##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

setup: require TLS 1.2 support from the Python interpreter (BC)...
Matt Harbison -
r53209:a820a7a1 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -103,8 +103,8 def _hostsettings(ui, hostname):
103 # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config
103 # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config
104 # options in case a legacy server is encountered.
104 # options in case a legacy server is encountered.
105
105
106 # setup.py checks that TLS 1.1 or TLS 1.2 is present, so the following
106 # setup.py checks that TLS 1.2 is present, so the following assert should
107 # assert should not fail.
107 # not fail.
108 assert supportedprotocols - {b'tls1.0', b'tls1.1'}
108 assert supportedprotocols - {b'tls1.0', b'tls1.1'}
109 defaultminimumprotocol = b'tls1.2'
109 defaultminimumprotocol = b'tls1.2'
110
110
Show file before | Show file after | Hide comments
@@ -32,15 +32,12 import ssl
32 # were defined only if compiled against a OpenSSL version with TLS 1.1 / 1.2
32 # were defined only if compiled against a OpenSSL version with TLS 1.1 / 1.2
33 # support. At the mentioned commit, they were unconditionally defined.
33 # support. At the mentioned commit, they were unconditionally defined.
34 _notset = object()
34 _notset = object()
35 has_tlsv1_1 = getattr(ssl, 'HAS_TLSv1_1', _notset)
36 if has_tlsv1_1 is _notset:
37 has_tlsv1_1 = getattr(ssl, 'PROTOCOL_TLSv1_1', _notset) is not _notset
38 has_tlsv1_2 = getattr(ssl, 'HAS_TLSv1_2', _notset)
35 has_tlsv1_2 = getattr(ssl, 'HAS_TLSv1_2', _notset)
39 if has_tlsv1_2 is _notset:
36 if has_tlsv1_2 is _notset:
40 has_tlsv1_2 = getattr(ssl, 'PROTOCOL_TLSv1_2', _notset) is not _notset
37 has_tlsv1_2 = getattr(ssl, 'PROTOCOL_TLSv1_2', _notset) is not _notset
41 if not (has_tlsv1_1 or has_tlsv1_2):
38 if not has_tlsv1_2:
42 error = """
39 error = """
43 The `ssl` module does not advertise support for TLS 1.1 or TLS 1.2.
40 The `ssl` module does not advertise support for TLS 1.2.
44 Please make sure that your Python installation was compiled against an OpenSSL
41 Please make sure that your Python installation was compiled against an OpenSSL
45 version enabling these features (likely this requires the OpenSSL version to
42 version enabling these features (likely this requires the OpenSSL version to
46 be at least 1.0.1).
43 be at least 1.0.1).
General Comments 0
You need to be logged in to leave comments. Login now