Mercurial > hg
changeset 29631:387bdd53c77e stable
sslutil: work around SSLContext.get_ca_certs bug on Windows (issue5313)
SSLContext.get_ca_certs() can raise
"ssl.SSLError: unknown error (_ssl.c:636)" on Windows. See
https://bugs.python.org/issue20916 for more info.
We add a try..except that swallows the exception to work around
this bug. If we encounter the bug, we won't print a warning
message about attempting to load CA certificates. This is
unfortunate. But there appears to be little we can do :/
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Mon, 25 Jul 2016 12:00:55 -0700 |
| parents | 67b180c0e263 |
| children | 53e2c979e4cd |
| files | mercurial/sslutil.py |
| diffstat | 1 files changed, 12 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Mon Jul 18 16:25:35 2016 -0500 +++ b/mercurial/sslutil.py Mon Jul 25 12:00:55 2016 -0700 @@ -409,12 +409,18 @@ # a hint to the user. # Only modern ssl module exposes SSLContext.get_ca_certs() so we can # only show this warning if modern ssl is available. - if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and - modernssl and not sslcontext.get_ca_certs()): - ui.warn(_('(an attempt was made to load CA certificates but none ' - 'were loaded; see ' - 'https://mercurial-scm.org/wiki/SecureConnections for ' - 'how to configure Mercurial to avoid this error)\n')) + # The exception handler is here because of + # https://bugs.python.org/issue20916. + try: + if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and + modernssl and not sslcontext.get_ca_certs()): + ui.warn(_('(an attempt was made to load CA certificates but ' + 'none were loaded; see ' + 'https://mercurial-scm.org/wiki/SecureConnections ' + 'for how to configure Mercurial to avoid this ' + 'error)\n')) + except ssl.SSLError: + pass # Try to print more helpful error messages for known failures. if util.safehasattr(e, 'reason'): # This error occurs when the client and server don't share a