upstream/mercurial-mirror Files · tests/cgienv

sslutil: print a warning when using TLS 1.0 on legacy Python...

sslutil: print a warning when using TLS 1.0 on legacy Python Mercurial now requires TLS 1.1+ when TLS 1.1+ is supported by the client. Since we made the decision to require TLS 1.1+ when running with modern Python versions, it makes sense to do something for legacy Python versions that only support TLS 1.0. Feature parity would be to prevent TLS 1.0 connections out of the box and require a config option to enable them. However, this is extremely user hostile since Mercurial wouldn't talk to https:// by default in these installations! I can easily see how someone would do something foolish like use "--insecure" instead - and that would be worse than allowing TLS 1.0! This patch takes the compromise position of printing a warning when performing TLS 1.0 connections when running on old Python versions. While this warning is no more annoying than the CA certificate / fingerprint warnings in Mercurial 3.8, we provide a config option to disable the warning because to many people upgrading Python to make the warning go away is not an available recourse (unlike pinning fingerprints is for the CA warning). The warning appears as optional output in a lot of tests.

StevenGBrown - - Load All Authors

File last commit:

r13269:aa3f726a default


                r29561:1a782fab

default

Download file

             cgienv
        
                    29 lines
            
             | 1.7 KiB
            
                | text/plain
            
             |
                TextLexer

/ tests / cgienv

History | Annotation | Raw |Copy content |Copy permalink

				DOCUMENT_ROOT="/var/www/hg"; export DOCUMENT_ROOT
				GATEWAY_INTERFACE="CGI/1.1"; export GATEWAY_INTERFACE
				HTTP_ACCEPT="text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5"; export HTTP_ACCEPT
				HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7"; export HTTP_ACCEPT_CHARSET
				HTTP_ACCEPT_ENCODING="gzip,deflate"; export HTTP_ACCEPT_ENCODING
				HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.5"; export HTTP_ACCEPT_LANGUAGE
				HTTP_CACHE_CONTROL="max-age=0"; export HTTP_CACHE_CONTROL
				HTTP_CONNECTION="keep-alive"; export HTTP_CONNECTION
				HTTP_HOST="hg.omnifarious.org"; export HTTP_HOST
				HTTP_KEEP_ALIVE="300"; export HTTP_KEEP_ALIVE
				HTTP_USER_AGENT="Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4"; export HTTP_USER_AGENT
				PATH_INFO="/"; export PATH_INFO
				PATH_TRANSLATED="/var/www/hg/index.html"; export PATH_TRANSLATED
				QUERY_STRING=""; export QUERY_STRING
				REMOTE_ADDR="127.0.0.2"; export REMOTE_ADDR
				REMOTE_PORT="44703"; export REMOTE_PORT
				REQUEST_METHOD="GET"; export REQUEST_METHOD
				REQUEST_URI="/test/"; export REQUEST_URI
				SCRIPT_FILENAME="/home/hopper/hg_public/test.cgi"; export SCRIPT_FILENAME
				SCRIPT_NAME="/test"; export SCRIPT_NAME
				SCRIPT_URI="http://hg.omnifarious.org/test/"; export SCRIPT_URI
				SCRIPT_URL="/test/"; export SCRIPT_URL
				SERVER_ADDR="127.0.0.1"; export SERVER_ADDR
				SERVER_ADMIN="eric@localhost"; export SERVER_ADMIN
				SERVER_NAME="hg.omnifarious.org"; export SERVER_NAME
				SERVER_PORT="80"; export SERVER_PORT
				SERVER_PROTOCOL="HTTP/1.1"; export SERVER_PROTOCOL
				SERVER_SIGNATURE="<address>Apache/2.0.53 (Fedora) Server at hg.omnifarious.org Port 80</address>"; export SERVER_SIGNATURE
				SERVER_SOFTWARE="Apache/2.0.53 (Fedora)"; export SERVER_SOFTWARE

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages