##// END OF EJS Templates
sslutil: make sslkwargs code even more explicit...
Gregory Szorc -
r29108:16021d58 default
parent child Browse files
Show More
@@ -261,18 +261,26 def sslkwargs(ui, host):
261
261
262 # No CAs in config. See if we can load defaults.
262 # No CAs in config. See if we can load defaults.
263 cacerts = _defaultcacerts()
263 cacerts = _defaultcacerts()
264
265 # We found an alternate CA bundle to use. Load it.
264 if cacerts:
266 if cacerts:
265 ui.debug('using %s to enable OS X system CA\n' % cacerts)
267 ui.debug('using %s to enable OS X system CA\n' % cacerts)
266 else:
268 ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
267 if not _canloaddefaultcerts:
269 kws.update({'ca_certs': cacerts,
268 cacerts = '!'
270 'cert_reqs': ssl.CERT_REQUIRED})
271 return kws
269
272
270 ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
273 # FUTURE this can disappear once wrapsocket() is secure by default.
274 if _canloaddefaultcerts:
275 kws['cert_reqs'] = ssl.CERT_REQUIRED
276 return kws
271
277
272 if cacerts != '!':
278 # This is effectively indicating that no CAs can be loaded because
273 kws.update({'ca_certs': cacerts,
279 # we can't get here if web.cacerts is set or if we can find
274 'cert_reqs': ssl.CERT_REQUIRED,
280 # CA certs elsewhere. Using a config option (which is later
275 })
281 # consulted by validator.__call__ is not very obvious).
282 # FUTURE fix this
283 ui.setconfig('web', 'cacerts', '!', 'defaultcacerts')
276 return kws
284 return kws
277
285
278 class validator(object):
286 class validator(object):
General Comments 0
You need to be logged in to leave comments. Login now