sslutil: don't attempt to find default CA certs file when told not to
authorGregory Szorc <gregory.szorc@gmail.com>
Fri, 01 Jul 2016 19:17:45 -0700
changeset 29484 53b7fc7cc2bb
parent 29483 918dce4b8c26
child 29485 6a98f9408a50
sslutil: don't attempt to find default CA certs file when told not to Before, devel.disableloaddefaultcerts only impacted the loading of default certs via SSLContext. After this patch, the config option also prevents sslutil._defaultcacerts() from being called. This config option is meant to be used by tests to force no CA certs to be loaded. Future patches will enable _defaultcacerts() to have success more often. Without this change we can't reliably test the failure to load CA certs. (This patch also likely fixes test failures on some OS X configurations.)
mercurial/sslutil.py
--- a/mercurial/sslutil.py	Fri Jul 01 19:04:39 2016 -0700
+++ b/mercurial/sslutil.py	Fri Jul 01 19:17:45 2016 -0700
@@ -195,7 +195,7 @@
                 if not os.path.exists(cafile):
                     raise error.Abort(_('could not find web.cacerts: %s') %
                                       cafile)
-            else:
+            elif s['allowloaddefaultcerts']:
                 # CAs not defined in config. Try to find system bundles.
                 cafile = _defaultcacerts(ui)
                 if cafile: