From patchwork Wed Sep 18 18:47:30 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [1, of, 2, STABLE,
 SSL] sslutil: backed out changeset 074bd02352c0 (issue4038)
From: Augie Fackler <raf@durin42.com>
X-Patchwork-Id: 2525
Message-Id: <df135218860d1a54b81d.1379530050@arthedain.pit.corp.google.com>
To: mercurial-devel@selenic.com
Date: Wed, 18 Sep 2013 14:47:30 -0400

# HG changeset patch
# User Augie Fackler <raf@durin42.com>
# Date 1379529617 14400
#      Wed Sep 18 14:40:17 2013 -0400
# Branch stable
# Node ID df135218860d1a54b81d5822019b25ee84cf4fb9
# Parent  fd4f612f7cb6413940d4cf2052334cd23f60e042
sslutil: backed out changeset 074bd02352c0 (issue4038)

Python docs are a little unclear, but mpm reports reading the OpenSSL
source code shows that PROTOCOL_SSLv23 allows TLS whereas
PROTOCOL_SSLv3 does not.

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -17,8 +17,7 @@
     def ssl_wrap_socket(sock, keyfile, certfile,
                 cert_reqs=ssl.CERT_NONE, ca_certs=None):
         sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
-                cert_reqs=cert_reqs, ca_certs=ca_certs,
-                ssl_version=ssl.PROTOCOL_SSLv3)
+                cert_reqs=cert_reqs, ca_certs=ca_certs)
         # check if wrap_socket failed silently because socket had been closed
         # - see http://bugs.python.org/issue13721
         if not sslsocket.cipher():