wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1231192 - Only install host fingerprints if not running secure Python+hg; r=smacleod

Browse Source 
See inline comment.
This commit is contained in:
Gregory Szorc 2015-12-07 13:15:24 -08:00
parent cc44661455
commit f216fb3af5
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tools/mercurial/hgsetup/wizard.py
View File

@ -8,6 +8,7 @@ import difflib
import errno import errno
import os import os
import shutil import shutil
import ssl
import stat import stat
import sys import sys
import subprocess import subprocess
@ -466,7 +467,15 @@ class MercurialSetupWizard(object):
print('Cleaning up old repository: %s' % path) print('Cleaning up old repository: %s' % path)
shutil.rmtree(path) shutil.rmtree(path)
c.add_mozilla_host_fingerprints() # Python + Mercurial didn't have terrific TLS handling until Python
# 2.7.9 and Mercurial 3.4. For this reason, it was recommended to pin
# certificates in Mercurial config files. In modern versions of
# Mercurial, the system CA store is used and old, legacy TLS protocols
# are disabled. The default connection/security setting should
# be sufficient and pinning certificates is no longer needed.
have_modern_ssl = hasattr(ssl.SSLContext, 'load_default_certs')
if hg_version < LooseVersion('3.4') or not have_modern_ssl:
c.add_mozilla_host_fingerprints()
# References to multiple version-control-tools checkouts can confuse # References to multiple version-control-tools checkouts can confuse
# version-control-tools, since various Mercurial extensions resolve # version-control-tools, since various Mercurial extensions resolve