Show More
@@ -10,12 +10,16 b' import os, sys' | |||
|
10 | 10 | |
|
11 | 11 | from mercurial import util |
|
12 | 12 | from mercurial.i18n import _ |
|
13 | ||
|
14 | _canloaddefaultcerts = False | |
|
13 | 15 | try: |
|
14 | 16 | # avoid using deprecated/broken FakeSocket in python 2.6 |
|
15 | 17 | import ssl |
|
16 | 18 | CERT_REQUIRED = ssl.CERT_REQUIRED |
|
17 | 19 | try: |
|
18 | 20 | ssl_context = ssl.SSLContext |
|
21 | _canloaddefaultcerts = util.safehasattr(ssl_context, | |
|
22 | 'load_default_certs') | |
|
19 | 23 | |
|
20 | 24 | def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE, |
|
21 | 25 | ca_certs=None, serverhostname=None): |
@@ -35,6 +39,8 b' try:' | |||
|
35 | 39 | sslcontext.verify_mode = cert_reqs |
|
36 | 40 | if ca_certs is not None: |
|
37 | 41 | sslcontext.load_verify_locations(cafile=ca_certs) |
|
42 | elif _canloaddefaultcerts: | |
|
43 | sslcontext.load_default_certs() | |
|
38 | 44 | |
|
39 | 45 | sslsocket = sslcontext.wrap_socket(sock, |
|
40 | 46 | server_hostname=serverhostname) |
@@ -130,10 +136,13 b' def _plainapplepython():' | |||
|
130 | 136 | exe.startswith('/system/library/frameworks/python.framework/')) |
|
131 | 137 | |
|
132 | 138 | def _defaultcacerts(): |
|
139 | """return path to CA certificates; None for system's store; ! to disable""" | |
|
133 | 140 | if _plainapplepython(): |
|
134 | 141 | dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem') |
|
135 | 142 | if os.path.exists(dummycert): |
|
136 | 143 | return dummycert |
|
144 | if _canloaddefaultcerts: | |
|
145 | return None | |
|
137 | 146 | return '!' |
|
138 | 147 | |
|
139 | 148 | def sslkwargs(ui, host): |
General Comments 0
You need to be logged in to leave comments.
Login now