Mercurial > public > mercurial-scm > hg-stable
diff mercurial/sslutil.py @ 50341:698ffff7024b stable
configitems: make devel.serverexactprotocol look dangerous
Because it is.
| author | pacien <pacien.trangirard@pacien.net> |
|---|---|
| date | Thu, 13 Apr 2023 11:28:48 +0200 |
| parents | 4a1f0bc0713e |
| children | c54e9bb5737e |
line wrap: on
line diff
--- a/mercurial/sslutil.py Thu Apr 13 04:12:31 2023 +0200 +++ b/mercurial/sslutil.py Thu Apr 13 11:28:48 2023 +0200 @@ -553,7 +553,7 @@ # This config option is intended for use in tests only. It is a giant # footgun to kill security. Don't define it. - exactprotocol = ui.config(b'devel', b'serverexactprotocol') + exactprotocol = ui.config(b'devel', b'server-insecure-exact-protocol') if exactprotocol == b'tls1.0': if b'tls1.0' not in supportedprotocols: raise error.Abort(_(b'TLS 1.0 not supported by this Python')) @@ -583,7 +583,8 @@ sslcontext.maximum_version = ssl.TLSVersion.TLSv1_2 elif exactprotocol: raise error.Abort( - _(b'invalid value for serverexactprotocol: %s') % exactprotocol + _(b'invalid value for server-insecure-exact-protocol: %s') + % exactprotocol ) else: # Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both @@ -594,7 +595,7 @@ # This config option is intended for use in tests only. It is a giant # footgun to kill security. Don't define it. - exactprotocol = ui.config(b'devel', b'serverexactprotocol') + exactprotocol = ui.config(b'devel', b'server-insecure-exact-protocol') if exactprotocol == b'tls1.0': if b'tls1.0' not in supportedprotocols: raise error.Abort(_(b'TLS 1.0 not supported by this Python')) @@ -609,7 +610,8 @@ protocol = ssl.PROTOCOL_TLSv1_2 elif exactprotocol: raise error.Abort( - _(b'invalid value for serverexactprotocol: %s') % exactprotocol + _(b'invalid value for server-insecure-exact-protocol: %s') + % exactprotocol ) # We /could/ use create_default_context() here since it doesn't load