changeset 29484:53b7fc7cc2bb

sslutil: don't attempt to find default CA certs file when told not to Before, devel.disableloaddefaultcerts only impacted the loading of default certs via SSLContext. After this patch, the config option also prevents sslutil._defaultcacerts() from being called. This config option is meant to be used by tests to force no CA certs to be loaded. Future patches will enable _defaultcacerts() to have success more often. Without this change we can't reliably test the failure to load CA certs. (This patch also likely fixes test failures on some OS X configurations.)
author Gregory Szorc <gregory.szorc@gmail.com>
date Fri, 01 Jul 2016 19:17:45 -0700
parents 918dce4b8c26
children 6a98f9408a50
files mercurial/sslutil.py
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/sslutil.py	Fri Jul 01 19:04:39 2016 -0700
+++ b/mercurial/sslutil.py	Fri Jul 01 19:17:45 2016 -0700
@@ -195,7 +195,7 @@
                 if not os.path.exists(cafile):
                     raise error.Abort(_('could not find web.cacerts: %s') %
                                       cafile)
-            else:
+            elif s['allowloaddefaultcerts']:
                 # CAs not defined in config. Try to find system bundles.
                 cafile = _defaultcacerts(ui)
                 if cafile: