--- a/mercurial/sslutil.py Sun Nov 10 07:30:14 2019 -0800
+++ b/mercurial/sslutil.py Fri Nov 08 11:19:20 2019 -0800
@@ -103,13 +103,13 @@
# in this legacy code since we don't support SNI.
args = {
- r'keyfile': self._keyfile,
- r'certfile': self._certfile,
- r'server_side': server_side,
- r'cert_reqs': self.verify_mode,
- r'ssl_version': self.protocol,
- r'ca_certs': self._cacerts,
- r'ciphers': self._ciphers,
+ 'keyfile': self._keyfile,
+ 'certfile': self._certfile,
+ 'server_side': server_side,
+ 'cert_reqs': self.verify_mode,
+ 'ssl_version': self.protocol,
+ 'ca_certs': self._cacerts,
+ 'ciphers': self._ciphers,
}
return ssl.wrap_socket(socket, **args)
@@ -499,7 +499,7 @@
# outright. Hopefully the reason for this error is that we require
# TLS 1.1+ and the server only supports TLS 1.0. Whatever the
# reason, try to emit an actionable warning.
- if e.reason == r'UNSUPPORTED_PROTOCOL':
+ if e.reason == 'UNSUPPORTED_PROTOCOL':
# We attempted TLS 1.0+.
if settings[b'protocolui'] == b'tls1.0':
# We support more than just TLS 1.0+. If this happens,
@@ -568,9 +568,7 @@
)
)
- elif (
- e.reason == r'CERTIFICATE_VERIFY_FAILED' and pycompat.iswindows
- ):
+ elif e.reason == 'CERTIFICATE_VERIFY_FAILED' and pycompat.iswindows:
ui.warn(
_(
@@ -737,9 +735,9 @@
return _(b'no certificate received')
dnsnames = []
- san = cert.get(r'subjectAltName', [])
+ san = cert.get('subjectAltName', [])
for key, value in san:
- if key == r'DNS':
+ if key == 'DNS':
try:
if _dnsnamematch(value, hostname):
return
@@ -750,11 +748,11 @@
if not dnsnames:
# The subject is only checked when there is no DNS in subjectAltName.
- for sub in cert.get(r'subject', []):
+ for sub in cert.get('subject', []):
for key, value in sub:
# According to RFC 2818 the most specific Common Name must
# be used.
- if key == r'commonName':
+ if key == 'commonName':
# 'subject' entries are unicode.
try:
value = value.encode('ascii')