Mercurial > hg
comparison mercurial/sslutil.py @ 29487:cdcb5747dc88
sslutil: document the Apple OpenSSL cert trick
This is sort of documented in _plainapplypython()'s docstring. But
it helps to be explicit in security code.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Mon, 04 Jul 2016 10:00:56 -0700 |
| parents | a62c00f6dd04 |
| children | 1c26b9ce66f8 |
comparison
equal
deleted
inserted
replaced
| 29486:a62c00f6dd04 | 29487:cdcb5747dc88 |
|---|---|
| 440 ui.debug('using ca certificates from certifi\n') | 440 ui.debug('using ca certificates from certifi\n') |
| 441 return certs | 441 return certs |
| 442 except ImportError: | 442 except ImportError: |
| 443 pass | 443 pass |
| 444 | 444 |
| 445 # Apple's OpenSSL has patches that allow a specially constructed certificate | |
| 446 # to load the system CA store. If we're running on Apple Python, use this | |
| 447 # trick. | |
| 445 if _plainapplepython(): | 448 if _plainapplepython(): |
| 446 dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') | 449 dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') |
| 447 if os.path.exists(dummycert): | 450 if os.path.exists(dummycert): |
| 448 return dummycert | 451 return dummycert |
| 449 | 452 |