Mercurial > hg-stable
changeset 29105:548e9c8c2841
sslutil: document and slightly refactor sslkwargs
This will help me and any reviewers keep sane as this code
is refactored.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Thu, 05 May 2016 00:31:11 -0700 |
parents | b207653ada10 |
children | fe7ebef8796a |
files | mercurial/sslutil.py |
diffstat | 1 files changed, 15 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Fri May 06 11:31:29 2016 -0400 +++ b/mercurial/sslutil.py Thu May 05 00:31:11 2016 -0700 @@ -232,22 +232,35 @@ return '!' def sslkwargs(ui, host): + """Determine arguments to pass to wrapsocket(). + + ``host`` is the hostname being connected to. + """ kws = {'ui': ui} + + # If a host key fingerprint is on file, it is the only thing that matters + # and CA certs don't come into play. hostfingerprint = ui.config('hostfingerprints', host) if hostfingerprint: return kws + + # dispatch sets web.cacerts=! when --insecure is used. cacerts = ui.config('web', 'cacerts') if cacerts == '!': - pass - elif cacerts: + return kws + + if cacerts: cacerts = util.expandpath(cacerts) if not os.path.exists(cacerts): raise error.Abort(_('could not find web.cacerts: %s') % cacerts) else: + # CA certs aren't explicitly listed in the config. See if we can load + # defaults. cacerts = _defaultcacerts() if cacerts and cacerts != '!': ui.debug('using %s to enable OS X system CA\n' % cacerts) ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') + if cacerts != '!': kws.update({'ca_certs': cacerts, 'cert_reqs': ssl.CERT_REQUIRED,