On Sun, 8 Apr 2018 09:51:45 +0400, Codarren Velvindron wrote: > # HG changeset patch > # User Codarren Velvindron <codar...@hackers.mu> > # Date 1523166519 -14400 > # Sun Apr 08 09:48:39 2018 +0400 > # Node ID 5df15ef67ce1674a8f408058cd953de5ab9601cf > # Parent 632b928992039afe96df8f99a8dec6127ff983f1 > slutil: add tls 1.3 support
> -# TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled > +# TLS 1.1,1.2 and 1.3 may not be supported if the OpenSSL Python is compiled > # against doesn't support them. > supportedprotocols = {'tls1.0'} > if util.safehasattr(ssl, 'PROTOCOL_TLSv1_1'): > supportedprotocols.add('tls1.1') > if util.safehasattr(ssl, 'PROTOCOL_TLSv1_2'): > supportedprotocols.add('tls1.2') > +if util.safehasattr(ssl, 'PROTOCOL_TLS'): > + supportedprotocols.add('tls1.3') PROTOCOL_TLS doesn't mean the Python supports TLS 1.3. https://docs.python.org/2.7/library/ssl.html#ssl.PROTOCOL_TLS Perhaps HAS_TLSv1_3 can be used instead. if getattr(ssl, 'HAS_TLSv1_3', False) https://docs.python.org/2.7/library/ssl.html#ssl.HAS_TLSv1_3 > @@ -542,6 +547,10 @@ > if 'tls1.2' not in supportedprotocols: > raise error.Abort(_('TLS 1.2 not supported by this Python')) > protocol = ssl.PROTOCOL_TLSv1_2 > + elif exactprotocol == 'tls1.3': > + if 'tls1.3' not in supportedprotocols: > + raise error.Abort(_('TLS 1.3 not supported by this Python')) > + protocol = ssl.PROTOCOL_TLSv1_3 Undefined. I have no idea how to enforce the TLS 1.3 here. Did you run tests? Since you're adding feature depending on unreleased Python, you'll have to build Python from source. _______________________________________________ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel