# HG changeset patch # User Gregory Szorc # Date 2016-07-25 19:00:55 # Node ID 387bdd53c77e9f61bd7b0d491717440f7f57563a # Parent 67b180c0e2634971d8f7e0e31b00dc4bdc7768cc sslutil: work around SSLContext.get_ca_certs bug on Windows (issue5313) SSLContext.get_ca_certs() can raise "ssl.SSLError: unknown error (_ssl.c:636)" on Windows. See https://bugs.python.org/issue20916 for more info. We add a try..except that swallows the exception to work around this bug. If we encounter the bug, we won't print a warning message about attempting to load CA certificates. This is unfortunate. But there appears to be little we can do :/ diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py --- a/mercurial/sslutil.py +++ b/mercurial/sslutil.py @@ -409,12 +409,18 @@ def wrapsocket(sock, keyfile, certfile, # a hint to the user. # Only modern ssl module exposes SSLContext.get_ca_certs() so we can # only show this warning if modern ssl is available. - if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and - modernssl and not sslcontext.get_ca_certs()): - ui.warn(_('(an attempt was made to load CA certificates but none ' - 'were loaded; see ' - 'https://mercurial-scm.org/wiki/SecureConnections for ' - 'how to configure Mercurial to avoid this error)\n')) + # The exception handler is here because of + # https://bugs.python.org/issue20916. + try: + if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and + modernssl and not sslcontext.get_ca_certs()): + ui.warn(_('(an attempt was made to load CA certificates but ' + 'none were loaded; see ' + 'https://mercurial-scm.org/wiki/SecureConnections ' + 'for how to configure Mercurial to avoid this ' + 'error)\n')) + except ssl.SSLError: + pass # Try to print more helpful error messages for known failures. if util.safehasattr(e, 'reason'): # This error occurs when the client and server don't share a