[PATCH 3 of 5] sslutil: add FIXME about supportedprotocols possibly containing too many items
Manuel Jacob
me at manueljacob.de
Sun May 31 10:24:46 UTC 2020
# HG changeset patch
# User Manuel Jacob <me at manueljacob.de>
# Date 1590918063 -7200
# Sun May 31 11:41:03 2020 +0200
# Node ID 14fb5b19169473e9a14a5ad4371ca727cd8c8293
# Parent efea7f15c5d5e32f3a6be167c733581afc612b3c
# EXP-Topic sslutil_cleanup
sslutil: add FIXME about supportedprotocols possibly containing too many items
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -46,6 +46,13 @@ hassni = getattr(ssl, 'HAS_SNI', False)
# TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled
# against doesn't support them.
+# FIXME: Since CPython commit 6e8cda91d92da72800d891b2fc2073ecbc134d98
+# individual TLS versions can be turned on and off, and the
+# ssl.PROTOCOL_TLSv1_* constants are always defined.
+# This means that, on unusual configurations, the following dict may contain
+# too many entries. A proper fix would be to check ssl.HAS_TLSv* where
+# available (Python 3.7+). Before that, this module should be proofed against
+# all possible combinations.
supportedprotocols = {b'tls1.0'}
if util.safehasattr(ssl, b'PROTOCOL_TLSv1_1'):
supportedprotocols.add(b'tls1.1')
More information about the Mercurial-devel
mailing list