Mercurial > hg-stable

changeset 29486:a62c00f6dd04

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: use certificates provided by certifi if available The "certifi" Python package provides a distribution of the Mozilla trusted CA certificates as a Python package. If it is present, we assume the user intends it to be used and we use it to provide the default CA certificates when certificates are otherwise not configured. It's worth noting that this behavior roughly matches the popular "requests" package, which also attempts to use "certifi" if present.
author Gregory Szorc <gregory.szorc@gmail.com>
date Mon, 04 Jul 2016 09:58:45 -0700
parents 6a98f9408a50
children cdcb5747dc88
files mercurial/sslutil.py
diffstat 1 files changed, 10 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/sslutil.py	Sun Jul 03 22:28:24 2016 +0530
+++ b/mercurial/sslutil.py	Mon Jul 04 09:58:45 2016 -0700
@@ -432,6 +432,16 @@
 
 def _defaultcacerts(ui):
     """return path to default CA certificates or None."""
+    # The "certifi" Python package provides certificates. If it is installed,
+    # assume the user intends it to be used and use it.
+    try:
+        import certifi
+        certs = certifi.where()
+        ui.debug('using ca certificates from certifi\n')
+        return certs
+    except ImportError:
+        pass
+
     if _plainapplepython():
         dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
         if os.path.exists(dummycert):