sslutil: don't load default certificates when they aren't relevant Before, we would call SSLContext.load_default_certs() when certificate verification wasn't being used. Since SSLContext.verify_mode == ssl.CERT_NONE, this would ideally no-op. However, there is a slim chance the loading of system certs could cause a failure. Furthermore, this behavior interfered with a future patch that aims to provide a more helpful error message when we're unable to load CAs. The lack of test fallout is hopefully a sign that our security code and tests are in a relatively good state.

#require serve killdaemons

#if windows
  $ hg clone http://localhost:$HGPORT/ copy
  abort: * (glob)
  [255]
#else
  $ hg clone http://localhost:$HGPORT/ copy
  abort: error: Connection refused
  [255]
#endif

  $ test -d copy
  [1]

  $ python "$TESTDIR/dumbhttp.py" -p $HGPORT --pid dumb.pid
  $ cat dumb.pid >> $DAEMON_PIDS
  $ hg clone http://localhost:$HGPORT/foo copy2
  abort: HTTP Error 404: * (glob)
  [255]
  $ killdaemons.py