Mercurial > hg

diff tests/hghave.py @ 29481:5caa415aa48b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests: better testing of loaded certificates Tests were failing on systems like RHEL 7 where loading the system certificates results in CA certs being reported to Python. We add a feature that detects when we're able to load *and detect* the loading of system certificates. We update the tests to cover the 3 scenarios: 1) system CAs are loadable and detected 2) system CAs are loadable but not detected 3) system CAs aren't loadable
author Gregory Szorc <gregory.szorc@gmail.com>
date Fri, 01 Jul 2016 19:27:34 -0700
parents 47eab0cb72e3
children 918dce4b8c26
line wrap: on
line diff
--- a/tests/hghave.py	Fri Jul 01 17:42:55 2016 +0200
+++ b/tests/hghave.py	Fri Jul 01 19:27:34 2016 -0700
@@ -418,6 +418,25 @@
     from mercurial import sslutil
     return sslutil._defaultcacerts() or sslutil._canloaddefaultcerts
 
+@check("defaultcacertsloaded", "detected presence of loaded system CA certs")
+def has_defaultcacertsloaded():
+    import ssl
+    from mercurial import sslutil
+
+    if not has_defaultcacerts():
+        return False
+    if not has_sslcontext():
+        return False
+
+    cafile = sslutil._defaultcacerts()
+    ctx = ssl.create_default_context()
+    if cafile:
+        ctx.load_verify_locations(cafile=cafile)
+    else:
+        ctx.load_default_certs()
+
+    return len(ctx.get_ca_certs()) > 0
+
 @check("windows", "Windows")
 def has_windows():
     return os.name == 'nt'