mercurial/sslutil.py
changeset 29105 548e9c8c2841
parent 29042 693b856a4d45
child 29106 fe7ebef8796a
equal deleted inserted replaced
29104:b207653ada10 29105:548e9c8c2841
   230     if _canloaddefaultcerts:
   230     if _canloaddefaultcerts:
   231         return None
   231         return None
   232     return '!'
   232     return '!'
   233 
   233 
   234 def sslkwargs(ui, host):
   234 def sslkwargs(ui, host):
       
   235     """Determine arguments to pass to wrapsocket().
       
   236 
       
   237     ``host`` is the hostname being connected to.
       
   238     """
   235     kws = {'ui': ui}
   239     kws = {'ui': ui}
       
   240 
       
   241     # If a host key fingerprint is on file, it is the only thing that matters
       
   242     # and CA certs don't come into play.
   236     hostfingerprint = ui.config('hostfingerprints', host)
   243     hostfingerprint = ui.config('hostfingerprints', host)
   237     if hostfingerprint:
   244     if hostfingerprint:
   238         return kws
   245         return kws
       
   246 
       
   247     # dispatch sets web.cacerts=! when --insecure is used.
   239     cacerts = ui.config('web', 'cacerts')
   248     cacerts = ui.config('web', 'cacerts')
   240     if cacerts == '!':
   249     if cacerts == '!':
   241         pass
   250         return kws
   242     elif cacerts:
   251 
       
   252     if cacerts:
   243         cacerts = util.expandpath(cacerts)
   253         cacerts = util.expandpath(cacerts)
   244         if not os.path.exists(cacerts):
   254         if not os.path.exists(cacerts):
   245             raise error.Abort(_('could not find web.cacerts: %s') % cacerts)
   255             raise error.Abort(_('could not find web.cacerts: %s') % cacerts)
   246     else:
   256     else:
       
   257         # CA certs aren't explicitly listed in the config. See if we can load
       
   258         # defaults.
   247         cacerts = _defaultcacerts()
   259         cacerts = _defaultcacerts()
   248         if cacerts and cacerts != '!':
   260         if cacerts and cacerts != '!':
   249             ui.debug('using %s to enable OS X system CA\n' % cacerts)
   261             ui.debug('using %s to enable OS X system CA\n' % cacerts)
   250         ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
   262         ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
       
   263 
   251     if cacerts != '!':
   264     if cacerts != '!':
   252         kws.update({'ca_certs': cacerts,
   265         kws.update({'ca_certs': cacerts,
   253                     'cert_reqs': ssl.CERT_REQUIRED,
   266                     'cert_reqs': ssl.CERT_REQUIRED,
   254                     })
   267                     })
   255     return kws
   268     return kws