Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/sslutil.py @ 29115:ef316c653b7f
sslutil: stop checking for web.cacerts=! (BC)
The previous patch stopped setting web.cacerts=! to indicate
--insecure.
That left user configs as the only source that could introduce
web.cacerts=!.
The practical impact of this patch is we no longer honor
web.cacerts=! in configs. Instead, we always treat web.cacerts
as a path. The patch is therefore technically BC. However,
since I don't believe web.cacerts=! is documented, it should be
safe to remove. a939f08fae9c (which introduced --insecure) has
no indication that web.cacerts=! is anything but an implementation
detail, reinforcing my belief it can be removed without major
debate.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Thu, 05 May 2016 00:46:31 -0700 |
| parents | 5b9577edf745 |
| children | 7424f4294199 |
comparison
equal
deleted
inserted
replaced
| 29114:f1081aea19b1 | 29115:ef316c653b7f |
|---|---|
| 252 # used, we don't take CAs into consideration, so return early. | 252 # used, we don't take CAs into consideration, so return early. |
| 253 if ui.insecureconnections: | 253 if ui.insecureconnections: |
| 254 return kws | 254 return kws |
| 255 | 255 |
| 256 cacerts = ui.config('web', 'cacerts') | 256 cacerts = ui.config('web', 'cacerts') |
| 257 # TODO remove check when we stop setting this config. | |
| 258 if cacerts == '!': | |
| 259 return kws | |
| 260 | 257 |
| 261 # If a value is set in the config, validate against a path and load | 258 # If a value is set in the config, validate against a path and load |
| 262 # and require those certs. | 259 # and require those certs. |
| 263 if cacerts: | 260 if cacerts: |
| 264 cacerts = util.expandpath(cacerts) | 261 cacerts = util.expandpath(cacerts) |