On Sun, 8 Apr 2018 09:51:45 +0400, Codarren Velvindron wrote:
> # HG changeset patch
> # User Codarren Velvindron <codar...@hackers.mu>
> # Date 1523166519 -14400
> # Sun Apr 08 09:48:39 2018 +0400
> # Node ID 5df15ef67ce1674a8f408058cd953de5ab9601cf
> # Parent 632b928992039afe96df8f99a8dec6127ff983f1
> slutil: add tls 1.3 support
> -# TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled
> +# TLS 1.1,1.2 and 1.3 may not be supported if the OpenSSL Python is compiled
> # against doesn't support them.
> supportedprotocols = {'tls1.0'}
> if util.safehasattr(ssl, 'PROTOCOL_TLSv1_1'):
> supportedprotocols.add('tls1.1')
> if util.safehasattr(ssl, 'PROTOCOL_TLSv1_2'):
> supportedprotocols.add('tls1.2')
> +if util.safehasattr(ssl, 'PROTOCOL_TLS'):
> + supportedprotocols.add('tls1.3')
PROTOCOL_TLS doesn't mean the Python supports TLS 1.3.
https://docs.python.org/2.7/library/ssl.html#ssl.PROTOCOL_TLS
Perhaps HAS_TLSv1_3 can be used instead.
if getattr(ssl, 'HAS_TLSv1_3', False)
https://docs.python.org/2.7/library/ssl.html#ssl.HAS_TLSv1_3
> @@ -542,6 +547,10 @@
> if 'tls1.2' not in supportedprotocols:
> raise error.Abort(_('TLS 1.2 not supported by this Python'))
> protocol = ssl.PROTOCOL_TLSv1_2
> + elif exactprotocol == 'tls1.3':
> + if 'tls1.3' not in supportedprotocols:
> + raise error.Abort(_('TLS 1.3 not supported by this Python'))
> + protocol = ssl.PROTOCOL_TLSv1_3
Undefined. I have no idea how to enforce the TLS 1.3 here.
Did you run tests? Since you're adding feature depending on unreleased
Python, you'll have to build Python from source.
_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
