upstream/mercurial-mirror Commit - r23042:2cd3fa44

ssl: only use the dummy cert hack if using an Apple Python (issue4410)...

Mads Kiilerich -

r23042:2cd3fa44 default

parent child

mercurial/sslutil.py

0 +15 -1

              # We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally
              # busted on those versions.
+             def _plainapplepython():
+                 """return true if this seems to be a pure Apple Python that
+                 * is unfrozen and presumably has the whole mercurial module in the file
+                   system
+                 * presumably is an Apple Python that uses Apple OpenSSL which has patches
+                   for using system certificate store CAs in addition to the provided
+                   cacerts file
+                 """
+                 if sys.platform != 'darwin' or util.mainfrozen():
+                     return False
+                 exe = (sys.executable or '').lower()
+                 return (exe.startswith('/usr/bin/python') or
+                         exe.startswith('/system/library/frameworks/python.framework/'))
              def sslkwargs(ui, host):
                  forcetls = ui.configbool('ui', 'tls', default=True)
                  if forcetls:
                      cacerts = util.expandpath(cacerts)
                      if not os.path.exists(cacerts):
                          raise util.Abort(_('could not find web.cacerts: %s') % cacerts)
-                 elif cacerts is None and sys.platform == 'darwin' and not util.mainfrozen():
+                 elif cacerts is None and _plainapplepython():
                      dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
                      if os.path.exists(dummycert):
                          ui.debug('using %s to enable OS X system CA\n' % dummycert)

tests/test-https.t

0 +2 -1

              #endif
                $ cd ..
-             OS X has a dummy CA cert that enables use of the system CA store
+             OS X has a dummy CA cert that enables use of the system CA store when using
+             Apple's OpenSSL. This trick do not work with plain OpenSSL.
                $ DISABLEOSXDUMMYCERT=
-             #if osx

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages