[PATCH 6 of 8 v5] sslutil: remove dead code (that failed if only TLS 1.0 is available)
Manuel Jacob
me at manueljacob.de
Mon Jun 1 03:28:17 UTC 2020
# HG changeset patch
# User Manuel Jacob <me at manueljacob.de>
# Date 1590957109 -7200
# Sun May 31 22:31:49 2020 +0200
# Node ID 7576507bfe5ea28ab6d496d532bb9b453998ca35
# Parent b014f68a7e5f4d3cf72ca6f5d50e3059d05e3ed3
# EXP-Topic require_modern_ssl
sslutil: remove dead code (that failed if only TLS 1.0 is available)
We ensure in setup.py that TLS 1.1 or TLS 1.2 is present.
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -250,18 +250,6 @@ def protocolsettings(minimumprotocol):
# only (as opposed to multiple versions). So the method for
# supporting multiple TLS versions is to use PROTOCOL_SSLv23 and
# disable protocols via SSLContext.options and OP_NO_* constants.
- if supportedprotocols == {b'tls1.0'}:
- if minimumprotocol != b'tls1.0':
- raise error.Abort(
- _(b'current Python does not support protocol setting %s')
- % minimumprotocol,
- hint=_(
- b'upgrade Python or disable setting since '
- b'only TLS 1.0 is supported'
- ),
- )
-
- return ssl.PROTOCOL_TLSv1, 0
# SSLv2 and SSLv3 are broken. We ban them outright.
options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
More information about the Mercurial-devel
mailing list