Mercurial > hg
comparison mercurial/sslutil.py @ 29486:a62c00f6dd04
sslutil: use certificates provided by certifi if available
The "certifi" Python package provides a distribution of the
Mozilla trusted CA certificates as a Python package. If it is
present, we assume the user intends it to be used and we use
it to provide the default CA certificates when certificates
are otherwise not configured.
It's worth noting that this behavior roughly matches the popular
"requests" package, which also attempts to use "certifi" if
present.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Mon, 04 Jul 2016 09:58:45 -0700 |
| parents | 53b7fc7cc2bb |
| children | cdcb5747dc88 |
comparison
equal
deleted
inserted
replaced
| 29485:6a98f9408a50 | 29486:a62c00f6dd04 |
|---|---|
| 430 return (exe.startswith('/usr/bin/python') or | 430 return (exe.startswith('/usr/bin/python') or |
| 431 exe.startswith('/system/library/frameworks/python.framework/')) | 431 exe.startswith('/system/library/frameworks/python.framework/')) |
| 432 | 432 |
| 433 def _defaultcacerts(ui): | 433 def _defaultcacerts(ui): |
| 434 """return path to default CA certificates or None.""" | 434 """return path to default CA certificates or None.""" |
| 435 # The "certifi" Python package provides certificates. If it is installed, | |
| 436 # assume the user intends it to be used and use it. | |
| 437 try: | |
| 438 import certifi | |
| 439 certs = certifi.where() | |
| 440 ui.debug('using ca certificates from certifi\n') | |
| 441 return certs | |
| 442 except ImportError: | |
| 443 pass | |
| 444 | |
| 435 if _plainapplepython(): | 445 if _plainapplepython(): |
| 436 dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') | 446 dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') |
| 437 if os.path.exists(dummycert): | 447 if os.path.exists(dummycert): |
| 438 return dummycert | 448 return dummycert |
| 439 | 449 |