[PATCH 3 of 5] git: don't yield paths for directories when walking
# HG changeset patch # User Josef 'Jeff' Sipek # Date 1591018818 14400 # Mon Jun 01 09:40:18 2020 -0400 # Node ID e05b94be1ba0cd6e2ccd9c1688a82ff3a8103a7e # Parent cb9f077123e7e204587b2b9146736ddcfb8d677d git: don't yield paths for directories when walking diff --git a/hgext/git/manifest.py b/hgext/git/manifest.py --- a/hgext/git/manifest.py +++ b/hgext/git/manifest.py @@ -173,9 +173,8 @@ class gittreemanifest(object): self._git_repo[te.id], match, realname + b'/' ): yield inner -if not match(realname): -continue -yield pycompat.fsencode(realname) +elif match(realname): +yield pycompat.fsencode(realname) def walk(self, match): # TODO: this is a very lazy way to merge in the pending ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
[PATCH 5 of 5] git: implement diff manifest method
# HG changeset patch
# User Josef 'Jeff' Sipek
# Date 1591024345 14400
# Mon Jun 01 11:12:25 2020 -0400
# Node ID c9d3c553309f1b6662659e94dbd3fb358e84bdfe
# Parent c8ee7f58b11b835918e1e83b89741999f8809866
git: implement diff manifest method
This makes 'hg diff' work.
diff --git a/hgext/git/manifest.py b/hgext/git/manifest.py
--- a/hgext/git/manifest.py
+++ b/hgext/git/manifest.py
@@ -127,8 +127,78 @@ class gittreemanifest(object):
return dir in self._dirs
def diff(self, other, match=None, clean=False):
-# TODO
-assert False
+'''Finds changes between the current manifest and m2.
+
+The result is returned as a dict with filename as key and
+values of the form ((n1,fl1),(n2,fl2)), where n1/n2 is the
+nodeid in the current/other manifest and fl1/fl2 is the flag
+in the current/other manifest. Where the file does not exist,
+the nodeid will be None and the flags will be the empty
+string.
+'''
+result = {}
+
+def _iterativediff(t1, t2, subdir):
+"""compares two trees and appends new tree nodes to examine to
+the stack"""
+if t1 is not None and t2 is not None and t1.id == t2.id: # TODO:
check dirtyness
+return
+if t1 is None:
+t1 = ()
+if t2 is None:
+t2 = ()
+
+for e1 in t1:
+realname = subdir + pycompat.fsencode(e1.name)
+
+if e1.type == pygit2.GIT_OBJ_TREE:
+try:
+e2 = t2[e1.name]
+except KeyError:
+e2 = None
+
+if e2.type != pygit2.GIT_OBJ_TREE:
+e2 = None
+
+stack.append((realname + b'/', e1, e2))
+else:
+n1, fl1 = self.find(realname)
+
+try:
+e2 = t2[e1.name]
+n2, fl2 = other.find(realname)
+except KeyError:
+e2 = None
+n2, fl2 = (None, b'')
+
+if e2 is not None and e2.type == pygit2.GIT_OBJ_TREE:
+stack.append((realname + b'/', None, e2))
+
+if n1 != n2 or fl1 != fl2:
+result[realname] = ((n1, fl1), (n2, fl2))
+elif clean:
+result[realname] = None
+
+for e2 in t2:
+if e2.name in t1:
+continue
+
+realname = subdir + pycompat.fsencode(e2.name)
+
+if e2.type == pygit2.GIT_OBJ_TREE:
+stack.append((realname + b'/', None, e2))
+else:
+n2, fl2 = other.find(realname)
+result[realname] = ((None, b''), (n2, fl2))
+
+stack = []
+_iterativediff(self._tree, other._tree, b'')
+while stack:
+subdir, t1, t2 = stack.pop()
+# stack is populated in the function call
+_iterativediff(t1, t2, subdir)
+
+return result
def setflag(self, path, flag):
node, unused_flag = self._resolve_entry(path)
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
[PATCH 4 of 5] git: properly visit child tree objects when resolving a path
# HG changeset patch
# User Josef 'Jeff' Sipek
# Date 1591019387 14400
# Mon Jun 01 09:49:47 2020 -0400
# Node ID c8ee7f58b11b835918e1e83b89741999f8809866
# Parent e05b94be1ba0cd6e2ccd9c1688a82ff3a8103a7e
git: properly visit child tree objects when resolving a path
diff --git a/hgext/git/manifest.py b/hgext/git/manifest.py
--- a/hgext/git/manifest.py
+++ b/hgext/git/manifest.py
@@ -56,8 +56,9 @@ class gittreemanifest(object):
return val
t = self._tree
comps = upath.split('/')
+te = self._tree
for comp in comps[:-1]:
-te = self._tree[comp]
+te = te[comp]
t = self._git_repo[te.id]
ent = t[comps[-1]]
if ent.filemode == pygit2.GIT_FILEMODE_BLOB:
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
Re: [PATCH 5 of 5] git: implement diff manifest method
On Mon, Jun 01, 2020 at 11:32:49 -0400, Josef 'Jeff' Sipek wrote:
> # HG changeset patch
> # User Josef 'Jeff' Sipek
> # Date 1591024345 14400
> # Mon Jun 01 11:12:25 2020 -0400
> # Node ID c9d3c553309f1b6662659e94dbd3fb358e84bdfe
> # Parent c8ee7f58b11b835918e1e83b89741999f8809866
> git: implement diff manifest method
>
> This makes 'hg diff' work.
>
> diff --git a/hgext/git/manifest.py b/hgext/git/manifest.py
> --- a/hgext/git/manifest.py
> +++ b/hgext/git/manifest.py
> @@ -127,8 +127,78 @@ class gittreemanifest(object):
> return dir in self._dirs
>
> def diff(self, other, match=None, clean=False):
Bah. I completely forgot to deal with matches - so this always producess an
unfiltered diff.
> -# TODO
> -assert False
> +'''Finds changes between the current manifest and m2.
> +
> +The result is returned as a dict with filename as key and
> +values of the form ((n1,fl1),(n2,fl2)), where n1/n2 is the
> +nodeid in the current/other manifest and fl1/fl2 is the flag
> +in the current/other manifest. Where the file does not exist,
> +the nodeid will be None and the flags will be the empty
> +string.
> +'''
> +result = {}
> +
> +def _iterativediff(t1, t2, subdir):
> +"""compares two trees and appends new tree nodes to examine to
> +the stack"""
> +if t1 is not None and t2 is not None and t1.id == t2.id: # TODO:
> check dirtyness
And about this. :|
But the other 4 commits are fine, IMO :)
Jeff.
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
[PATCH 2 of 5] git: correctly check for type of object when walking
# HG changeset patch # User Josef 'Jeff' Sipek # Date 1591017773 14400 # Mon Jun 01 09:22:53 2020 -0400 # Node ID cb9f077123e7e204587b2b9146736ddcfb8d677d # Parent 1a21d199a8b00e5fb2566ca99fab417253b13b19 git: correctly check for type of object when walking diff --git a/hgext/git/manifest.py b/hgext/git/manifest.py --- a/hgext/git/manifest.py +++ b/hgext/git/manifest.py @@ -168,7 +168,7 @@ class gittreemanifest(object): for te in tree: # TODO: can we prune dir walks with the matcher? realname = subdir + pycompat.fsencode(te.name) -if te.type == r'tree': +if te.type == pygit2.GIT_OBJ_TREE: for inner in self._walkonetree( self._git_repo[te.id], match, realname + b'/' ): ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
[PATCH 1 of 5] git: implement stub prefetch_parents dirstate method
# HG changeset patch # User Josef 'Jeff' Sipek # Date 1591016388 14400 # Mon Jun 01 08:59:48 2020 -0400 # Node ID 1a21d199a8b00e5fb2566ca99fab417253b13b19 # Parent 1537ce87e3ba3759470812143ee972ef9eb8 git: implement stub prefetch_parents dirstate method A recent change (35b255e474d9) introduced this new required dirstate method but didn't update the git extension. diff --git a/hgext/git/dirstate.py b/hgext/git/dirstate.py --- a/hgext/git/dirstate.py +++ b/hgext/git/dirstate.py @@ -288,6 +288,10 @@ class gitdirstate(object): # TODO: track copies? return None +def prefetch_parents(self): +# TODO +pass + @contextlib.contextmanager def parentchange(self): # TODO: track this maybe? ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
[PATCH] git: implement diff manifest method
# HG changeset patch
# User Josef 'Jeff' Sipek
# Date 1591024345 14400
# Mon Jun 01 11:12:25 2020 -0400
# Node ID 8b5e8dc4163b540bf7d0ce6b989090f751081583
# Parent c8ee7f58b11b835918e1e83b89741999f8809866
git: implement diff manifest method
This makes 'hg diff' work.
