sslutil: move code examining _canloaddefaultcerts out of _defaultcacerts
Before, the return of _defaultcacerts() was 1 of 3 types. This was
difficult to read. Make it return a path or None.
We had to update hghave.py in the same patch because it was also
looking at this internal function. I wasted dozens of minutes
trying to figure out why tests were failing until I found the
code in hghave.py...
--- a/mercurial/sslutil.py Wed May 04 23:01:49 2016 -0700
+++ b/mercurial/sslutil.py Wed May 04 23:38:34 2016 -0700
@@ -222,14 +222,13 @@
exe.startswith('/system/library/frameworks/python.framework/'))
def _defaultcacerts():
- """return path to CA certificates; None for system's store; ! to disable"""
+ """return path to default CA certificates or None."""
if _plainapplepython():
dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
if os.path.exists(dummycert):
return dummycert
- if _canloaddefaultcerts:
- return None
- return '!'
+
+ return None
def sslkwargs(ui, host):
"""Determine arguments to pass to wrapsocket().
@@ -262,8 +261,12 @@
# No CAs in config. See if we can load defaults.
cacerts = _defaultcacerts()
- if cacerts and cacerts != '!':
+ if cacerts:
ui.debug('using %s to enable OS X system CA\n' % cacerts)
+ else:
+ if not _canloaddefaultcerts:
+ cacerts = '!'
+
ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
if cacerts != '!':
--- a/tests/hghave.py Wed May 04 23:01:49 2016 -0700
+++ b/tests/hghave.py Wed May 04 23:38:34 2016 -0700
@@ -416,7 +416,7 @@
@check("defaultcacerts", "can verify SSL certs by system's CA certs store")
def has_defaultcacerts():
from mercurial import sslutil
- return sslutil._defaultcacerts() != '!'
+ return sslutil._defaultcacerts() or sslutil._canloaddefaultcerts
@check("windows", "Windows")
def has_windows():