# HG changeset patch # User Codarren Velvindron <codar...@hackers.mu> # Date 1521360069 -14400 # Sun Mar 18 12:01:09 2018 +0400 # Node ID a47713f3cc05fafceed9bc8086734ffed65d51a5 # Parent 2d5d3033ff4ea2aab42bcc14af4db2cd3bccc455 [PATCH] added tls 1.3 support -done during the IETF101 Hackathon
diff -r 2d5d3033ff4e -r a47713f3cc05 i18n/ja.po --- a/i18n/ja.po Thu Mar 15 11:19:16 2018 -0700 +++ b/i18n/ja.po Sun Mar 18 12:01:09 2018 +0400 @@ -21618,8 +21618,8 @@ " 指定が無い場合、 接続元/先の両方で使用可能な TLS バージョンから、\n" " 最新のものが採用されます。" -msgid " Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``." -msgstr " 指定可能な値は ``tls1.0``, ``tls1.1``, ``tls1.2`` です。" +msgid " Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``, ``tls1.3``." +msgstr " 指定可能な値は ``tls1.0``, ``tls1.1``, ``tls1.2``, ``tls1.3`` です。" msgid "" " When running on an old Python version, only ``tls1.0`` is allowed since\n" diff -r 2d5d3033ff4e -r a47713f3cc05 i18n/pt_BR.po --- a/i18n/pt_BR.po Thu Mar 15 11:19:16 2018 -0700 +++ b/i18n/pt_BR.po Sun Mar 18 12:01:09 2018 +0400 @@ -24854,8 +24854,8 @@ " Por padrão, será usado o maior nível de TLS suportado tanto\n" " pelo servidor como pelo cliente." -msgid " Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``." -msgstr " Os valores permitidos são: ``tls1.0``, ``tls1.1``, ``tls1.2``." +msgid " Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``, ``tls1.3``." +msgstr " Os valores permitidos são: ``tls1.0``, ``tls1.1``, ``tls1.2``, ``tls1.3``." msgid "" " When running on an old Python version, only ``tls1.0`` is allowed since\n" diff -r 2d5d3033ff4e -r a47713f3cc05 mercurial/help/config.txt --- a/mercurial/help/config.txt Thu Mar 15 11:19:16 2018 -0700 +++ b/mercurial/help/config.txt Sun Mar 18 12:01:09 2018 +0400 @@ -1163,7 +1163,7 @@ By default, the highest version of TLS supported by both client and server is used. - Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``. + Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``, ``tls1.3``. When running on an old Python version, only ``tls1.0`` is allowed since old versions of Python only support up to TLS 1.0. diff -r 2d5d3033ff4e -r a47713f3cc05 mercurial/sslutil.py --- a/mercurial/sslutil.py Thu Mar 15 11:19:16 2018 -0700 +++ b/mercurial/sslutil.py Sun Mar 18 12:01:09 2018 +0400 @@ -34,17 +34,20 @@ 'tls1.0', 'tls1.1', 'tls1.2', + 'tls1.3', } hassni = getattr(ssl, 'HAS_SNI', False) -# TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled +# TLS 1.1, 1.2 and 1.3 may not be supported if the OpenSSL Python is compiled # against doesn't support them. supportedprotocols = {'tls1.0'} if util.safehasattr(ssl, 'PROTOCOL_TLSv1_1'): supportedprotocols.add('tls1.1') if util.safehasattr(ssl, 'PROTOCOL_TLSv1_2'): supportedprotocols.add('tls1.2') +if util.safehasattr(ssl, 'PROTOCOL_TLSv1_3'): + supportedprotocols.add('tls1.3') try: # ssl.SSLContext was added in 2.7.9 and presence indicates modern @@ -289,7 +292,7 @@ # Despite its name, PROTOCOL_SSLv23 selects the highest protocol # that both ends support, including TLS protocols. On legacy stacks, # the highest it likely goes is TLS 1.0. On modern stacks, it can - # support TLS 1.2. + # support TLS 1.2 or 1.3. # # The PROTOCOL_TLSv* constants select a specific TLS version # only (as opposed to multiple versions). So the method for @@ -319,6 +322,8 @@ options |= ssl.OP_NO_TLSv1 elif protocol == 'tls1.2': options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 + elif protocol == 'tls1.3': + options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2 else: raise error.Abort(_('this should not happen')) @@ -537,6 +542,10 @@ if 'tls1.2' not in supportedprotocols: raise error.Abort(_('TLS 1.2 not supported by this Python')) protocol = ssl.PROTOCOL_TLSv1_2 + elif exactprotocol == 'tls1.3': + if 'tls1.3' not in supportedprotocols: + raise error.Abort(_('TLS 1.3 not supported by this Python')) + protocol = ssl.PROTOCOL_TLSv1_3 elif exactprotocol: raise error.Abort(_('invalid value for serverexactprotocol: %s') % exactprotocol) diff -r 2d5d3033ff4e -r a47713f3cc05 tests/hghave.py --- a/tests/hghave.py Thu Mar 15 11:19:16 2018 -0700 +++ b/tests/hghave.py Sun Mar 18 12:01:09 2018 +0400 @@ -523,6 +523,11 @@ from mercurial import sslutil return 'tls1.2' in sslutil.supportedprotocols +@check("tls1.3", "TLS 1.3 protocol support") +def has_tls1_3(): + from mercurial import sslutil + return 'tls1.3' in sslutil.supportedprotocols + @check("windows", "Windows") def has_windows(): return os.name == 'nt' _______________________________________________ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel