Hello Yuya,

On Sun, Apr 1, 2018 at 1:45 PM, Yuya Nishihara <y...@tcha.org> wrote:

> On Sun, 1 Apr 2018 08:55:27 +0400, Codarren Velvindron wrote:
> > # HG changeset patch
> > # User Codarren Velvindron <codar...@hackers.mu>
> > # Date 1522557692 -14400
> > #      Sun Apr 01 08:41:32 2018 +0400
> > # Node ID 3a1cdeff1f61187e4a8af5f7259ca48039571b9e
> > # Parent  2ed180117f7658d0cbf6a1ece20944465c55c947
> > sslutil: add tls 1.3 support
>
> [...]

empty line will be removed

>
> > -# TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled
> > +# TLS 1.1, 1.2 and 1.3 may not be supported if the OpenSSL Python is
> compiled
> >  # against doesn't support them.
> >  supportedprotocols = {'tls1.0'}
> >  if util.safehasattr(ssl, 'PROTOCOL_TLSv1_1'):
> >      supportedprotocols.add('tls1.1')
> >  if util.safehasattr(ssl, 'PROTOCOL_TLSv1_2'):
> >      supportedprotocols.add('tls1.2')
> > +if util.safehasattr(ssl, 'PROTOCOL_TLSv1_3'):
> > +    supportedprotocols.add('tls1.3')
>
> While checking the test code, I noticed PROTOCOL_TLSv1_3 appears not
> provided
> by the next Python 2. OP_NO_TLSv1_3 is claimed to be available in 2.7.15,
> though.
>
> https://docs.python.org/2.7/library/ssl.html

will use PROTOCOL_TLS instead.

>
> > +#if sslcontext tls1.3
> > +Start servers running supported TLS versions
> > +
> > +  $ cd test
> > +  $ hg serve -p $HGPORT3 -d --pid-file=../hg3.pid --certificate=$PRIV \
> > +  > --config devel.serverexactprotocol=tls1.3
> > +  $ cat ../hg3.pid >> $DAEMON_PIDS
>
> $HGPORT3 isn't defined.

can we reuse already defined variables? like $HGPORT? or should we define
new vars?

>
> > +Clients talking same TLS versions work
> > +
> > +  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.3 id
> https://localhost:$HGPORT3/
> > +  5fed3813f7f5
> > +
> > +Clients requiring newer TLS version than what server supports fail
> > +
> > +  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.3 id
> https://localhost:$HGPORT3/
>
> Here we need to test the pair of TLS=1.3 client + TLS<1.3 server, but the
> server
> supports TLS 1.3.
>
will correct this.

Thanks,
Codarren
_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Reply via email to