Mercurial > hg
comparison tests/test-https.t @ 23042:2cd3fa4412dc
ssl: only use the dummy cert hack if using an Apple Python (issue4410)
The hack for using certificate store in addition to the provided CAs resides in
Apple's OpenSSL. Apple's own Pythons will use it, but other custom built
Pythons might use a custom built OpenSSL without that hack and will fail when
exposed to the dummy cacert introduced in d7f7f1860f00.
There do not seem to be a simple way to check from Python if we are using a
patched OpenSSL or if it is an Apple OpenSSL.
Instead, check if the Python executable resides in /usr/bin/python* or in
/System/Library/Frameworks/Python.framework/ and assume that all Pythons found
there will be native Pythons using the patched OpenSSL.
Custom built Pythons will not get the benefit of using the CAs from the
certificate store.
| author | Mads Kiilerich <madski@unity3d.com> |
|---|---|
| date | Fri, 17 Oct 2014 18:56:12 +0200 |
| parents | 7c13c9404c2c |
| children | bd72e75f09e7 |
comparison
equal
deleted
inserted
replaced
| 23041:a36625ef1f35 | 23042:2cd3fa4412dc |
|---|---|
| 113 abort: cannot start server at ':$HGPORT': Address already in use | 113 abort: cannot start server at ':$HGPORT': Address already in use |
| 114 [255] | 114 [255] |
| 115 #endif | 115 #endif |
| 116 $ cd .. | 116 $ cd .. |
| 117 | 117 |
| 118 OS X has a dummy CA cert that enables use of the system CA store | 118 OS X has a dummy CA cert that enables use of the system CA store when using |
| 119 Apple's OpenSSL. This trick do not work with plain OpenSSL. | |
| 119 | 120 |
| 120 $ DISABLEOSXDUMMYCERT= | 121 $ DISABLEOSXDUMMYCERT= |
| 121 #if osx | 122 #if osx |
| 122 $ hg clone https://localhost:$HGPORT/ copy-pull | 123 $ hg clone https://localhost:$HGPORT/ copy-pull |
| 123 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) | 124 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |