Mercurial > hg
view contrib/hgweb.fcgi @ 29500:4b16a5bd9948
sslutil: try to find CA certficates in well-known locations
Many Linux distros and other Nixen have CA certificates in well-defined
locations. Rather than potentially fail to load any CA certificates at
all (which will always result in a certificate verification failure),
we scan for paths to known CA certificate files and load one if seen.
Because a proper Mercurial install will have the path to the CA
certificate file defined at install time, we print a warning that
the install isn't proper and provide a URL with instructions to
correct things.
We only perform path-based fallback on Pythons that don't know
how to call into OpenSSL to load the default verify locations. This
is because we trust that Python/OpenSSL is properly configured
and knows better than Mercurial. So this new code effectively only
runs on Python <2.7.9 (technically Pythons without the modern ssl
module).
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Wed, 06 Jul 2016 21:16:00 -0700 |
parents | 85cba926cb59 |
children | 99e231afc29c |
line wrap: on
line source
#!/usr/bin/env python # # An example FastCGI script for use with flup, edit as necessary # Path to repo or hgweb config to serve (see 'hg help hgweb') config = "/path/to/repo/or/config" # Uncomment and adjust if Mercurial is not installed system-wide # (consult "installed modules" path from 'hg debuginstall'): #import sys; sys.path.insert(0, "/path/to/python/lib") # Uncomment to send python tracebacks to the browser if an error occurs: #import cgitb; cgitb.enable() from mercurial import demandimport; demandimport.enable() from mercurial.hgweb import hgweb from flup.server.fcgi import WSGIServer application = hgweb(config) WSGIServer(application).run()