sslutil: clarify internal documentation
I ran into this python issue with an incomplete certificate chain on Windows
recently, and this is the clarification that came from that experimenting. The
comment I left on the bug tracker [1] with a reference to the CPython code [2]
indicates that the original problem I had is a different bug, but happened to
be mentioned under
issue20916 on the Python bug tracker.
[1] https://bz.mercurial-scm.org/show_bug.cgi?id=5313#c7
[2] https://hg.python.org/cpython/file/v2.7.12/Modules/_ssl.c#l628
--- a/mercurial/sslutil.py Wed Mar 29 16:28:51 2017 -0700
+++ b/mercurial/sslutil.py Wed Mar 29 09:54:34 2017 -0400
@@ -414,8 +414,10 @@
# a hint to the user.
# Only modern ssl module exposes SSLContext.get_ca_certs() so we can
# only show this warning if modern ssl is available.
- # The exception handler is here because of
- # https://bugs.python.org/issue20916.
+ # The exception handler is here to handle bugs around cert attributes:
+ # https://bugs.python.org/issue20916#msg213479. (See issues5313.)
+ # When the main 20916 bug occurs, 'sslcontext.get_ca_certs()' is a
+ # non-empty list, but the following conditional is otherwise True.
try:
if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and
modernssl and not sslcontext.get_ca_certs()):