##// END OF EJS Templates
win32: add a method to trigger the Crypto API to complete a certificate chain...
win32: add a method to trigger the Crypto API to complete a certificate chain I started a thread[1] on the mailing list awhile ago, but the short version is that Windows doesn't ship with a full list of certificates[2]. Even if the server sends the whole chain, if Windows doesn't have the appropriate certificate pre-installed in its "Third-Party Root Certification Authorities" store, connections mysteriously fail with: abort: error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) Windows expects the application to call the methods invoked here as part of the certificate verification, triggering a call out to Windows update if necessary, to complete the trust chain. The python bug to add this support[3] hasn't had any recent activity, and isn't targeting py27 anyway. The only work around that I could find (besides figuring out the certificate and walking through the import wizard) is to browse to the site in Internet Explorer. Opening the page with FireFox or Chrome didn't work. That's a pretty obscure way to fix a pretty obscure problem. We go to great lengths to demystify various SSL errors, but this case is clearly lacking. Let's try to make things easier to diagnose and fix. When I had trouble figuring out how to get ctypes to work with all of the API pointers, I found that there are other python projects[4] using this API to achieve the same thing. [1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-April/096501.html [2] https://support.microsoft.com/en-us/help/931125/how-to-get-a-root-certificate-update-for-windows [3] https://bugs.python.org/issue20916 [4] https://github.com/nvaccess/nvda/blob/3b86bce2066b1934df14b96f2e83369900860ecf/source/updateCheck.py#L511

File last commit:

r33429:7a15cae3 default
r33492:14af0439 default
Show More
fsmonitor
38 lines | 992 B | text/plain | TextLexer
Martijn Pieters
fsmonitor: new experimental extension...
r28433 # Blacklist for a full testsuite run with fsmonitor enabled.
Siddharth Agarwal
tests: add a wrapper to run fsmonitor tests...
r32769 # Used by fsmonitor-run-tests.
Martijn Pieters
fsmonitor: new experimental extension...
r28433 # The following tests all fail because they either use extensions that conflict
# with fsmonitor, use subrepositories, or don't anticipate the extra file in
# the .hg directory that fsmonitor adds.
FUJIWARA Katsunori
tests: categorize entries in blacklist for fsmonitor for future reference
r33429
#### mainly testing eol extension
Martijn Pieters
fsmonitor: new experimental extension...
r28433 test-eol-add.t
test-eol-clone.t
test-eol-hook.t
test-eol-patch.t
test-eol-tag.t
test-eol-update.t
test-eol.t
test-eolfilename.t
FUJIWARA Katsunori
tests: categorize entries in blacklist for fsmonitor for future reference
r33429
#### mainly testing largefiles extension
Martijn Pieters
fsmonitor: new experimental extension...
r28433 test-issue3084.t
test-largefiles-cache.t
test-largefiles-misc.t
test-largefiles-small-disk.t
test-largefiles-update.t
test-largefiles-wireproto.t
test-largefiles.t
test-lfconvert.t
FUJIWARA Katsunori
tests: categorize entries in blacklist for fsmonitor for future reference
r33429
#### mainly testing nested repositories
Martijn Pieters
fsmonitor: new experimental extension...
r28433 test-nested-repo.t
test-push-warn.t
test-subrepo-deep-nested-change.t
test-subrepo-recursion.t
test-subrepo.t
FUJIWARA Katsunori
tests: categorize entries in blacklist for fsmonitor for future reference
r33429
#### fixing these seems redundant, because these don't focus on
#### operations in the working directory or .hg
test-debugextensions.t
test-extension.t
test-help.t