Show More
@@ -232,22 +232,35 b' def _defaultcacerts():' | |||
|
232 | 232 | return '!' |
|
233 | 233 | |
|
234 | 234 | def sslkwargs(ui, host): |
|
235 | """Determine arguments to pass to wrapsocket(). | |
|
236 | ||
|
237 | ``host`` is the hostname being connected to. | |
|
238 | """ | |
|
235 | 239 | kws = {'ui': ui} |
|
240 | ||
|
241 | # If a host key fingerprint is on file, it is the only thing that matters | |
|
242 | # and CA certs don't come into play. | |
|
236 | 243 | hostfingerprint = ui.config('hostfingerprints', host) |
|
237 | 244 | if hostfingerprint: |
|
238 | 245 | return kws |
|
246 | ||
|
247 | # dispatch sets web.cacerts=! when --insecure is used. | |
|
239 | 248 | cacerts = ui.config('web', 'cacerts') |
|
240 | 249 | if cacerts == '!': |
|
241 |
|
|
|
242 | elif cacerts: | |
|
250 | return kws | |
|
251 | ||
|
252 | if cacerts: | |
|
243 | 253 | cacerts = util.expandpath(cacerts) |
|
244 | 254 | if not os.path.exists(cacerts): |
|
245 | 255 | raise error.Abort(_('could not find web.cacerts: %s') % cacerts) |
|
246 | 256 | else: |
|
257 | # CA certs aren't explicitly listed in the config. See if we can load | |
|
258 | # defaults. | |
|
247 | 259 | cacerts = _defaultcacerts() |
|
248 | 260 | if cacerts and cacerts != '!': |
|
249 | 261 | ui.debug('using %s to enable OS X system CA\n' % cacerts) |
|
250 | 262 | ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') |
|
263 | ||
|
251 | 264 | if cacerts != '!': |
|
252 | 265 | kws.update({'ca_certs': cacerts, |
|
253 | 266 | 'cert_reqs': ssl.CERT_REQUIRED, |
General Comments 0
You need to be logged in to leave comments.
Login now