Mercurial Mercurial > public > mercurial-scm > hg / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mercurial/sslutil.py
changeset 29105 548e9c8c2841
parent 29042 693b856a4d45
child 29106 fe7ebef8796a
equal deleted inserted replaced
29104:b207653ada10 29105:548e9c8c2841 
   230     if _canloaddefaultcerts:
 
   230     if _canloaddefaultcerts:
 
   231         return None
 
   231         return None
 
   232     return '!'
 
   232     return '!'
 
   233 
   233 
   234 def sslkwargs(ui, host):
 
   234 def sslkwargs(ui, host):
 
       
   235     """Determine arguments to pass to wrapsocket().
 
       
   236 
       
   237     ``host`` is the hostname being connected to.
 
       
   238     """
 
   235     kws = {'ui': ui}
 
   239     kws = {'ui': ui}
 
       
   240 
       
   241     # If a host key fingerprint is on file, it is the only thing that matters
 
       
   242     # and CA certs don't come into play.
 
   236     hostfingerprint = ui.config('hostfingerprints', host)
 
   243     hostfingerprint = ui.config('hostfingerprints', host)
 
   237     if hostfingerprint:
 
   244     if hostfingerprint:
 
   238         return kws
 
   245         return kws
 
       
   246 
       
   247     # dispatch sets web.cacerts=! when --insecure is used.
 
   239     cacerts = ui.config('web', 'cacerts')
 
   248     cacerts = ui.config('web', 'cacerts')
 
   240     if cacerts == '!':
 
   249     if cacerts == '!':
 
   241         pass
 
   250         return kws
 
   242     elif cacerts:
 
   251 
       
   252     if cacerts:
 
   243         cacerts = util.expandpath(cacerts)
 
   253         cacerts = util.expandpath(cacerts)
 
   244         if not os.path.exists(cacerts):
 
   254         if not os.path.exists(cacerts):
 
   245             raise error.Abort(_('could not find web.cacerts: %s') % cacerts)
 
   255             raise error.Abort(_('could not find web.cacerts: %s') % cacerts)
 
   246     else:
 
   256     else:
 
       
   257         # CA certs aren't explicitly listed in the config. See if we can load
 
       
   258         # defaults.
 
   247         cacerts = _defaultcacerts()
 
   259         cacerts = _defaultcacerts()
 
   248         if cacerts and cacerts != '!':
 
   260         if cacerts and cacerts != '!':
 
   249             ui.debug('using %s to enable OS X system CA\n' % cacerts)
 
   261             ui.debug('using %s to enable OS X system CA\n' % cacerts)
 
   250         ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
 
   262         ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
 
       
   263 
   251     if cacerts != '!':
 
   264     if cacerts != '!':
 
   252         kws.update({'ca_certs': cacerts,
 
   265         kws.update({'ca_certs': cacerts,
 
   253                     'cert_reqs': ssl.CERT_REQUIRED,
 
   266                     'cert_reqs': ssl.CERT_REQUIRED,
 
   254                     })
 
   267                     })
 
   255     return kws
 
   268     return kws
mercurial-scm/hg