Mercurial > hg
changeset 44888:95903a8d8c97
sslutil: stop returning argument as third return value of protocolsettings()
The third return value was always the same as the argument.
author | Manuel Jacob <me@manueljacob.de> |
---|---|
date | Sun, 31 May 2020 09:55:45 +0200 |
parents | 61cdc8137d53 |
children | ceb7318013d5 |
files | mercurial/sslutil.py |
diffstat | 1 files changed, 6 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Sat May 30 23:18:57 2020 +0200 +++ b/mercurial/sslutil.py Sun May 31 09:55:45 2020 +0200 @@ -131,9 +131,8 @@ if ui.insecureconnections: protocol = b'tls1.0' - s[b'protocol'], s[b'ctxoptions'], s[b'protocolui'] = protocolsettings( - protocol - ) + s[b'protocolui'] = protocol + s[b'protocol'], s[b'ctxoptions'] = protocolsettings(protocol) ciphers = ui.config(b'hostsecurity', b'ciphers') ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers) @@ -245,9 +244,7 @@ def protocolsettings(protocol): """Resolve the protocol for a config value. - Returns a 3-tuple of (protocol, options, ui value) where the first - 2 items are values used by SSLContext and the last is a string value - of the ``minimumprotocol`` config option equivalent. + Returns a tuple of (protocol, options) which are values used by SSLContext. """ if protocol not in configprotocols: raise ValueError(b'protocol value not supported: %s' % protocol) @@ -272,7 +269,7 @@ ), ) - return ssl.PROTOCOL_TLSv1, 0, b'tls1.0' + return ssl.PROTOCOL_TLSv1, 0 # SSLv2 and SSLv3 are broken. We ban them outright. options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 @@ -291,7 +288,7 @@ # There is no guarantee this attribute is defined on the module. options |= getattr(ssl, 'OP_NO_COMPRESSION', 0) - return ssl.PROTOCOL_SSLv23, options, protocol + return ssl.PROTOCOL_SSLv23, options def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None): @@ -543,7 +540,7 @@ _(b'referenced certificate file (%s) does not exist') % f ) - protocol, options, _protocolui = protocolsettings(b'tls1.0') + protocol, options = protocolsettings(b'tls1.0') # This config option is intended for use in tests only. It is a giant # footgun to kill security. Don't define it.