Patchwork [3,of,5] sslutil: add FIXME about supportedprotocols possibly containing too many items

login
register
mail settings
Submitter Manuel Jacob
Date May 31, 2020, 10:24 a.m.
Message ID <14fb5b19169473e9a14a.1590920686@tmp>
Download mbox | patch
Permalink /patch/46435/
State New
Headers show

Comments

Manuel Jacob - May 31, 2020, 10:24 a.m.
# HG changeset patch
# User Manuel Jacob <me@manueljacob.de>
# Date 1590918063 -7200
#      Sun May 31 11:41:03 2020 +0200
# Node ID 14fb5b19169473e9a14a5ad4371ca727cd8c8293
# Parent  efea7f15c5d5e32f3a6be167c733581afc612b3c
# EXP-Topic sslutil_cleanup
sslutil: add FIXME about supportedprotocols possibly containing too many items

Patch

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -46,6 +46,13 @@  hassni = getattr(ssl, 'HAS_SNI', False)
 
 # TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled
 # against doesn't support them.
+# FIXME: Since CPython commit 6e8cda91d92da72800d891b2fc2073ecbc134d98
+# individual TLS versions can be turned on and off, and the
+# ssl.PROTOCOL_TLSv1_* constants are always defined.
+# This means that, on unusual configurations, the following dict may contain
+# too many entries. A proper fix would be to check ssl.HAS_TLSv* where
+# available (Python 3.7+). Before that, this module should be proofed against
+# all possible combinations.
 supportedprotocols = {b'tls1.0'}
 if util.safehasattr(ssl, b'PROTOCOL_TLSv1_1'):
     supportedprotocols.add(b'tls1.1')