Show More
| @@ -261,18 +261,26 b' def sslkwargs(ui, host):' | |||||
| 261 |
|
261 | |||
| 262 | # No CAs in config. See if we can load defaults. |
|
262 | # No CAs in config. See if we can load defaults. | |
| 263 | cacerts = _defaultcacerts() |
|
263 | cacerts = _defaultcacerts() | |
|
|
264 | ||||
|
|
265 | # We found an alternate CA bundle to use. Load it. | |||
| 264 | if cacerts: |
|
266 | if cacerts: | |
| 265 | ui.debug('using %s to enable OS X system CA\n' % cacerts) |
|
267 | ui.debug('using %s to enable OS X system CA\n' % cacerts) | |
| 266 | else: |
|
268 | ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') | |
| 267 | if not _canloaddefaultcerts: |
|
269 | kws.update({'ca_certs': cacerts, | |
| 268 | cacerts = '!' |
|
270 | 'cert_reqs': ssl.CERT_REQUIRED}) | |
|
|
271 | return kws | |||
| 269 |
|
272 | |||
| 270 | ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') |
|
273 | # FUTURE this can disappear once wrapsocket() is secure by default. | |
|
|
274 | if _canloaddefaultcerts: | |||
|
|
275 | kws['cert_reqs'] = ssl.CERT_REQUIRED | |||
|
|
276 | return kws | |||
| 271 |
|
277 | |||
| 272 | if cacerts != '!': |
|
278 | # This is effectively indicating that no CAs can be loaded because | |
| 273 | kws.update({'ca_certs': cacerts, |
|
279 | # we can't get here if web.cacerts is set or if we can find | |
| 274 | 'cert_reqs': ssl.CERT_REQUIRED, |
|
280 | # CA certs elsewhere. Using a config option (which is later | |
| 275 | }) |
|
281 | # consulted by validator.__call__ is not very obvious). | |
|
|
282 | # FUTURE fix this | |||
|
|
283 | ui.setconfig('web', 'cacerts', '!', 'defaultcacerts') | |||
| 276 | return kws |
|
284 | return kws | |
| 277 |
|
285 | |||
| 278 | class validator(object): |
|
286 | class validator(object): | |
General Comments 0
You need to be logged in to leave comments.
Login now