413 except (ImportError, AttributeError): |
413 except (ImportError, AttributeError): |
414 return False |
414 return False |
415 |
415 |
416 @check("defaultcacerts", "can verify SSL certs by system's CA certs store") |
416 @check("defaultcacerts", "can verify SSL certs by system's CA certs store") |
417 def has_defaultcacerts(): |
417 def has_defaultcacerts(): |
418 from mercurial import sslutil |
418 from mercurial import sslutil, ui as uimod |
419 return sslutil._defaultcacerts() or sslutil._canloaddefaultcerts |
419 ui = uimod.ui() |
|
420 return sslutil._defaultcacerts(ui) or sslutil._canloaddefaultcerts |
420 |
421 |
421 @check("defaultcacertsloaded", "detected presence of loaded system CA certs") |
422 @check("defaultcacertsloaded", "detected presence of loaded system CA certs") |
422 def has_defaultcacertsloaded(): |
423 def has_defaultcacertsloaded(): |
423 import ssl |
424 import ssl |
424 from mercurial import sslutil |
425 from mercurial import sslutil, ui as uimod |
425 |
426 |
426 if not has_defaultcacerts(): |
427 if not has_defaultcacerts(): |
427 return False |
428 return False |
428 if not has_sslcontext(): |
429 if not has_sslcontext(): |
429 return False |
430 return False |
430 |
431 |
431 cafile = sslutil._defaultcacerts() |
432 ui = uimod.ui() |
|
433 cafile = sslutil._defaultcacerts(ui) |
432 ctx = ssl.create_default_context() |
434 ctx = ssl.create_default_context() |
433 if cafile: |
435 if cafile: |
434 ctx.load_verify_locations(cafile=cafile) |
436 ctx.load_verify_locations(cafile=cafile) |
435 else: |
437 else: |
436 ctx.load_default_certs() |
438 ctx.load_default_certs() |