Show More
@@ -88,6 +88,20 b' def _verifycert(cert, hostname):' | |||
|
88 | 88 | # We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally |
|
89 | 89 | # busted on those versions. |
|
90 | 90 | |
|
91 | def _plainapplepython(): | |
|
92 | """return true if this seems to be a pure Apple Python that | |
|
93 | * is unfrozen and presumably has the whole mercurial module in the file | |
|
94 | system | |
|
95 | * presumably is an Apple Python that uses Apple OpenSSL which has patches | |
|
96 | for using system certificate store CAs in addition to the provided | |
|
97 | cacerts file | |
|
98 | """ | |
|
99 | if sys.platform != 'darwin' or util.mainfrozen(): | |
|
100 | return False | |
|
101 | exe = (sys.executable or '').lower() | |
|
102 | return (exe.startswith('/usr/bin/python') or | |
|
103 | exe.startswith('/system/library/frameworks/python.framework/')) | |
|
104 | ||
|
91 | 105 | def sslkwargs(ui, host): |
|
92 | 106 | forcetls = ui.configbool('ui', 'tls', default=True) |
|
93 | 107 | if forcetls: |
@@ -104,7 +118,7 b' def sslkwargs(ui, host):' | |||
|
104 | 118 | cacerts = util.expandpath(cacerts) |
|
105 | 119 | if not os.path.exists(cacerts): |
|
106 | 120 | raise util.Abort(_('could not find web.cacerts: %s') % cacerts) |
|
107 |
elif cacerts is None and |
|
|
121 | elif cacerts is None and _plainapplepython(): | |
|
108 | 122 | dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') |
|
109 | 123 | if os.path.exists(dummycert): |
|
110 | 124 | ui.debug('using %s to enable OS X system CA\n' % dummycert) |
@@ -115,7 +115,8 b' Test server address cannot be reused' | |||
|
115 | 115 | #endif |
|
116 | 116 | $ cd .. |
|
117 | 117 | |
|
118 | OS X has a dummy CA cert that enables use of the system CA store | |
|
118 | OS X has a dummy CA cert that enables use of the system CA store when using | |
|
119 | Apple's OpenSSL. This trick do not work with plain OpenSSL. | |
|
119 | 120 | |
|
120 | 121 | $ DISABLEOSXDUMMYCERT= |
|
121 | 122 |
|
General Comments 0
You need to be logged in to leave comments.
Login now