Mercurial > hg
comparison mercurial/sslutil.py @ 28848:e330db205b20
sslutil: move and document verify_mode assignment
Consolidating all the SSLContext options setting makes the code a
bit easier to read.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sun, 10 Apr 2016 10:59:45 -0700 |
| parents | 1eb0bd8adf39 |
| children | 1fde84d42f9c |
comparison
equal
deleted
inserted
replaced
| 28847:3e576fe66715 | 28848:e330db205b20 |
|---|---|
| 142 sslcontext = SSLContext(protocol) | 142 sslcontext = SSLContext(protocol) |
| 143 | 143 |
| 144 # This is a no-op on old Python. | 144 # This is a no-op on old Python. |
| 145 sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3 | 145 sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3 |
| 146 | 146 |
| 147 # This still works on our fake SSLContext. | |
| 148 sslcontext.verify_mode = cert_reqs | |
| 149 | |
| 147 if certfile is not None: | 150 if certfile is not None: |
| 148 def password(): | 151 def password(): |
| 149 f = keyfile or certfile | 152 f = keyfile or certfile |
| 150 return ui.getpass(_('passphrase for %s: ') % f, '') | 153 return ui.getpass(_('passphrase for %s: ') % f, '') |
| 151 sslcontext.load_cert_chain(certfile, keyfile, password) | 154 sslcontext.load_cert_chain(certfile, keyfile, password) |
| 152 sslcontext.verify_mode = cert_reqs | 155 |
| 153 if ca_certs is not None: | 156 if ca_certs is not None: |
| 154 sslcontext.load_verify_locations(cafile=ca_certs) | 157 sslcontext.load_verify_locations(cafile=ca_certs) |
| 155 else: | 158 else: |
| 156 # This is a no-op on old Python. | 159 # This is a no-op on old Python. |
| 157 sslcontext.load_default_certs() | 160 sslcontext.load_default_certs() |