Mercurial > hg

changeset 23849:58080815f667

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: drop support for clients of sslutil specifying a TLS version We really just want to support the newest thing possible, so we may as well consolidate that knowledge into this module. Right now this doesn't change any behavior, but a future change will fix the defaults for Python 2.7.9 so we can use slightly better defaults there (which is the only place it's possible at the moment.)
author Augie Fackler <augie@google.com>
date Wed, 14 Jan 2015 15:31:16 -0500
parents c5456b64eb07
children e1931f7cd977
files mercurial/sslutil.py
diffstat 1 files changed, 9 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/sslutil.py	Wed Jan 07 00:07:29 2015 -0800
+++ b/mercurial/sslutil.py	Wed Jan 14 15:31:16 2015 -0500
@@ -18,10 +18,9 @@
     try:
         ssl_context = ssl.SSLContext
 
-        def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
-                            cert_reqs=ssl.CERT_NONE, ca_certs=None,
-                            serverhostname=None):
-            sslcontext = ssl.SSLContext(ssl_version)
+        def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE,
+                            ca_certs=None, serverhostname=None):
+            sslcontext = ssl.SSLContext(PROTOCOL_TLSv1)
             if certfile is not None:
                 sslcontext.load_cert_chain(certfile, keyfile)
             sslcontext.verify_mode = cert_reqs
@@ -37,12 +36,11 @@
                 raise util.Abort(_('ssl connection failed'))
             return sslsocket
     except AttributeError:
-        def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
-                            cert_reqs=ssl.CERT_NONE, ca_certs=None,
-                            serverhostname=None):
+        def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE,
+                            ca_certs=None, serverhostname=None):
             sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
                                         cert_reqs=cert_reqs, ca_certs=ca_certs,
-                                        ssl_version=ssl_version)
+                                        ssl_version=PROTOCOL_TLSv1)
             # check if wrap_socket failed silently because socket had been
             # closed
             # - see http://bugs.python.org/issue13721
@@ -56,9 +54,8 @@
 
     import socket, httplib
 
-    def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1,
-                        cert_reqs=CERT_REQUIRED, ca_certs=None,
-                        serverhostname=None):
+    def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=CERT_REQUIRED,
+                        ca_certs=None, serverhostname=None):
         if not util.safehasattr(socket, 'ssl'):
             raise util.Abort(_('Python SSL support not found'))
         if ca_certs:
@@ -126,8 +123,7 @@
             exe.startswith('/system/library/frameworks/python.framework/'))
 
 def sslkwargs(ui, host):
-    kws = {'ssl_version': PROTOCOL_TLSv1,
-           }
+    kws = {}
     hostfingerprint = ui.config('hostfingerprints', host)
     if hostfingerprint:
         return kws