# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 2016-05-05 07:35:45
# Node ID 843df550b46593bca3ff8200feaef609e0058e0d
# Parent  b197e2aba703965ee34605e994bf0b673dc861fc

sslutil: check for ui.insecureconnections in sslkwargs

The end result of this function is the same. We now have a more
explicit return branch.

We still keep the old code looking at web.cacerts=! a few lines
below because we're still setting web.cacerts=! and need to react
to the variable. This will be removed in an upcoming patch.

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -243,8 +243,13 @@ def sslkwargs(ui, host):
     if hostfingerprint:
         return kws
 
-    # dispatch sets web.cacerts=! when --insecure is used.
+    # The code below sets up CA verification arguments. If --insecure is
+    # used, we don't take CAs into consideration, so return early.
+    if ui.insecureconnections:
+        return kws
+
     cacerts = ui.config('web', 'cacerts')
+    # TODO remove check when we stop setting this config.
     if cacerts == '!':
         return kws