mercurial-scm/hg-stable: mercurial/sslutil.py comparison

comparison mercurial/sslutil.py @ 31730:c777b12cdc9b

sslutil: clarify internal documentation I ran into this python issue with an incomplete certificate chain on Windows recently, and this is the clarification that came from that experimenting. The comment I left on the bug tracker [1] with a reference to the CPython code [2] indicates that the original problem I had is a different bug, but happened to be mentioned under issue20916 on the Python bug tracker. [1] https://bz.mercurial-scm.org/show_bug.cgi?id=5313#c7 [2] https://hg.python.org/cpython/file/v2.7.12/Modules/_ssl.c#l628

author	Matt Harbison <matt_harbison@yahoo.com>
date	Wed, 29 Mar 2017 09:54:34 -0400
parents	f819aa9dbbf9
children	9a86d936670f

comparison

equal deleted inserted replaced

-:f1e0446e804c
+:c777b12cdc9b
 # If we're doing certificate verification and no CA certs are loaded,
 # that is almost certainly the reason why verification failed. Provide
 # a hint to the user.
 # Only modern ssl module exposes SSLContext.get_ca_certs() so we can
 # only show this warning if modern ssl is available.
-# The exception handler is here because of
+# The exception handler is here to handle bugs around cert attributes:
-# https://bugs.python.org/issue20916.
+# https://bugs.python.org/issue20916#msg213479.  (See issues5313.)
+# When the main 20916 bug occurs, 'sslcontext.get_ca_certs()' is a
+# non-empty list, but the following conditional is otherwise True.
 try:
 if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and
 modernssl and not sslcontext.get_ca_certs()):
 ui.warn(_('(an attempt was made to load CA certificates but '
 'none were loaded; see '

Mercurial > public > mercurial-scm > hg-stable

comparison mercurial/sslutil.py @ 31730:c777b12cdc9b