Patchwork [6,of,8,v5] sslutil: remove dead code (that failed if only TLS 1.0 is available)

login
register
mail settings
Submitter Manuel Jacob
Date June 1, 2020, 3:28 a.m.
Message ID <7576507bfe5ea28ab6d4.1590982097@tmp>
Download mbox | patch
Permalink /patch/46443/
State New
Headers show

Comments

Manuel Jacob - June 1, 2020, 3:28 a.m.
# HG changeset patch
# User Manuel Jacob <me@manueljacob.de>
# Date 1590957109 -7200
#      Sun May 31 22:31:49 2020 +0200
# Node ID 7576507bfe5ea28ab6d496d532bb9b453998ca35
# Parent  b014f68a7e5f4d3cf72ca6f5d50e3059d05e3ed3
# EXP-Topic require_modern_ssl
sslutil: remove dead code (that failed if only TLS 1.0 is available)

We ensure in setup.py that TLS 1.1 or TLS 1.2 is present.

Patch

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -250,18 +250,6 @@  def protocolsettings(minimumprotocol):
     # only (as opposed to multiple versions). So the method for
     # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and
     # disable protocols via SSLContext.options and OP_NO_* constants.
-    if supportedprotocols == {b'tls1.0'}:
-        if minimumprotocol != b'tls1.0':
-            raise error.Abort(
-                _(b'current Python does not support protocol setting %s')
-                % minimumprotocol,
-                hint=_(
-                    b'upgrade Python or disable setting since '
-                    b'only TLS 1.0 is supported'
-                ),
-            )
-
-        return ssl.PROTOCOL_TLSv1, 0
 
     # SSLv2 and SSLv3 are broken. We ban them outright.
     options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3