changeset 28848:e330db205b20

sslutil: move and document verify_mode assignment Consolidating all the SSLContext options setting makes the code a bit easier to read.
author Gregory Szorc <gregory.szorc@gmail.com>
date Sun, 10 Apr 2016 10:59:45 -0700
parents 3e576fe66715
children 1fde84d42f9c
files mercurial/sslutil.py
diffstat 1 files changed, 4 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/sslutil.py	Sun Apr 10 10:54:53 2016 -0700
+++ b/mercurial/sslutil.py	Sun Apr 10 10:59:45 2016 -0700
@@ -144,12 +144,15 @@
     # This is a no-op on old Python.
     sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3
 
+    # This still works on our fake SSLContext.
+    sslcontext.verify_mode = cert_reqs
+
     if certfile is not None:
         def password():
             f = keyfile or certfile
             return ui.getpass(_('passphrase for %s: ') % f, '')
         sslcontext.load_cert_chain(certfile, keyfile, password)
-    sslcontext.verify_mode = cert_reqs
+
     if ca_certs is not None:
         sslcontext.load_verify_locations(cafile=ca_certs)
     else: