# HG changeset patch # User Yuya Nishihara # Date 2015-06-05 12:37:46 # Node ID 19fa0cb71cd3d9647eceedfa1bbb971e4caed552 # Parent 9d1c617159398bdb9f552fe312f5bac55521c28e ssl: drop support for Python < 2.6, require ssl module try-except clause is kept for readability of this patch, and it will be removed soon. diff --git a/mercurial/help/config.txt b/mercurial/help/config.txt --- a/mercurial/help/config.txt +++ b/mercurial/help/config.txt @@ -1423,10 +1423,6 @@ User interface controls. ``remotecmd`` remote command to use for clone/push/pull operations. Default is ``hg``. -``reportoldssl`` - Warn if an SSL certificate is unable to be used due to using Python - 2.5 or earlier. True or False. Default is True. - ``report_untrusted`` Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a trusted user or group. True or False. Default is True. diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py --- a/mercurial/sslutil.py +++ b/mercurial/sslutil.py @@ -6,15 +6,13 @@ # # This software may be used and distributed according to the terms of the # GNU General Public License version 2 or any later version. -import os, sys +import os, sys, ssl from mercurial import util from mercurial.i18n import _ _canloaddefaultcerts = False try: - # avoid using deprecated/broken FakeSocket in python 2.6 - import ssl CERT_REQUIRED = ssl.CERT_REQUIRED try: ssl_context = ssl.SSLContext @@ -68,21 +66,7 @@ try: raise util.Abort(_('ssl connection failed')) return sslsocket except ImportError: - CERT_REQUIRED = 2 - - import socket, httplib - - def wrapsocket(sock, keyfile, certfile, ui, - cert_reqs=CERT_REQUIRED, - ca_certs=None, serverhostname=None): - if not util.safehasattr(socket, 'ssl'): - raise util.Abort(_('Python SSL support not found')) - if ca_certs: - raise util.Abort(_( - 'certificate checking requires Python 2.6')) - - ssl = socket.ssl(sock, keyfile, certfile) - return httplib.FakeSocket(sock, ssl) + raise def _verifycert(cert, hostname): '''Verify that cert (in socket.getpeercert() format) matches hostname. @@ -123,9 +107,6 @@ def _verifycert(cert, hostname): # CERT_REQUIRED means fetch the cert from the server all the time AND # validate it against the CA store provided in web.cacerts. -# -# We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally -# busted on those versions. def _plainapplepython(): """return true if this seems to be a pure Apple Python that @@ -183,17 +164,6 @@ class validator(object): host = self.host cacerts = self.ui.config('web', 'cacerts') hostfingerprint = self.ui.config('hostfingerprints', host) - if not getattr(sock, 'getpeercert', False): # python 2.5 ? - if hostfingerprint: - raise util.Abort(_("host fingerprint for %s can't be " - "verified (Python too old)") % host) - if strict: - raise util.Abort(_("certificate for %s can't be verified " - "(Python too old)") % host) - if self.ui.configbool('ui', 'reportoldssl', True): - self.ui.warn(_("warning: certificate for %s can't be verified " - "(Python too old)\n") % host) - return if not sock.cipher(): # work around http://bugs.python.org/issue13721 raise util.Abort(_('%s ssl connection error') % host)