Mercurial > public > mercurial-scm > hg
comparison mercurial/sslutil.py @ 52283:baeb5e8d2612
sslutil: drop the unused `commonssloptions()`
The last usage was removed in 94cf83d9a2c9.
| author | Matt Harbison <matt_harbison@yahoo.com> |
|---|---|
| date | Mon, 11 Nov 2024 12:32:04 -0500 |
| parents | f1b37ed41f01 |
| children | 323e3626929a |
comparison
equal
deleted
inserted
replaced
| 52282:f1b37ed41f01 | 52283:baeb5e8d2612 |
|---|---|
| 230 s[b'verifymode'] = ssl.CERT_NONE | 230 s[b'verifymode'] = ssl.CERT_NONE |
| 231 | 231 |
| 232 assert s[b'verifymode'] is not None | 232 assert s[b'verifymode'] is not None |
| 233 | 233 |
| 234 return s | 234 return s |
| 235 | |
| 236 | |
| 237 def commonssloptions(minimumprotocol): | |
| 238 """Return SSLContext options common to servers and clients.""" | |
| 239 if minimumprotocol not in configprotocols: | |
| 240 raise ValueError(b'protocol value not supported: %s' % minimumprotocol) | |
| 241 | |
| 242 # SSLv2 and SSLv3 are broken. We ban them outright. | |
| 243 options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | |
| 244 | |
| 245 if minimumprotocol == b'tls1.0': | |
| 246 # Defaults above are to use TLS 1.0+ | |
| 247 pass | |
| 248 elif minimumprotocol == b'tls1.1': | |
| 249 options |= ssl.OP_NO_TLSv1 | |
| 250 elif minimumprotocol == b'tls1.2': | |
| 251 options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | |
| 252 else: | |
| 253 raise error.Abort(_(b'this should not happen')) | |
| 254 | |
| 255 # Prevent CRIME. | |
| 256 # There is no guarantee this attribute is defined on the module. | |
| 257 options |= getattr(ssl, 'OP_NO_COMPRESSION', 0) | |
| 258 | |
| 259 return options | |
| 260 | 235 |
| 261 | 236 |
| 262 def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None): | 237 def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None): |
| 263 """Add SSL/TLS to a socket. | 238 """Add SSL/TLS to a socket. |
| 264 | 239 |