Patchwork [02,of,15] setup: require a Python version with modern SSL features

login
register
mail settings
Submitter Manuel Jacob
Date May 30, 2020, 5:52 a.m.
Message ID <c8a697e466dec7726cf0.1590817934@tmp>
Download mbox | patch
Permalink /patch/46397/
State New
Headers show

Comments

Manuel Jacob - May 30, 2020, 5:52 a.m.
# HG changeset patch
# User Manuel Jacob <me@manueljacob.de>
# Date 1590779246 -7200
#      Fri May 29 21:07:26 2020 +0200
# Node ID c8a697e466dec7726cf0e5d30dafcc37f13196f0
# Parent  45c87d05a2ba00d32181c94bf56d52f48f9c9f02
# EXP-Topic require_modern_ssl
setup: require a Python version with modern SSL features

This increases the minimum security baseline of Mercurial and enables us to
remove compatibility code for supporting older, less secure Python versions.

Patch

diff --git a/setup.py b/setup.py
--- a/setup.py
+++ b/setup.py
@@ -83,6 +83,20 @@  Python {py} detected.
     printf(error, file=sys.stderr)
     sys.exit(1)
 
+import ssl
+try:
+    ssl.SSLContext
+except AttributeError:
+    error = """
+The `ssl` module does not have the `SSLContext` class. This indicates an old
+Python version which does not support modern security features (which were
+added to Python 2.7 as part of "PEP 466"). Please make sure you have installed
+at least Python 2.7.9 or a Python version with backports of these security
+features.
+"""
+    printf(error, file=sys.stderr)
+    sys.exit(1)
+
 if sys.version_info[0] >= 3:
     DYLIB_SUFFIX = sysconfig.get_config_vars()['EXT_SUFFIX']
 else: