Show More
@@ -261,18 +261,26 def sslkwargs(ui, host): | |||||
261 |
|
261 | |||
262 | # No CAs in config. See if we can load defaults. |
|
262 | # No CAs in config. See if we can load defaults. | |
263 | cacerts = _defaultcacerts() |
|
263 | cacerts = _defaultcacerts() | |
|
264 | ||||
|
265 | # We found an alternate CA bundle to use. Load it. | |||
264 | if cacerts: |
|
266 | if cacerts: | |
265 | ui.debug('using %s to enable OS X system CA\n' % cacerts) |
|
267 | ui.debug('using %s to enable OS X system CA\n' % cacerts) | |
266 | else: |
|
268 | ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') | |
267 | if not _canloaddefaultcerts: |
|
269 | kws.update({'ca_certs': cacerts, | |
268 | cacerts = '!' |
|
270 | 'cert_reqs': ssl.CERT_REQUIRED}) | |
|
271 | return kws | |||
269 |
|
272 | |||
270 | ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') |
|
273 | # FUTURE this can disappear once wrapsocket() is secure by default. | |
|
274 | if _canloaddefaultcerts: | |||
|
275 | kws['cert_reqs'] = ssl.CERT_REQUIRED | |||
|
276 | return kws | |||
271 |
|
277 | |||
272 | if cacerts != '!': |
|
278 | # This is effectively indicating that no CAs can be loaded because | |
273 | kws.update({'ca_certs': cacerts, |
|
279 | # we can't get here if web.cacerts is set or if we can find | |
274 | 'cert_reqs': ssl.CERT_REQUIRED, |
|
280 | # CA certs elsewhere. Using a config option (which is later | |
275 | }) |
|
281 | # consulted by validator.__call__ is not very obvious). | |
|
282 | # FUTURE fix this | |||
|
283 | ui.setconfig('web', 'cacerts', '!', 'defaultcacerts') | |||
276 | return kws |
|
284 | return kws | |
277 |
|
285 | |||
278 | class validator(object): |
|
286 | class validator(object): |
General Comments 0
You need to be logged in to leave comments.
Login now