# HG changeset patch # User Gregory Szorc # Date 1469473255 25200 # Node ID 387bdd53c77e9f61bd7b0d491717440f7f57563a # Parent 67b180c0e2634971d8f7e0e31b00dc4bdc7768cc sslutil: work around SSLContext.get_ca_certs bug on Windows (issue5313) SSLContext.get_ca_certs() can raise "ssl.SSLError: unknown error (_ssl.c:636)" on Windows. See https://bugs.python.org/issue20916 for more info. We add a try..except that swallows the exception to work around this bug. If we encounter the bug, we won't print a warning message about attempting to load CA certificates. This is unfortunate. But there appears to be little we can do :/ diff -r 67b180c0e263 -r 387bdd53c77e mercurial/sslutil.py --- a/mercurial/sslutil.py Mon Jul 18 16:25:35 2016 -0500 +++ b/mercurial/sslutil.py Mon Jul 25 12:00:55 2016 -0700 @@ -409,12 +409,18 @@ # a hint to the user. # Only modern ssl module exposes SSLContext.get_ca_certs() so we can # only show this warning if modern ssl is available. - if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and - modernssl and not sslcontext.get_ca_certs()): - ui.warn(_('(an attempt was made to load CA certificates but none ' - 'were loaded; see ' - 'https://mercurial-scm.org/wiki/SecureConnections for ' - 'how to configure Mercurial to avoid this error)\n')) + # The exception handler is here because of + # https://bugs.python.org/issue20916. + try: + if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and + modernssl and not sslcontext.get_ca_certs()): + ui.warn(_('(an attempt was made to load CA certificates but ' + 'none were loaded; see ' + 'https://mercurial-scm.org/wiki/SecureConnections ' + 'for how to configure Mercurial to avoid this ' + 'error)\n')) + except ssl.SSLError: + pass # Try to print more helpful error messages for known failures. if util.safehasattr(e, 'reason'): # This error occurs when the client and server don't share a