Mercurial > hg
changeset 29537:5f8b36d5a6ec
sslutil: add assertion to prevent accidental CA usage on Windows
Yuya suggested we add this check to ensure we don't accidentally try
to load user-writable paths on Windows if we change the control
flow of this function later.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Wed, 13 Jul 2016 19:33:52 -0700 |
| parents | b17a6e3cd2ac |
| children | df7d8ea90695 |
| files | mercurial/sslutil.py |
| diffstat | 1 files changed, 5 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Wed Jul 13 16:16:18 2016 +0100 +++ b/mercurial/sslutil.py Wed Jul 13 19:33:52 2016 -0700 @@ -499,6 +499,11 @@ 'how to configure Mercurial to avoid this message)\n')) return None + # / is writable on Windows. Out of an abundance of caution make sure + # we're not on Windows because paths from _systemcacerts could be installed + # by non-admin users. + assert os.name != 'nt' + # Try to find CA certificates in well-known locations. We print a warning # when using a found file because we don't want too much silent magic # for security settings. The expectation is that proper Mercurial