# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1462433745 25200
# Node ID 843df550b46593bca3ff8200feaef609e0058e0d
# Parent  b197e2aba703965ee34605e994bf0b673dc861fc
sslutil: check for ui.insecureconnections in sslkwargs

The end result of this function is the same. We now have a more
explicit return branch.

We still keep the old code looking at web.cacerts=! a few lines
below because we're still setting web.cacerts=! and need to react
to the variable. This will be removed in an upcoming patch.

diff -r b197e2aba703 -r 843df550b465 mercurial/sslutil.py
--- a/mercurial/sslutil.py	Thu May 05 00:34:22 2016 -0700
+++ b/mercurial/sslutil.py	Thu May 05 00:35:45 2016 -0700
@@ -243,8 +243,13 @@
     if hostfingerprint:
         return kws
 
-    # dispatch sets web.cacerts=! when --insecure is used.
+    # The code below sets up CA verification arguments. If --insecure is
+    # used, we don't take CAs into consideration, so return early.
+    if ui.insecureconnections:
+        return kws
+
     cacerts = ui.config('web', 'cacerts')
+    # TODO remove check when we stop setting this config.
     if cacerts == '!':
         return kws