--- a/mercurial/sslutil.py Fri Jul 07 08:55:12 2017 -0700
+++ b/mercurial/sslutil.py Mon Jul 10 21:09:46 2017 -0700
@@ -343,6 +343,13 @@
if not serverhostname:
raise error.Abort(_('serverhostname argument is required'))
+ for f in (keyfile, certfile):
+ if f and not os.path.exists(f):
+ raise error.Abort(_('certificate file (%s) does not exist; '
+ 'cannot connect to %s') % (f, serverhostname),
+ hint=_('restore missing file or fix references '
+ 'in Mercurial config'))
+
settings = _hostsettings(ui, serverhostname)
# We can't use ssl.create_default_context() because it calls
@@ -499,6 +506,13 @@
Typically ``cafile`` is only defined if ``requireclientcert`` is true.
"""
+ # This function is not used much by core Mercurial, so the error messaging
+ # doesn't have to be as detailed as for wrapsocket().
+ for f in (certfile, keyfile, cafile):
+ if f and not os.path.exists(f):
+ raise error.Abort(_('referenced certificate file (%s) does not '
+ 'exist') % f)
+
protocol, options, _protocolui = protocolsettings('tls1.0')
# This config option is intended for use in tests only. It is a giant