bugs.python.org/issue13721
             raise util.Abort(_('%s ssl connection error') % host)