diff --git a/hgext/git/manifest.py b/hgext/git/manifest.py
--- a/hgext/git/manifest.py
+++ b/hgext/git/manifest.py
@@ -126,9 +126,79 @@ class gittreemanifest(object):
def hasdir(self, dir):
return dir in self._dirs
-def diff(self, other, match=None, clean=False):
-# TODO
-assert False
+def diff(self, other, match=lambda x: True, clean=False):
+'''Finds changes between the current manifest and m2.
+
+The result is returned as a dict with filename as key and
+values of the form ((n1,fl1),(n2,fl2)), where n1/n2 is the
+nodeid in the current/other manifest and fl1/fl2 is the flag
+in the current/other manifest. Where the file does not exist,
+the nodeid will be None and the flags will be the empty
+string.
+'''
+result = {}
+
+def _iterativediff(t1, t2, subdir):
+"""compares two trees and appends new tree nodes to examine to
+the stack"""
+if t1 is None:
+t1 = {}
+if t2 is None:
+t2 = {}
+
+for e1 in t1:
+realname = subdir + pycompat.fsencode(e1.name)
+
+if e1.type == pygit2.GIT_OBJ_TREE:
+try:
+e2 = t2[e1.name]
+if e2.type != pygit2.GIT_OBJ_TREE:
+e2 = None
+except KeyError:
+e2 = None
+
+stack.append((realname + b'/', e1, e2))
+else:
+n1, fl1 = self.find(realname)
+
+try:
+e2 = t2[e1.name]
+n2, fl2 = other.find(realname)
+except KeyError:
+e2 = None
+n2, fl2 = (None, b'')
+
+if e2 is not None and e2.type == pygit2.GIT_OBJ_TREE:
+stack.append((realname + b'/', None, e2))
+
+if not match(realname):
+continue
+
+if n1 != n2 or fl1 != fl2:
+result[realname] = ((n1, fl1), (n2, fl2))
+elif clean:
+result[realname] = None
+
+for e2 in t2:
+if e2.name in t1:
+continue
+
+realname = subdir + pycompat.fsencode(e2.name)
+
+if e2.type == pygit2.GIT_OBJ_TREE:
+stack.append((realname + b'/', None, e2))
+elif match(realname):
+n2, fl2 = other.find(realname)
+result[realname] = ((None, b''), (n2, fl2))
+
+stack = []
+_iterativediff(self._tree, other._tree, b'')
+while stack:
+subdir, t1, t2 = stack.pop()
+# stack is populated in the function call
+_iterativediff(t1, t2, subdir)
+
+return result
def setflag(self, path, flag):
node, unused_flag = self._resolve_entry(path)
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
[PATCH] sslutil: fix comment to use inclusive or instead of exclusive or
# HG changeset patch
# User Manuel Jacob
# Date 1591017751 -7200
# Mon Jun 01 15:22:31 2020 +0200
# Node ID cdda90fe3db5040472014c980385fba69f37ad76
# Parent d61c05450b378372437b8ea499ff43ce0b7f5cb3
sslutil: fix comment to use inclusive or instead of exclusive or
The incorrect "either" was introduced by one of my recent patches.
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -104,8 +104,8 @@ def _hostsettings(ui, hostname):
# BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config
# options in case a legacy server is encountered.
-# setup.py checks that either TLS 1.1 or TLS 1.2 is present, so the
-# following assert should not fail.
+# setup.py checks that TLS 1.1 or TLS 1.2 is present, so the following
+# assert should not fail.
