Patchwork [1,of,2,STABLE,SSL] sslutil: backed out changeset 074bd02352c0 (issue4038)

login
register
mail settings
Submitter Augie Fackler
Date Sept. 18, 2013, 6:47 p.m.
Message ID <df135218860d1a54b81d.1379530050@arthedain.pit.corp.google.com>
Download mbox | patch
Permalink /patch/2525/
State Accepted
Commit f2871c30e6a7ded2382bc4b48c02c10a04d712f8
Headers show

Comments

Augie Fackler - Sept. 18, 2013, 6:47 p.m.
# HG changeset patch
# User Augie Fackler <raf@durin42.com>
# Date 1379529617 14400
#      Wed Sep 18 14:40:17 2013 -0400
# Branch stable
# Node ID df135218860d1a54b81d5822019b25ee84cf4fb9
# Parent  fd4f612f7cb6413940d4cf2052334cd23f60e042
sslutil: backed out changeset 074bd02352c0 (issue4038)

Python docs are a little unclear, but mpm reports reading the OpenSSL
source code shows that PROTOCOL_SSLv23 allows TLS whereas
PROTOCOL_SSLv3 does not.
Matt Mackall - Sept. 18, 2013, 6:49 p.m.
On Wed, 2013-09-18 at 14:47 -0400, Augie Fackler wrote:
> # HG changeset patch
> # User Augie Fackler <raf@durin42.com>
> # Date 1379529617 14400
> #      Wed Sep 18 14:40:17 2013 -0400
> # Branch stable
> # Node ID df135218860d1a54b81d5822019b25ee84cf4fb9
> # Parent  fd4f612f7cb6413940d4cf2052334cd23f60e042
> sslutil: backed out changeset 074bd02352c0 (issue4038)

These are queued for stable, thanks.

Patch

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -17,8 +17,7 @@ 
     def ssl_wrap_socket(sock, keyfile, certfile,
                 cert_reqs=ssl.CERT_NONE, ca_certs=None):
         sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
-                cert_reqs=cert_reqs, ca_certs=ca_certs,
-                ssl_version=ssl.PROTOCOL_SSLv3)
+                cert_reqs=cert_reqs, ca_certs=ca_certs)
         # check if wrap_socket failed silently because socket had been closed
         # - see http://bugs.python.org/issue13721
         if not sslsocket.cipher():