Mercurial > hg
changeset 30228:b9f7b0c10027 stable
sslutil: guard against broken certifi installations (issue5406)
Certifi is currently incompatible with py2exe; the Python code for certifi gets
included in library.zip, but not the cacert.pem file - and even if it were
included, SSLContext can't load a cacert.pem file from library.zip.
This currently makes it impossible to build a standalone Windows version of
Mercurial.
Guard against this, and possibly other situations where a module with the name
"certifi" exists, but is not usable.
author | Gábor Stefanik <gabor.stefanik@nng.com> |
---|---|
date | Wed, 19 Oct 2016 18:06:14 +0200 |
parents | 5ee944b9c750 |
children | 69ffbbe73dd0 |
files | mercurial/sslutil.py |
diffstat | 1 files changed, 6 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Tue Oct 25 18:56:27 2016 +0200 +++ b/mercurial/sslutil.py Wed Oct 19 18:06:14 2016 +0200 @@ -690,14 +690,15 @@ We don't print a message when the Python is able to load default CA certs because this scenario is detected at socket connect time. """ - # The "certifi" Python package provides certificates. If it is installed, - # assume the user intends it to be used and use it. + # The "certifi" Python package provides certificates. If it is installed + # and usable, assume the user intends it to be used and use it. try: import certifi certs = certifi.where() - ui.debug('using ca certificates from certifi\n') - return certs - except ImportError: + if os.path.exists(certs): + ui.debug('using ca certificates from certifi\n') + return certs + except (ImportError, AttributeError): pass # On Windows, only the modern ssl module is capable of loading the system