# HG changeset patch
# User Manuel Jacob <m...@manueljacob.de>
# Date 1590919637 -7200
#      Sun May 31 12:07:17 2020 +0200
# Node ID ccb1f10b9fd61d82a2227d648208465f16dccdf3
# Parent  d950d0faa52d3db159147891e58f4488042d9afe
# EXP-Topic sslutil_cleanup
sslutil: check for OpenSSL without TLS 1.0 support in one case

It can only happen if supportedprotocols gets fixed to contain only correct
items (see the FIXME above in the file).

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -553,6 +553,8 @@ def wrapserversocket(
     # footgun to kill security. Don't define it.
     exactprotocol = ui.config(b'devel', b'serverexactprotocol')
     if exactprotocol == b'tls1.0':
+        if b'tls1.0' not in supportedprotocols:
+            raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
         protocol = ssl.PROTOCOL_TLSv1
     elif exactprotocol == b'tls1.1':
         if b'tls1.1' not in supportedprotocols:

_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Reply via email to