Mercurial > public > mercurial-scm > hg
comparison mercurial/hg.py @ 24290:b76d8c641746
ssl: set explicit symbol "!" to web.cacerts to disable SSL verification (BC)
The next patch will enable verification by using the system's CA store if
possible, which means we would have to distinguish None (=use default) from
'' (=--insecure). This smells bug-prone and provides no way to override
web.cacerts to forcibly use the system's store by --config argument.
This patch changes the meaning of web.cacerts as follows:
value behavior
------- ---------------------------------------
None/'' use default
'!' never use CA certs (set by --insecure)
<path> verify by the specified CA certificates
Values other than <path> are for internal use and therefore undocumented.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Wed, 04 Mar 2015 23:27:04 +0900 |
| parents | 7e71898a7cdc |
| children | 6ddc86eedc3b |
comparison
equal
deleted
inserted
replaced
| 24289:07fafcd4bc74 | 24290:b76d8c641746 |
|---|---|
| 670 # copy selected local settings to the remote ui | 670 # copy selected local settings to the remote ui |
| 671 for sect in ('auth', 'hostfingerprints', 'http_proxy'): | 671 for sect in ('auth', 'hostfingerprints', 'http_proxy'): |
| 672 for key, val in src.configitems(sect): | 672 for key, val in src.configitems(sect): |
| 673 dst.setconfig(sect, key, val, 'copied') | 673 dst.setconfig(sect, key, val, 'copied') |
| 674 v = src.config('web', 'cacerts') | 674 v = src.config('web', 'cacerts') |
| 675 if v: | 675 if v == '!': |
| 676 dst.setconfig('web', 'cacerts', v, 'copied') | |
| 677 elif v: | |
| 676 dst.setconfig('web', 'cacerts', util.expandpath(v), 'copied') | 678 dst.setconfig('web', 'cacerts', util.expandpath(v), 'copied') |
| 677 | 679 |
| 678 return dst | 680 return dst |