Mercurial > hg-stable
view .hgignore @ 29113:5b9577edf745
sslutil: use CA loaded state to drive validation logic
Until now, sslkwargs may set web.cacerts=! to indicate
that system certs could not be found. This is really
obtuse because sslkwargs effectively sets state on a global
object which bypasses wrapsocket() and is later consulted
by validator.__call__. This is madness.
This patch introduces an attribute on the wrapped socket
instance indicating whether system CAs were loaded. We
can set this directly inside wrapsocket() because that
function knows everything that sslkwargs() does - and more.
With this attribute set on the socket, we refactor
validator.__call__ to use it.
Since we no longer have a need for setting web.cacerts=!
in sslkwargs, we remove that.
I think the new logic is much easier to understand and will
enable behavior to be changed more easily.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Thu, 05 May 2016 00:38:18 -0700 |
| parents | e63dfbbdbd07 |
| children | cff0f5926797 |
line wrap: on
line source
syntax: glob *.elc *.tmp *.orig *.rej *~ *.mergebackup *.o *.so *.dll *.exe *.pyd *.pyc *.pyo *$py.class *.swp *.prof *.zip \#*\# .\#* tests/.coverage* tests/.testtimes* tests/.hypothesis tests/hypothesis-generated tests/annotated tests/*.err tests/htmlcov build contrib/chg/chg contrib/hgsh/hgsh contrib/vagrant/.vagrant contrib/docker/ubuntu-* dist packages doc/common.txt doc/*.[0-9] doc/*.[0-9].txt doc/*.[0-9].gendoc.txt doc/*.[0-9].{x,ht}ml MANIFEST MANIFEST.in patches mercurial/__modulepolicy__.py mercurial/__version__.py mercurial/hgpythonlib.h mercurial.egg-info .DS_Store tags cscope.* .idea/* i18n/hg.pot locale/*/LC_MESSAGES/hg.mo hgext/__index__.py # files installed with a local --pure build mercurial/base85.py mercurial/bdiff.py mercurial/diffhelpers.py mercurial/mpatch.py mercurial/osutil.py mercurial/parsers.py syntax: regexp ^\.pc/ ^\.(pydev)?project # hackable windows distribution additions ^hg-python ^hg.py$