Mercurial > public > mercurial-scm > hg
comparison mercurial/sslutil.py @ 30228:b9f7b0c10027 stable
sslutil: guard against broken certifi installations (issue5406)
Certifi is currently incompatible with py2exe; the Python code for certifi gets
included in library.zip, but not the cacert.pem file - and even if it were
included, SSLContext can't load a cacert.pem file from library.zip.
This currently makes it impossible to build a standalone Windows version of
Mercurial.
Guard against this, and possibly other situations where a module with the name
"certifi" exists, but is not usable.
| author | G?bor Stefanik <gabor.stefanik@nng.com> |
|---|---|
| date | Wed, 19 Oct 2016 18:06:14 +0200 |
| parents | 799e36749f1a |
| children | 318a24b52eeb |
comparison
equal
deleted
inserted
replaced
| 30227:5ee944b9c750 | 30228:b9f7b0c10027 |
|---|---|
| 688 function may print warnings or debug messages assuming this usage. | 688 function may print warnings or debug messages assuming this usage. |
| 689 | 689 |
| 690 We don't print a message when the Python is able to load default | 690 We don't print a message when the Python is able to load default |
| 691 CA certs because this scenario is detected at socket connect time. | 691 CA certs because this scenario is detected at socket connect time. |
| 692 """ | 692 """ |
| 693 # The "certifi" Python package provides certificates. If it is installed, | 693 # The "certifi" Python package provides certificates. If it is installed |
| 694 # assume the user intends it to be used and use it. | 694 # and usable, assume the user intends it to be used and use it. |
| 695 try: | 695 try: |
| 696 import certifi | 696 import certifi |
| 697 certs = certifi.where() | 697 certs = certifi.where() |
| 698 ui.debug('using ca certificates from certifi\n') | 698 if os.path.exists(certs): |
| 699 return certs | 699 ui.debug('using ca certificates from certifi\n') |
| 700 except ImportError: | 700 return certs |
| 701 except (ImportError, AttributeError): | |
| 701 pass | 702 pass |
| 702 | 703 |
| 703 # On Windows, only the modern ssl module is capable of loading the system | 704 # On Windows, only the modern ssl module is capable of loading the system |
| 704 # CA certificates. If we're not capable of doing that, emit a warning | 705 # CA certificates. If we're not capable of doing that, emit a warning |
| 705 # because we'll get a certificate verification error later and the lack | 706 # because we'll get a certificate verification error later and the lack |