Mercurial Mercurial > hg / changelog
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | zip | gz | bz2 | help
(0) -10000 -3000 -1000 -300 -100 -30 -10 -7 +7 +10 +30 +100 +300 +1000 +3000 +10000 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Thu, 05 May 2016 00:37:28 -0700 sslutil: handle ui.insecureconnections in validator
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 00:37:28 -0700] rev 29112
sslutil: handle ui.insecureconnections in validator Right now, web.cacerts=! means one of two things: 1) Use of --insecure 2) No CAs could be found and were loaded (see sslkwargs) This isn't very obvious and makes changing behavior of these different scenarios independent of the other impossible. This patch changes the validator code to explicit handle the case of --insecure being used. As the inline comment indicates, there is room to possibly change messaging and logic here. For now, we are backwards compatible.
Thu, 05 May 2016 00:35:45 -0700 sslutil: check for ui.insecureconnections in sslkwargs
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 00:35:45 -0700] rev 29111
sslutil: check for ui.insecureconnections in sslkwargs The end result of this function is the same. We now have a more explicit return branch. We still keep the old code looking at web.cacerts=! a few lines below because we're still setting web.cacerts=! and need to react to the variable. This will be removed in an upcoming patch.
Thu, 05 May 2016 00:34:22 -0700 dispatch: set ui.insecureconnections when --insecure is used
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 00:34:22 -0700] rev 29110
dispatch: set ui.insecureconnections when --insecure is used
Thu, 05 May 2016 00:33:38 -0700 ui: add an instance flag to hold --insecure bit
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 00:33:38 -0700] rev 29109
ui: add an instance flag to hold --insecure bit Currently, when --insecure is used we set web.cacerts=! and socket validation takes this value into account. web.cacerts=! is not documented AFAICT and is purely an internal implementation detail. Let's be more explicit about what is going on by introducing a dedicated variable outside of the config values to track that --insecure is used.
Thu, 05 May 2016 00:32:43 -0700 sslutil: make sslkwargs code even more explicit
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 05 May 2016 00:32:43 -0700] rev 29108
sslutil: make sslkwargs code even more explicit The ways in which this code can interact with socket wrapping and validation later are mind numbing. This patch helps make it even more clear. The end behavior should be identical.
Wed, 04 May 2016 23:38:34 -0700 sslutil: move code examining _canloaddefaultcerts out of _defaultcacerts
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 04 May 2016 23:38:34 -0700] rev 29107
sslutil: move code examining _canloaddefaultcerts out of _defaultcacerts Before, the return of _defaultcacerts() was 1 of 3 types. This was difficult to read. Make it return a path or None. We had to update hghave.py in the same patch because it was also looking at this internal function. I wasted dozens of minutes trying to figure out why tests were failing until I found the code in hghave.py...
Wed, 04 May 2016 23:01:49 -0700 sslutil: further refactor sslkwargs
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 04 May 2016 23:01:49 -0700] rev 29106
sslutil: further refactor sslkwargs The logic here and what happens with web.cacerts is mind numbing. Make the code even more explicit.
(0) -10000 -3000 -1000 -300 -100 -30 -10 -7 +7 +10 +30 +100 +300 +1000 +3000 +10000 tip
Mercurial