Show More
@@ -264,7 +264,13 b' def wrapsocket(sock, keyfile, certfile, ' | |||||
264 |
|
264 | |||
265 | settings = _hostsettings(ui, serverhostname) |
|
265 | settings = _hostsettings(ui, serverhostname) | |
266 |
|
266 | |||
267 |
# |
|
267 | # We can't use ssl.create_default_context() because it calls | |
|
268 | # load_default_certs() unless CA arguments are passed to it. We want to | |||
|
269 | # have explicit control over CA loading because implicitly loading | |||
|
270 | # CAs may undermine the user's intent. For example, a user may define a CA | |||
|
271 | # bundle with a specific CA cert removed. If the system/default CA bundle | |||
|
272 | # is loaded and contains that removed CA, you've just undone the user's | |||
|
273 | # choice. | |||
268 | sslcontext = SSLContext(settings['protocol']) |
|
274 | sslcontext = SSLContext(settings['protocol']) | |
269 |
|
275 | |||
270 | # This is a no-op unless using modern ssl. |
|
276 | # This is a no-op unless using modern ssl. |
General Comments 0
You need to be logged in to leave comments.
Login now