Mercurial > hg
comparison mercurial/sslutil.py @ 29105:548e9c8c2841
sslutil: document and slightly refactor sslkwargs
This will help me and any reviewers keep sane as this code
is refactored.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Thu, 05 May 2016 00:31:11 -0700 |
| parents | 693b856a4d45 |
| children | fe7ebef8796a |
comparison
equal
deleted
inserted
replaced
| 29104:b207653ada10 | 29105:548e9c8c2841 |
|---|---|
| 230 if _canloaddefaultcerts: | 230 if _canloaddefaultcerts: |
| 231 return None | 231 return None |
| 232 return '!' | 232 return '!' |
| 233 | 233 |
| 234 def sslkwargs(ui, host): | 234 def sslkwargs(ui, host): |
| 235 """Determine arguments to pass to wrapsocket(). | |
| 236 | |
| 237 ``host`` is the hostname being connected to. | |
| 238 """ | |
| 235 kws = {'ui': ui} | 239 kws = {'ui': ui} |
| 240 | |
| 241 # If a host key fingerprint is on file, it is the only thing that matters | |
| 242 # and CA certs don't come into play. | |
| 236 hostfingerprint = ui.config('hostfingerprints', host) | 243 hostfingerprint = ui.config('hostfingerprints', host) |
| 237 if hostfingerprint: | 244 if hostfingerprint: |
| 238 return kws | 245 return kws |
| 246 | |
| 247 # dispatch sets web.cacerts=! when --insecure is used. | |
| 239 cacerts = ui.config('web', 'cacerts') | 248 cacerts = ui.config('web', 'cacerts') |
| 240 if cacerts == '!': | 249 if cacerts == '!': |
| 241 pass | 250 return kws |
| 242 elif cacerts: | 251 |
| 252 if cacerts: | |
| 243 cacerts = util.expandpath(cacerts) | 253 cacerts = util.expandpath(cacerts) |
| 244 if not os.path.exists(cacerts): | 254 if not os.path.exists(cacerts): |
| 245 raise error.Abort(_('could not find web.cacerts: %s') % cacerts) | 255 raise error.Abort(_('could not find web.cacerts: %s') % cacerts) |
| 246 else: | 256 else: |
| 257 # CA certs aren't explicitly listed in the config. See if we can load | |
| 258 # defaults. | |
| 247 cacerts = _defaultcacerts() | 259 cacerts = _defaultcacerts() |
| 248 if cacerts and cacerts != '!': | 260 if cacerts and cacerts != '!': |
| 249 ui.debug('using %s to enable OS X system CA\n' % cacerts) | 261 ui.debug('using %s to enable OS X system CA\n' % cacerts) |
| 250 ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') | 262 ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') |
| 263 | |
| 251 if cacerts != '!': | 264 if cacerts != '!': |
| 252 kws.update({'ca_certs': cacerts, | 265 kws.update({'ca_certs': cacerts, |
| 253 'cert_reqs': ssl.CERT_REQUIRED, | 266 'cert_reqs': ssl.CERT_REQUIRED, |
| 254 }) | 267 }) |
| 255 return kws | 268 return kws |