assert supportedprotocols - {b'tls1.0'}
defaultminimumprotocol = b'tls1.1'
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
[PATCH 2 of 3] sslutil: stop storing protocol and options for SSLContext in settings dict
# HG changeset patch # User Manuel Jacob # Date 1591014013 -7200 # Mon Jun 01 14:20:13 2020 +0200 # Node ID cc29486022ffe6525fc242fa395ea5236db538eb # Parent 776bb7e68bba72e8f37d81737df46e63e2565b2a # EXP-Topic sslutil-cleanup sslutil: stop storing protocol and options for SSLContext in settings dict Call protocolsettings() where its return values are needed. diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py --- a/mercurial/sslutil.py +++ b/mercurial/sslutil.py @@ -77,15 +77,11 @@ def _hostsettings(ui, hostname): b'disablecertverification': False, # Whether the legacy [hostfingerprints] section has data for this host. b'legacyfingerprint': False, -# PROTOCOL_* constant to use for SSLContext.__init__. -b'protocol': None, # String representation of minimum protocol to be used for UI # presentation. b'minimumprotocol': None, # ssl.CERT_* constant used by SSLContext.verify_mode. b'verifymode': None, -# Defines extra ssl.OP* bitwise options to set. -b'ctxoptions': None, # OpenSSL Cipher List to use (instead of default). b'ciphers': None, } @@ -124,7 +120,6 @@ def _hostsettings(ui, hostname): minimumprotocol = b'tls1.0' s[b'minimumprotocol'] = minimumprotocol -s[b'protocol'], s[b'ctxoptions'] = protocolsettings(minimumprotocol) ciphers = ui.config(b'hostsecurity', b'ciphers') ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers) @@ -226,8 +221,6 @@ def _hostsettings(ui, hostname): # user). s[b'verifymode'] = ssl.CERT_NONE -assert s[b'protocol'] is not None -assert s[b'ctxoptions'] is not None assert s[b'verifymode'] is not None return s @@ -321,8 +314,9 @@ def wrapsocket(sock, keyfile, certfile, # bundle with a specific CA cert removed. If the system/default CA bundle # is loaded and contains that removed CA, you've just undone the user's # choice. -sslcontext = ssl.SSLContext(settings[b'protocol']) -sslcontext.options |= settings[b'ctxoptions'] +protocol, options = protocolsettings(settings[b'minimumprotocol']) +sslcontext = ssl.SSLContext(protocol) +sslcontext.options |= options sslcontext.verify_mode = settings[b'verifymode'] if settings[b'ciphers']: ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
Re: [PATCH 1 of 3] sslutil: rename 'minimumprotocolui' -> 'minimumprotocol'
On Mon, 01 Jun 2020 14:43:10 +0200, Manuel Jacob wrote: > # HG changeset patch > # User Manuel Jacob > # Date 1591013226 -7200 > # Mon Jun 01 14:07:06 2020 +0200 > # Node ID 776bb7e68bba72e8f37d81737df46e63e2565b2a > # Parent d61c05450b378372437b8ea499ff43ce0b7f5cb3 > # EXP-Topic sslutil-cleanup > sslutil: rename 'minimumprotocolui' -> 'minimumprotocol' Queued for default, thanks. ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
Re: [PATCH 1 of 8 v5] setup: require that Python has TLS 1.1 or TLS 1.2
On Mon, 01 Jun 2020 13:44:50 +0200, Manuel Jacob wrote: > Having intro mails worked fine except for the last three, which got > rejected. Two of these intro mails actually had content and it was > unfortunate that they didn't get through (in addition to breaking > threading). I'll not send intro mails until it was analyzed why they > didn't get through. Intro message is banned because the content will be lost in commit history. I don't know why it worked for the first two batches. You can configure patchbomb to not include the PATCH 0 message. https://www.mercurial-scm.org/wiki/ContributingChanges#Emailing_patches ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
[PATCH 1 of 3] sslutil: rename 'minimumprotocolui' -> 'minimumprotocol'
# HG changeset patch # User Manuel Jacob # Date 1591013226 -7200 # Mon Jun 01 14:07:06 2020 +0200 # Node ID 776bb7e68bba72e8f37d81737df46e63e2565b2a # Parent d61c05450b378372437b8ea499ff43ce0b7f5cb3 # EXP-Topic sslutil-cleanup sslutil: rename 'minimumprotocolui' -> 'minimumprotocol' Before, both 'minimumprotocolui' and 'minimumprotocol' were used, but meaning the same. diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py --- a/mercurial/sslutil.py +++ b/mercurial/sslutil.py @@ -81,7 +81,7 @@ def _hostsettings(ui, hostname): b'protocol': None, # String representation of minimum protocol to be used for UI # presentation. -b'minimumprotocolui': None, +b'minimumprotocol': None, # ssl.CERT_* constant used by SSLContext.verify_mode. b'verifymode': None, # Defines extra ssl.OP* bitwise options to set. @@ -123,7 +123,7 @@ def _hostsettings(ui, hostname): if ui.insecureconnections: minimumprotocol = b'tls1.0' -s[b'minimumprotocolui'] = minimumprotocol +s[b'minimumprotocol'] = minimumprotocol s[b'protocol'], s[b'ctxoptions'] = protocolsettings(minimumprotocol) ciphers = ui.config(b'hostsecurity', b'ciphers') @@ -402,7 +402,7 @@ def wrapsocket(sock, keyfile, certfile, # reason, try to emit an actionable warning. if e.reason == 'UNSUPPORTED_PROTOCOL': # We attempted TLS 1.0+. -if settings[b'minimumprotocolui'] == b'tls1.0': +if settings[b'minimumprotocol'] == b'tls1.0': # We support more than just TLS 1.0+. If this happens, # the likely scenario is either the client or the server # is really old. (e.g. server doesn't support TLS 1.0+ or @@ -447,7 +447,7 @@ def wrapsocket(sock, keyfile, certfile, b'to be more secure than the server can support)\n' ) % ( -settings[b'minimumprotocolui'], +settings[b'minimumprotocol'], pycompat.bytesurl(serverhostname), ) ) ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
Re: [PATCH] sslutil: fix comment to use inclusive or instead of exclusive or
On Mon, 01 Jun 2020 15:22:40 +0200, Manuel Jacob wrote: > # HG changeset patch > # User Manuel Jacob > # Date 1591017751 -7200 > # Mon Jun 01 15:22:31 2020 +0200 > # Node ID cdda90fe3db5040472014c980385fba69f37ad76 > # Parent d61c05450b378372437b8ea499ff43ce0b7f5cb3 > sslutil: fix comment to use inclusive or instead of exclusive or Queued for default, thanks. ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
Re: [PATCH 7 of 8 v5] sslutil: propagate return value ssl.PROTOCOL_SSLv23 from protocolsettings()
On Mon, 01 Jun 2020 05:28:18 +0200, Manuel Jacob wrote: > # HG changeset patch > # User Manuel Jacob > # Date 1590970587 -7200 > # Mon Jun 01 02:16:27 2020 +0200 > # Node ID 64807e560eedc6c2571d34ffb7bd2f7e356dd606 > # Parent 7576507bfe5ea28ab6d496d532bb9b453998ca35 > # EXP-Topic require_modern_ssl > sslutil: propagate return value ssl.PROTOCOL_SSLv23 from protocolsettings() > -def protocolsettings(minimumprotocol): > +def ssloptions(minimumprotocol): > """Resolve the protocol for a config value. > > Returns a tuple of (protocol, options) which are values used by > SSLContext. > @@ -268,7 +265,7 @@ def protocolsettings(minimumprotocol): > # There is no guarantee this attribute is defined on the module. > options |= getattr(ssl, 'OP_NO_COMPRESSION', 0) > > -return ssl.PROTOCOL_SSLv23, options > +return options Need to move/rephrase the following comment: # Despite its name, PROTOCOL_SSLv23 selects the highest protocol # that both ends support, including TLS protocols. # # The PROTOCOL_TLSv* constants select a specific TLS version # only (as opposed to multiple versions). So the method for # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and # disable protocols via SSLContext.options and OP_NO_* constants. ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
[PATCH 3 of 3] sslutil: propagate return value ssl.PROTOCOL_SSLv23 from protocolsettings()
# HG changeset patch # User Manuel Jacob # Date 1591014862 -7200 # Mon Jun 01 14:34:22 2020 +0200 # Node ID 612b83f33402efb1d64a81bc2d6a9f024d560cb4 # Parent cc29486022ffe6525fc242fa395ea5236db538eb # EXP-Topic sslutil-cleanup sslutil: propagate return value ssl.PROTOCOL_SSLv23 from protocolsettings() Also, protocolsettings() was renamed to commonssloptions() to reflect that only the options are returned. diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py --- a/mercurial/sslutil.py +++ b/mercurial/sslutil.py @@ -226,22 +226,12 @@ def _hostsettings(ui, hostname): return s -def protocolsettings(minimumprotocol): -"""Resolve the protocol for a config value. - -Returns a tuple of (protocol, options) which are values used by SSLContext. +def commonssloptions(minimumprotocol): +"""Return SSLContext options common to servers and clients. """ if minimumprotocol not in configprotocols: raise ValueError(b'protocol value not supported: %s' % minimumprotocol) -# Despite its name, PROTOCOL_SSLv23 selects the highest protocol -# that both ends support, including TLS protocols. -# -# The PROTOCOL_TLSv* constants select a specific TLS version -# only (as opposed to multiple versions). So the method for -# supporting multiple TLS versions is to use PROTOCOL_SSLv23 and -# disable protocols via SSLContext.options and OP_NO_* constants. - # SSLv2 and SSLv3 are broken. We ban them outright. options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 @@ -259,7 +249,7 @@ def protocolsettings(minimumprotocol): # There is no guarantee this attribute is defined on the module. options |= getattr(ssl, 'OP_NO_COMPRESSION', 0) -return ssl.PROTOCOL_SSLv23, options +return options def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None): @@ -314,9 +304,11 @@ def wrapsocket(sock, keyfile, certfile, # bundle with a specific CA cert removed. If the system/default CA bundle # is loaded and contains that removed CA, you've just undone the user's # choice. -protocol, options = protocolsettings(settings[b'minimumprotocol']) -sslcontext = ssl.SSLContext(protocol) -sslcontext.options |= options +# Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both +# ends support, including TLS protocols. commonssloptions() restricts the +# set of allowed protocols. +sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) +sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) sslcontext.verify_mode = settings[b'verifymode'] if settings[b'ciphers']: @@ -512,7 +504,11 @@ def wrapserversocket( _(b'referenced certificate file (%s) does not exist') % f ) -protocol, options = protocolsettings(b'tls1.0') +# Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both +# ends support, including TLS protocols. commonssloptions() restricts the +# set of allowed protocols. +protocol = ssl.PROTOCOL_SSLv23 +options = commonssloptions(b'tls1.0') # This config option is intended for use in tests only. It is a giant # footgun to kill security. Don't define it. ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
Re: [PATCH 3 of 8 v5] tests: stop checking for optional, now impossible output
On Mon, 01 Jun 2020 05:28:14 +0200, Manuel Jacob wrote: > # HG changeset patch > # User Manuel Jacob > # Date 1590877556 -7200 > # Sun May 31 00:25:56 2020 +0200 > # Node ID e0d6fc43f3227a11934a69c8eff40d307a5ad697 > # Parent 8ebbebfe6cefed68e01f237eac1dcdf6aa6f7fbc > # EXP-Topic require_modern_ssl > tests: stop checking for optional, now impossible output Folded this with the PATCH 4, which actually removes the warning. ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
Re: [PATCH 1 of 8 v5] setup: require that Python has TLS 1.1 or TLS 1.2
On Mon, 01 Jun 2020 05:28:12 +0200, Manuel Jacob wrote: > # HG changeset patch > # User Manuel Jacob > # Date 1590874939 -7200 > # Sat May 30 23:42:19 2020 +0200 > # Node ID 2d2497e32978bc17060f5142b45789b449e7d9d3 > # Parent dd7c4a208a4ed6c798330a21b13a349a020c877d > # EXP-Topic require_modern_ssl > setup: require that Python has TLS 1.1 or TLS 1.2 Queued 1-6 and 8 for default, thanks. Next time, please don't send the --intro email, which would be rejected by server and break email threading. ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
Re: [PATCH 1 of 8 v5] setup: require that Python has TLS 1.1 or TLS 1.2
On 2020-06-01 13:32, Yuya Nishihara wrote: On Mon, 01 Jun 2020 05:28:12 +0200, Manuel Jacob wrote: # HG changeset patch # User Manuel Jacob # Date 1590874939 -7200 # Sat May 30 23:42:19 2020 +0200 # Node ID 2d2497e32978bc17060f5142b45789b449e7d9d3 # Parent dd7c4a208a4ed6c798330a21b13a349a020c877d # EXP-Topic require_modern_ssl setup: require that Python has TLS 1.1 or TLS 1.2 Queued 1-6 and 8 for default, thanks. Next time, please don't send the --intro email, which would be rejected by server and break email threading. Having intro mails worked fine except for the last three, which got rejected. Two of these intro mails actually had content and it was unfortunate that they didn't get through (in addition to breaking threading). I'll not send intro mails until it was analyzed why they didn't get through. ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
