sslutil: check for missing certificate and key files (issue5598)
Currently, sslutil._hostsettings() performs validation that web.cacerts
exists. However, client certificates are passed in to the function
and not all callers may validate them. This includes
httpconnection.readauthforuri(), which loads the [auth] section.
If a missing file is specified, the ssl module will raise a generic
IOException. And, it doesn't even give us the courtesy of telling
us which file is missing! Mercurial then prints a generic
"abort: No such file or directory" (or similar) error, leaving users
to scratch their head as to what file is missing.
This commit introduces explicit validation of all paths passed as
arguments to wrapsocket() and wrapserversocket(). Any missing file
is alerted about explicitly.
We should probably catch missing files earlier - as part of loading
the [auth] section. However, I think the sslutil functions should
check for file presence regardless of what callers do because that's
the only way to be sure that missing files are always detected.
cHg
===
A fast client for Mercurial command server running on Unix.
Install:
$ make
$ make install
Usage:
$ chg help # show help of Mercurial
$ alias hg=chg # replace hg command
$ chg --kill-chg-daemon # terminate background server
Environment variables:
Although cHg tries to update environment variables, some of them cannot be
changed after spawning the server. The following variables are specially
handled:
* configuration files are reloaded automatically by default.
* CHGHG or HG specifies the path to the hg executable spawned as the
background command server.
The following variables are available for testing:
* CHGDEBUG enables debug messages.
* CHGSOCKNAME specifies the socket path of the background cmdserver.
* CHGTIMEOUT specifies how many seconds chg will wait before giving up
connecting to a cmdserver. If it is 0, chg will wait forever. Default: 60