##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

configitems: make devel.serverexactprotocol look dangerous...
pacien -
r51293:698ffff7 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -37064,8 +37064,8 b' msgid "TLS 1.2 not supported by this Pyt'
37064 msgstr "利用中の Python では TLS 1.2 が未サポートです"
37064 msgstr "利用中の Python では TLS 1.2 が未サポートです"
37065
37065
37066 #, python-format
37066 #, python-format
37067 msgid "invalid value for serverexactprotocol: %s"
37067 msgid "invalid value for server-insecure-exact-protocol: %s"
37068 msgstr "不正な serverexactprotocol 指定値: %s"
37068 msgstr "不正な server-insecure-exact-protocol 指定値: %s"
37069
37069
37070 #, python-format
37070 #, python-format
37071 msgid "too many wildcards in certificate DNS name: %s"
37071 msgid "too many wildcards in certificate DNS name: %s"
Show file before | Show file after | Hide comments
@@ -38342,8 +38342,8 b' msgid "TLS 1.2 not supported by this Pyt'
38342 msgstr "TLS 1.2 não é suportado por esta versão do Python"
38342 msgstr "TLS 1.2 não é suportado por esta versão do Python"
38343
38343
38344 #, python-format
38344 #, python-format
38345 msgid "invalid value for serverexactprotocol: %s"
38345 msgid "invalid value for server-insecure-exact-protocol: %s"
38346 msgstr "valor inválido para serverexactprotocol: %s"
38346 msgstr "valor inválido para server-insecure-exact-protocol: %s"
38347
38347
38348 #, python-format
38348 #, python-format
38349 msgid "too many wildcards in certificate DNS name: %s"
38349 msgid "too many wildcards in certificate DNS name: %s"
Show file before | Show file after | Hide comments
@@ -688,9 +688,11 b' coreconfigitem('
688 b'servercafile',
688 b'servercafile',
689 default=b'',
689 default=b'',
690 )
690 )
691 # This config option is intended for use in tests only. It is a giant
692 # footgun to kill security. Don't define it.
691 coreconfigitem(
693 coreconfigitem(
692 b'devel',
694 b'devel',
693 b'serverexactprotocol',
695 b'server-insecure-exact-protocol',
694 default=b'',
696 default=b'',
695 )
697 )
696 coreconfigitem(
698 coreconfigitem(
Show file before | Show file after | Hide comments
@@ -553,7 +553,7 b' def wrapserversocket('
553
553
554 # This config option is intended for use in tests only. It is a giant
554 # This config option is intended for use in tests only. It is a giant
555 # footgun to kill security. Don't define it.
555 # footgun to kill security. Don't define it.
556 exactprotocol = ui.config(b'devel', b'serverexactprotocol')
556 exactprotocol = ui.config(b'devel', b'server-insecure-exact-protocol')
557 if exactprotocol == b'tls1.0':
557 if exactprotocol == b'tls1.0':
558 if b'tls1.0' not in supportedprotocols:
558 if b'tls1.0' not in supportedprotocols:
559 raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
559 raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
@@ -583,7 +583,8 b' def wrapserversocket('
583 sslcontext.maximum_version = ssl.TLSVersion.TLSv1_2
583 sslcontext.maximum_version = ssl.TLSVersion.TLSv1_2
584 elif exactprotocol:
584 elif exactprotocol:
585 raise error.Abort(
585 raise error.Abort(
586 _(b'invalid value for serverexactprotocol: %s') % exactprotocol
586 _(b'invalid value for server-insecure-exact-protocol: %s')
587 % exactprotocol
587 )
588 )
588 else:
589 else:
589 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both
590 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both
@@ -594,7 +595,7 b' def wrapserversocket('
594
595
595 # This config option is intended for use in tests only. It is a giant
596 # This config option is intended for use in tests only. It is a giant
596 # footgun to kill security. Don't define it.
597 # footgun to kill security. Don't define it.
597 exactprotocol = ui.config(b'devel', b'serverexactprotocol')
598 exactprotocol = ui.config(b'devel', b'server-insecure-exact-protocol')
598 if exactprotocol == b'tls1.0':
599 if exactprotocol == b'tls1.0':
599 if b'tls1.0' not in supportedprotocols:
600 if b'tls1.0' not in supportedprotocols:
600 raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
601 raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
@@ -609,7 +610,8 b' def wrapserversocket('
609 protocol = ssl.PROTOCOL_TLSv1_2
610 protocol = ssl.PROTOCOL_TLSv1_2
610 elif exactprotocol:
611 elif exactprotocol:
611 raise error.Abort(
612 raise error.Abort(
612 _(b'invalid value for serverexactprotocol: %s') % exactprotocol
613 _(b'invalid value for server-insecure-exact-protocol: %s')
614 % exactprotocol
613 )
615 )
614
616
615 # We /could/ use create_default_context() here since it doesn't load
617 # We /could/ use create_default_context() here since it doesn't load
Show file before | Show file after | Hide comments
@@ -344,13 +344,13 b' Start servers running supported TLS vers'
344
344
345 $ cd test
345 $ cd test
346 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
346 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
347 > --config devel.serverexactprotocol=tls1.0
347 > --config devel.server-insecure-exact-protocol=tls1.0
348 $ cat ../hg0.pid >> $DAEMON_PIDS
348 $ cat ../hg0.pid >> $DAEMON_PIDS
349 $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
349 $ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
350 > --config devel.serverexactprotocol=tls1.1
350 > --config devel.server-insecure-exact-protocol=tls1.1
351 $ cat ../hg1.pid >> $DAEMON_PIDS
351 $ cat ../hg1.pid >> $DAEMON_PIDS
352 $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
352 $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
353 > --config devel.serverexactprotocol=tls1.2
353 > --config devel.server-insecure-exact-protocol=tls1.2
354 $ cat ../hg2.pid >> $DAEMON_PIDS
354 $ cat ../hg2.pid >> $DAEMON_PIDS
355 $ cd ..
355 $ cd ..
356
356
General Comments 0
You need to be logged in to leave comments. Login now