commit c543b86c6dbdd1f3e1bfa442ca66be819476f65f
parent 5031e42f2aee94e8cc0f14e9cae0ecc2af1444c3
Author: Nick Mathewson <nickm@torproject.org>
Date: Tue, 23 Sep 2025 11:44:28 -0400
Bulletproof the "get_mozilla_ciphers" script
Reviewers have noted that the script's logic treats all "enabled"
flags in StaticPrefList.yaml (other than an explicit False) as True.
That's not so great, since the flag can also be a string, and we
don't necessarily want to treat all strings as meaning that a
ciphersuite is enabled. (Although we do in fact want to treat
the only string used in _current_ firefox git main that way.)
This change has no effect on the generated ciphers.inc.
Closes #41117.
ci
Diffstat:
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/scripts/codegen/get_mozilla_ciphers.py b/scripts/codegen/get_mozilla_ciphers.py
@@ -136,9 +136,13 @@ for entry in yaml_file:
used_ciphers = []
for k, v in enabled_ciphers.items():
- if v != False: # there are strings we want to allow.
-
+ if v in (True, "True", "true", "IS_NOT_EARLY_BETA_OR_EARLIER"):
used_ciphers.append(ciphers[k])
+ elif v == False:
+ pass
+ else:
+ print(f"Warning: unexpected value {v!r} for 'enabled'", file=sys.stderr)
+ sys.exit(1)
#oSSLinclude = ('/usr/include/openssl/ssl3.h', '/usr/include/openssl/ssl.h',
# '/usr/include/openssl/ssl2.h', '/usr/include/openssl/ssl23.h',
