Mercurial > hg
comparison mercurial/sslutil.py @ 29537:5f8b36d5a6ec
sslutil: add assertion to prevent accidental CA usage on Windows
Yuya suggested we add this check to ensure we don't accidentally try
to load user-writable paths on Windows if we change the control
flow of this function later.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Wed, 13 Jul 2016 19:33:52 -0700 |
| parents | d65ec41b6384 |
| children | 4a7b0c696fbc |
comparison
equal
deleted
inserted
replaced
| 29536:b17a6e3cd2ac | 29537:5f8b36d5a6ec |
|---|---|
| 497 ui.warn(_('(unable to load CA certificates; see ' | 497 ui.warn(_('(unable to load CA certificates; see ' |
| 498 'https://mercurial-scm.org/wiki/SecureConnections for ' | 498 'https://mercurial-scm.org/wiki/SecureConnections for ' |
| 499 'how to configure Mercurial to avoid this message)\n')) | 499 'how to configure Mercurial to avoid this message)\n')) |
| 500 return None | 500 return None |
| 501 | 501 |
| 502 # / is writable on Windows. Out of an abundance of caution make sure | |
| 503 # we're not on Windows because paths from _systemcacerts could be installed | |
| 504 # by non-admin users. | |
| 505 assert os.name != 'nt' | |
| 506 | |
| 502 # Try to find CA certificates in well-known locations. We print a warning | 507 # Try to find CA certificates in well-known locations. We print a warning |
| 503 # when using a found file because we don't want too much silent magic | 508 # when using a found file because we don't want too much silent magic |
| 504 # for security settings. The expectation is that proper Mercurial | 509 # for security settings. The expectation is that proper Mercurial |
| 505 # installs will have the CA certs path defined at install time and the | 510 # installs will have the CA certs path defined at install time and the |
| 506 # installer/packager will make an appropriate decision on the user's | 511 # installer/packager will make an appropriate decision on the user's |