Mercurial Mercurial > hg-stable / changelog
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | help
(0) -10000 -3000 -1000 -300 -100 -30 -10 -1 +1 +10 +30 +100 +300 +1000 +3000 +10000 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Wed, 29 Jun 2016 19:38:24 -0700 sslutil: don't load default certificates when they aren't relevant
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 29 Jun 2016 19:38:24 -0700] rev 29447
sslutil: don't load default certificates when they aren't relevant Before, we would call SSLContext.load_default_certs() when certificate verification wasn't being used. Since SSLContext.verify_mode == ssl.CERT_NONE, this would ideally no-op. However, there is a slim chance the loading of system certs could cause a failure. Furthermore, this behavior interfered with a future patch that aims to provide a more helpful error message when we're unable to load CAs. The lack of test fallout is hopefully a sign that our security code and tests are in a relatively good state.
(0) -10000 -3000 -1000 -300 -100 -30 -10 -1 +1 +10 +30 +100 +300 +1000 +3000 +10000 tip
hg-stable