Mercurial Mercurial > hg / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mercurial/sslutil.py
changeset 29106 fe7ebef8796a
parent 29105 548e9c8c2841
child 29107 c8fbfb9163ce 
--- a/mercurial/sslutil.py	Thu May 05 00:31:11 2016 -0700
+++ b/mercurial/sslutil.py	Wed May 04 23:01:49 2016 -0700
@@ -249,17 +249,22 @@
     if cacerts == '!':
         return kws
 
+    # If a value is set in the config, validate against a path and load
+    # and require those certs.
     if cacerts:
         cacerts = util.expandpath(cacerts)
         if not os.path.exists(cacerts):
             raise error.Abort(_('could not find web.cacerts: %s') % cacerts)
-    else:
-        # CA certs aren't explicitly listed in the config. See if we can load
-        # defaults.
-        cacerts = _defaultcacerts()
-        if cacerts and cacerts != '!':
-            ui.debug('using %s to enable OS X system CA\n' % cacerts)
-        ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
+
+        kws.update({'ca_certs': cacerts,
+                    'cert_reqs': ssl.CERT_REQUIRED})
+        return kws
+
+    # No CAs in config. See if we can load defaults.
+    cacerts = _defaultcacerts()
+    if cacerts and cacerts != '!':
+        ui.debug('using %s to enable OS X system CA\n' % cacerts)
+    ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
 
     if cacerts != '!':
         kws.update({'ca_certs': cacerts,
Mercurial