sslutil: don't attempt to find default CA certs file when told not to
Before, devel.disableloaddefaultcerts only impacted the loading of
default certs via SSLContext. After this patch, the config option also
prevents sslutil._defaultcacerts() from being called.
This config option is meant to be used by tests to force no CA certs
to be loaded. Future patches will enable _defaultcacerts() to have
success more often. Without this change we can't reliably test the
failure to load CA certs. (This patch also likely fixes test failures
on some OS X configurations.)
--- a/mercurial/sslutil.py Fri Jul 01 19:04:39 2016 -0700
+++ b/mercurial/sslutil.py Fri Jul 01 19:17:45 2016 -0700
@@ -195,7 +195,7 @@
if not os.path.exists(cafile):
raise error.Abort(_('could not find web.cacerts: %s') %
cafile)
- else:
+ elif s['allowloaddefaultcerts']:
# CAs not defined in config. Try to find system bundles.
cafile = _defaultcacerts(ui)
if cafile: