Patchwork [04,of,15] sslutil: remove comments referring to removed SSLContext emulation class

login
register
mail settings
Submitter Manuel Jacob
Date May 30, 2020, 5:52 a.m.
Message ID <fa4460229a8d1a392564.1590817936@tmp>
Download mbox | patch
Permalink /patch/46399/
State New
Headers show

Comments

Manuel Jacob - May 30, 2020, 5:52 a.m.
# HG changeset patch
# User Manuel Jacob <me@manueljacob.de>
# Date 1590784286 -7200
#      Fri May 29 22:31:26 2020 +0200
# Node ID fa4460229a8d1a392564d0cbe78216760154822c
# Parent  4b0fc7112e0c75ae290e9204bd9efdca841244df
# EXP-Topic require_modern_ssl
sslutil: remove comments referring to removed SSLContext emulation class

Patch

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -264,8 +264,6 @@  def protocolsettings(protocol):
     # only (as opposed to multiple versions). So the method for
     # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and
     # disable protocols via SSLContext.options and OP_NO_* constants.
-    # However, SSLContext.options doesn't work unless we have the
-    # full/real SSLContext available to us.
     if supportedprotocols == {b'tls1.0'}:
         if protocol != b'tls1.0':
             raise error.Abort(
@@ -279,9 +277,6 @@  def protocolsettings(protocol):
 
         return ssl.PROTOCOL_TLSv1, 0, b'tls1.0'
 
-    # WARNING: returned options don't work unless the modern ssl module
-    # is available. Be careful when adding options here.
-
     # SSLv2 and SSLv3 are broken. We ban them outright.
     options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
 
@@ -355,11 +350,7 @@  def wrapsocket(sock, keyfile, certfile, 
     # is loaded and contains that removed CA, you've just undone the user's
     # choice.
     sslcontext = ssl.SSLContext(settings[b'protocol'])
-
-    # This is a no-op unless using modern ssl.
     sslcontext.options |= settings[b'ctxoptions']
-
-    # This still works on our fake SSLContext.
     sslcontext.verify_mode = settings[b'verifymode']
 
     if settings[b'ciphers']: