Patchwork [2,of,4] ssl: drop support for Python < 2.6, require ssl module

login
register
mail settings
Submitter Yuya Nishihara
Date June 5, 2015, 2:21 p.m.
Message ID <7e1bcf9d4a3557d13d04.1433514081@mimosa>
Download mbox | patch
Permalink /patch/9517/
State Accepted
Headers show

Comments

Yuya Nishihara - June 5, 2015, 2:21 p.m.
# HG changeset patch
# User Yuya Nishihara <yuya@tcha.org>
# Date 1433507866 -32400
#      Fri Jun 05 21:37:46 2015 +0900
# Node ID 7e1bcf9d4a3557d13d04c1ffd597487f26ff71b4
# Parent  9d1c617159398bdb9f552fe312f5bac55521c28e
ssl: drop support for Python < 2.6, require ssl module

try-except clause is kept for readability of this patch, and it will be
removed soon.

Patch

diff --git a/mercurial/help/config.txt b/mercurial/help/config.txt
--- a/mercurial/help/config.txt
+++ b/mercurial/help/config.txt
@@ -1423,10 +1423,6 @@  User interface controls.
 ``remotecmd``
     remote command to use for clone/push/pull operations. Default is ``hg``.
 
-``reportoldssl``
-    Warn if an SSL certificate is unable to be used due to using Python
-    2.5 or earlier. True or False. Default is True.
-
 ``report_untrusted``
     Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a
     trusted user or group. True or False. Default is True.
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -6,15 +6,13 @@ 
 #
 # This software may be used and distributed according to the terms of the
 # GNU General Public License version 2 or any later version.
-import os, sys
+import os, sys, ssl
 
 from mercurial import util
 from mercurial.i18n import _
 
 _canloaddefaultcerts = False
 try:
-    # avoid using deprecated/broken FakeSocket in python 2.6
-    import ssl
     CERT_REQUIRED = ssl.CERT_REQUIRED
     try:
         ssl_context = ssl.SSLContext
@@ -68,21 +66,7 @@  try:
                 raise util.Abort(_('ssl connection failed'))
             return sslsocket
 except ImportError:
-    CERT_REQUIRED = 2
-
-    import socket, httplib
-
-    def wrapsocket(sock, keyfile, certfile, ui,
-                   cert_reqs=CERT_REQUIRED,
-                   ca_certs=None, serverhostname=None):
-        if not util.safehasattr(socket, 'ssl'):
-            raise util.Abort(_('Python SSL support not found'))
-        if ca_certs:
-            raise util.Abort(_(
-                'certificate checking requires Python 2.6'))
-
-        ssl = socket.ssl(sock, keyfile, certfile)
-        return httplib.FakeSocket(sock, ssl)
+    raise
 
 def _verifycert(cert, hostname):
     '''Verify that cert (in socket.getpeercert() format) matches hostname.
@@ -123,9 +107,6 @@  def _verifycert(cert, hostname):
 
 # CERT_REQUIRED means fetch the cert from the server all the time AND
 # validate it against the CA store provided in web.cacerts.
-#
-# We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally
-# busted on those versions.
 
 def _plainapplepython():
     """return true if this seems to be a pure Apple Python that
@@ -183,17 +164,6 @@  class validator(object):
         host = self.host
         cacerts = self.ui.config('web', 'cacerts')
         hostfingerprint = self.ui.config('hostfingerprints', host)
-        if not getattr(sock, 'getpeercert', False): # python 2.5 ?
-            if hostfingerprint:
-                raise util.Abort(_("host fingerprint for %s can't be "
-                                   "verified (Python too old)") % host)
-            if strict:
-                raise util.Abort(_("certificate for %s can't be verified "
-                                   "(Python too old)") % host)
-            if self.ui.configbool('ui', 'reportoldssl', True):
-                self.ui.warn(_("warning: certificate for %s can't be verified "
-                               "(Python too old)\n") % host)
-            return
 
         if not sock.cipher(): # work around http://bugs.python.org/issue13721
             raise util.Abort(_('%s ssl connection error') % host)