Mercurial > public > mercurial-scm > hg-stable

comparison mercurial/sslutil.py @ 32331:bd872f64a8ba

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cleanup: use set literals We no longer support Python 2.6, so we can now use set literals.
author Martin von Zweigbergk <martinvonz@google.com>
date Fri, 10 Feb 2017 16:56:29 -0800
parents 2e455cbeac50
children 3bdbbadddecc
comparison
equal deleted inserted replaced
32330:2959c3e986e0 32331:bd872f64a8ba
27 # 27 #
28 # Depending on the version of Python being used, SSL/TLS support is either 28 # Depending on the version of Python being used, SSL/TLS support is either
29 # modern/secure or legacy/insecure. Many operations in this module have 29 # modern/secure or legacy/insecure. Many operations in this module have
30 # separate code paths depending on support in Python. 30 # separate code paths depending on support in Python.
31 31
32 configprotocols = set([ 32 configprotocols = {
33 'tls1.0', 33 'tls1.0',
34 'tls1.1', 34 'tls1.1',
35 'tls1.2', 35 'tls1.2',
36 ]) 36 }
37 37
38 hassni = getattr(ssl, 'HAS_SNI', False) 38 hassni = getattr(ssl, 'HAS_SNI', False)
39 39
40 # TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled 40 # TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled
41 # against doesn't support them. 41 # against doesn't support them.
42 supportedprotocols = set(['tls1.0']) 42 supportedprotocols = {'tls1.0'}
43 if util.safehasattr(ssl, 'PROTOCOL_TLSv1_1'): 43 if util.safehasattr(ssl, 'PROTOCOL_TLSv1_1'):
44 supportedprotocols.add('tls1.1') 44 supportedprotocols.add('tls1.1')
45 if util.safehasattr(ssl, 'PROTOCOL_TLSv1_2'): 45 if util.safehasattr(ssl, 'PROTOCOL_TLSv1_2'):
46 supportedprotocols.add('tls1.2') 46 supportedprotocols.add('tls1.2')
47 47
294 # only (as opposed to multiple versions). So the method for 294 # only (as opposed to multiple versions). So the method for
295 # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and 295 # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and
296 # disable protocols via SSLContext.options and OP_NO_* constants. 296 # disable protocols via SSLContext.options and OP_NO_* constants.
297 # However, SSLContext.options doesn't work unless we have the 297 # However, SSLContext.options doesn't work unless we have the
298 # full/real SSLContext available to us. 298 # full/real SSLContext available to us.
299 if supportedprotocols == set(['tls1.0']): 299 if supportedprotocols == {'tls1.0'}:
300 if protocol != 'tls1.0': 300 if protocol != 'tls1.0':
301 raise error.Abort(_('current Python does not support protocol ' 301 raise error.Abort(_('current Python does not support protocol '
302 'setting %s') % protocol, 302 'setting %s') % protocol,
303 hint=_('upgrade Python or disable setting since ' 303 hint=_('upgrade Python or disable setting since '
304 'only TLS 1.0 is supported')) 304 'only TLS 1.0 is supported'))
428 # We support more than just TLS 1.0+. If this happens, 428 # We support more than just TLS 1.0+. If this happens,
429 # the likely scenario is either the client or the server 429 # the likely scenario is either the client or the server
430 # is really old. (e.g. server doesn't support TLS 1.0+ or 430 # is really old. (e.g. server doesn't support TLS 1.0+ or
431 # client doesn't support modern TLS versions introduced 431 # client doesn't support modern TLS versions introduced
432 # several years from when this comment was written). 432 # several years from when this comment was written).
433 if supportedprotocols != set(['tls1.0']): 433 if supportedprotocols != {'tls1.0'}:
434 ui.warn(_( 434 ui.warn(_(
435 '(could not communicate with %s using security ' 435 '(could not communicate with %s using security '
436 'protocols %s; if you are using a modern Mercurial ' 436 'protocols %s; if you are using a modern Mercurial '
437 'version, consider contacting the operator of this ' 437 'version, consider contacting the operator of this '
438 'server; see ' 438 'server; see '