sslutil: document the Apple OpenSSL cert trick
This is sort of documented in _plainapplypython()'s docstring. But
it helps to be explicit in security code.
--- a/mercurial/sslutil.py Mon Jul 04 09:58:45 2016 -0700
+++ b/mercurial/sslutil.py Mon Jul 04 10:00:56 2016 -0700
@@ -442,6 +442,9 @@
except ImportError:
pass
+ # Apple's OpenSSL has patches that allow a specially constructed certificate
+ # to load the system CA store. If we're running on Apple Python, use this
+ # trick.
if _plainapplepython():
dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
if os.path.exists(dummycert):