Show More
| @@ -261,18 +261,26 b' def sslkwargs(ui, host):' | |||
|
|
261 | 261 | |
|
|
262 | 262 | # No CAs in config. See if we can load defaults. |
|
|
263 | 263 | cacerts = _defaultcacerts() |
|
|
264 | ||
|
|
265 | # We found an alternate CA bundle to use. Load it. | |
|
|
264 | 266 | if cacerts: |
|
|
265 | 267 | ui.debug('using %s to enable OS X system CA\n' % cacerts) |
|
|
266 | else: | |
|
|
267 | if not _canloaddefaultcerts: | |
|
|
268 | cacerts = '!' | |
|
|
268 | ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') | |
|
|
269 | kws.update({'ca_certs': cacerts, | |
|
|
270 | 'cert_reqs': ssl.CERT_REQUIRED}) | |
|
|
271 | return kws | |
|
|
269 | 272 | |
|
|
270 | ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') | |
|
|
273 | # FUTURE this can disappear once wrapsocket() is secure by default. | |
|
|
274 | if _canloaddefaultcerts: | |
|
|
275 | kws['cert_reqs'] = ssl.CERT_REQUIRED | |
|
|
276 | return kws | |
|
|
271 | 277 | |
|
|
272 | if cacerts != '!': | |
|
|
273 | kws.update({'ca_certs': cacerts, | |
|
|
274 | 'cert_reqs': ssl.CERT_REQUIRED, | |
|
|
275 | }) | |
|
|
278 | # This is effectively indicating that no CAs can be loaded because | |
|
|
279 | # we can't get here if web.cacerts is set or if we can find | |
|
|
280 | # CA certs elsewhere. Using a config option (which is later | |
|
|
281 | # consulted by validator.__call__ is not very obvious). | |
|
|
282 | # FUTURE fix this | |
|
|
283 | ui.setconfig('web', 'cacerts', '!', 'defaultcacerts') | |
|
|
276 | 284 | return kws |
|
|
277 | 285 | |
|
|
278 | 286 | class validator(object): |
General Comments 0
You need to be logged in to leave comments.
Login now