Mercurial > hg
comparison mercurial/sslutil.py @ 29484:53b7fc7cc2bb
sslutil: don't attempt to find default CA certs file when told not to
Before, devel.disableloaddefaultcerts only impacted the loading of
default certs via SSLContext. After this patch, the config option also
prevents sslutil._defaultcacerts() from being called.
This config option is meant to be used by tests to force no CA certs
to be loaded. Future patches will enable _defaultcacerts() to have
success more often. Without this change we can't reliably test the
failure to load CA certs. (This patch also likely fixes test failures
on some OS X configurations.)
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Fri, 01 Jul 2016 19:17:45 -0700 |
| parents | 918dce4b8c26 |
| children | a62c00f6dd04 |
comparison
equal
deleted
inserted
replaced
| 29483:918dce4b8c26 | 29484:53b7fc7cc2bb |
|---|---|
| 193 if cafile: | 193 if cafile: |
| 194 cafile = util.expandpath(cafile) | 194 cafile = util.expandpath(cafile) |
| 195 if not os.path.exists(cafile): | 195 if not os.path.exists(cafile): |
| 196 raise error.Abort(_('could not find web.cacerts: %s') % | 196 raise error.Abort(_('could not find web.cacerts: %s') % |
| 197 cafile) | 197 cafile) |
| 198 else: | 198 elif s['allowloaddefaultcerts']: |
| 199 # CAs not defined in config. Try to find system bundles. | 199 # CAs not defined in config. Try to find system bundles. |
| 200 cafile = _defaultcacerts(ui) | 200 cafile = _defaultcacerts(ui) |
| 201 if cafile: | 201 if cafile: |
| 202 ui.debug('using %s for CA file\n' % cafile) | 202 ui.debug('using %s for CA file\n' % cafile) |
| 203 | 203 |