Mercurial > hg
changeset 44876:dca2629f6d2e
sslutil: remove comments referring to removed SSLContext emulation class
author | Manuel Jacob <me@manueljacob.de> |
---|---|
date | Fri, 29 May 2020 22:31:26 +0200 |
parents | 7c19eb372438 |
children | 86a7b7abf28e |
files | mercurial/sslutil.py |
diffstat | 1 files changed, 0 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Fri May 29 21:18:22 2020 +0200 +++ b/mercurial/sslutil.py Fri May 29 22:31:26 2020 +0200 @@ -264,8 +264,6 @@ # only (as opposed to multiple versions). So the method for # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and # disable protocols via SSLContext.options and OP_NO_* constants. - # However, SSLContext.options doesn't work unless we have the - # full/real SSLContext available to us. if supportedprotocols == {b'tls1.0'}: if protocol != b'tls1.0': raise error.Abort( @@ -279,9 +277,6 @@ return ssl.PROTOCOL_TLSv1, 0, b'tls1.0' - # WARNING: returned options don't work unless the modern ssl module - # is available. Be careful when adding options here. - # SSLv2 and SSLv3 are broken. We ban them outright. options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 @@ -355,11 +350,7 @@ # is loaded and contains that removed CA, you've just undone the user's # choice. sslcontext = ssl.SSLContext(settings[b'protocol']) - - # This is a no-op unless using modern ssl. sslcontext.options |= settings[b'ctxoptions'] - - # This still works on our fake SSLContext. sslcontext.verify_mode = settings[b'verifymode'] if settings[b'ciphers']: