Show More
| @@ -88,6 +88,20 b' def _verifycert(cert, hostname):' | |||||
| 88 | # We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally |
|
88 | # We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally | |
| 89 | # busted on those versions. |
|
89 | # busted on those versions. | |
| 90 |
|
90 | |||
|
|
91 | def _plainapplepython(): | |||
|
|
92 | """return true if this seems to be a pure Apple Python that | |||
|
|
93 | * is unfrozen and presumably has the whole mercurial module in the file | |||
|
|
94 | system | |||
|
|
95 | * presumably is an Apple Python that uses Apple OpenSSL which has patches | |||
|
|
96 | for using system certificate store CAs in addition to the provided | |||
|
|
97 | cacerts file | |||
|
|
98 | """ | |||
|
|
99 | if sys.platform != 'darwin' or util.mainfrozen(): | |||
|
|
100 | return False | |||
|
|
101 | exe = (sys.executable or '').lower() | |||
|
|
102 | return (exe.startswith('/usr/bin/python') or | |||
|
|
103 | exe.startswith('/system/library/frameworks/python.framework/')) | |||
|
|
104 | ||||
| 91 | def sslkwargs(ui, host): |
|
105 | def sslkwargs(ui, host): | |
| 92 | forcetls = ui.configbool('ui', 'tls', default=True) |
|
106 | forcetls = ui.configbool('ui', 'tls', default=True) | |
| 93 | if forcetls: |
|
107 | if forcetls: | |
| @@ -104,7 +118,7 b' def sslkwargs(ui, host):' | |||||
| 104 | cacerts = util.expandpath(cacerts) |
|
118 | cacerts = util.expandpath(cacerts) | |
| 105 | if not os.path.exists(cacerts): |
|
119 | if not os.path.exists(cacerts): | |
| 106 | raise util.Abort(_('could not find web.cacerts: %s') % cacerts) |
|
120 | raise util.Abort(_('could not find web.cacerts: %s') % cacerts) | |
| 107 |
elif cacerts is None and |
|
121 | elif cacerts is None and _plainapplepython(): | |
| 108 | dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') |
|
122 | dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') | |
| 109 | if os.path.exists(dummycert): |
|
123 | if os.path.exists(dummycert): | |
| 110 | ui.debug('using %s to enable OS X system CA\n' % dummycert) |
|
124 | ui.debug('using %s to enable OS X system CA\n' % dummycert) | |
| @@ -115,7 +115,8 b' Test server address cannot be reused' | |||||
| 115 | #endif |
|
115 | #endif | |
| 116 | $ cd .. |
|
116 | $ cd .. | |
| 117 |
|
117 | |||
| 118 | OS X has a dummy CA cert that enables use of the system CA store |
|
118 | OS X has a dummy CA cert that enables use of the system CA store when using | |
|
|
119 | Apple's OpenSSL. This trick do not work with plain OpenSSL. | |||
| 119 |
|
120 | |||
| 120 | $ DISABLEOSXDUMMYCERT= |
|
121 | $ DISABLEOSXDUMMYCERT= | |
| 121 |
|
|
122 | #if osx | |
General Comments 0
You need to be logged in to leave comments.
Login now