comparison hgext/acl.py @ 29288:7dee15dee53c

sslutil: add devel.disableloaddefaultcerts to disable CA loading There are various tests for behavior when CA certs aren't loaded. Previously, we would pass --insecure to disable loading of CA certs. This has worked up to this point because the error message for --insecure and no CAs loaded is the same. Upcoming commits will change the error message for --insecure and will change behavior when CAs aren't loaded. This commit introduces the ability to disable loading of CA certs by setting devel.disableloaddefaultcerts. This allows a testing backdoor to disable loading of CA certs even if system/default CA certs are available. The flag is purposefully not exposed to end-users because there should not be a need for this in the wild: certificate pinning and --insecure provide workarounds to disable cert loading/validation. Tests have been updated to use the new method. The variable used to disable CA certs has been renamed because the method is not OS X specific.
author Gregory Szorc <gregory.szorc@gmail.com>
date Wed, 01 Jun 2016 19:57:20 -0700
parents 032c4c2f802a
children d5883fd055c6
comparison
equal deleted inserted replaced
29287:fbccb334efe7 29288:7dee15dee53c