407 # If we're doing certificate verification and no CA certs are loaded, |
407 # If we're doing certificate verification and no CA certs are loaded, |
408 # that is almost certainly the reason why verification failed. Provide |
408 # that is almost certainly the reason why verification failed. Provide |
409 # a hint to the user. |
409 # a hint to the user. |
410 # Only modern ssl module exposes SSLContext.get_ca_certs() so we can |
410 # Only modern ssl module exposes SSLContext.get_ca_certs() so we can |
411 # only show this warning if modern ssl is available. |
411 # only show this warning if modern ssl is available. |
412 if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and |
412 # The exception handler is here because of |
413 modernssl and not sslcontext.get_ca_certs()): |
413 # https://bugs.python.org/issue20916. |
414 ui.warn(_('(an attempt was made to load CA certificates but none ' |
414 try: |
415 'were loaded; see ' |
415 if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and |
416 'https://mercurial-scm.org/wiki/SecureConnections for ' |
416 modernssl and not sslcontext.get_ca_certs()): |
417 'how to configure Mercurial to avoid this error)\n')) |
417 ui.warn(_('(an attempt was made to load CA certificates but ' |
|
418 'none were loaded; see ' |
|
419 'https://mercurial-scm.org/wiki/SecureConnections ' |
|
420 'for how to configure Mercurial to avoid this ' |
|
421 'error)\n')) |
|
422 except ssl.SSLError: |
|
423 pass |
418 # Try to print more helpful error messages for known failures. |
424 # Try to print more helpful error messages for known failures. |
419 if util.safehasattr(e, 'reason'): |
425 if util.safehasattr(e, 'reason'): |
420 # This error occurs when the client and server don't share a |
426 # This error occurs when the client and server don't share a |
421 # common/supported SSL/TLS protocol. We've disabled SSLv2 and SSLv3 |
427 # common/supported SSL/TLS protocol. We've disabled SSLv2 and SSLv3 |
422 # outright. Hopefully the reason for this error is that we require |
428 # outright. Hopefully the reason for this error is that we require |