Mercurial > public > mercurial-scm > hg-stable
diff tests/test-https.t @ 29500:4b16a5bd9948
sslutil: try to find CA certficates in well-known locations
Many Linux distros and other Nixen have CA certificates in well-defined
locations. Rather than potentially fail to load any CA certificates at
all (which will always result in a certificate verification failure),
we scan for paths to known CA certificate files and load one if seen.
Because a proper Mercurial install will have the path to the CA
certificate file defined at install time, we print a warning that
the install isn't proper and provide a URL with instructions to
correct things.
We only perform path-based fallback on Pythons that don't know
how to call into OpenSSL to load the default verify locations. This
is because we trust that Python/OpenSSL is properly configured
and knows better than Mercurial. So this new code effectively only
runs on Python <2.7.9 (technically Pythons without the modern ssl
module).
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Wed, 06 Jul 2016 21:16:00 -0700 |
| parents | 9c5325c79683 |
| children | fe7158fced4b |
line wrap: on
line diff
--- a/tests/test-https.t Wed Jul 06 20:46:05 2016 -0700 +++ b/tests/test-https.t Wed Jul 06 21:16:00 2016 -0700 @@ -56,6 +56,7 @@ #if no-sslcontext defaultcacerts $ hg clone https://localhost:$HGPORT/ copy-pull + (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) abort: error: *certificate verify failed* (glob) [255] #endif @@ -77,6 +78,7 @@ #if defaultcacertsloaded $ hg clone https://localhost:$HGPORT/ copy-pull + (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?) abort: error: *certificate verify failed* (glob) [255] #endif