412 # If we're doing certificate verification and no CA certs are loaded, |
412 # If we're doing certificate verification and no CA certs are loaded, |
413 # that is almost certainly the reason why verification failed. Provide |
413 # that is almost certainly the reason why verification failed. Provide |
414 # a hint to the user. |
414 # a hint to the user. |
415 # Only modern ssl module exposes SSLContext.get_ca_certs() so we can |
415 # Only modern ssl module exposes SSLContext.get_ca_certs() so we can |
416 # only show this warning if modern ssl is available. |
416 # only show this warning if modern ssl is available. |
417 # The exception handler is here because of |
417 # The exception handler is here to handle bugs around cert attributes: |
418 # https://bugs.python.org/issue20916. |
418 # https://bugs.python.org/issue20916#msg213479. (See issues5313.) |
|
419 # When the main 20916 bug occurs, 'sslcontext.get_ca_certs()' is a |
|
420 # non-empty list, but the following conditional is otherwise True. |
419 try: |
421 try: |
420 if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and |
422 if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and |
421 modernssl and not sslcontext.get_ca_certs()): |
423 modernssl and not sslcontext.get_ca_certs()): |
422 ui.warn(_('(an attempt was made to load CA certificates but ' |
424 ui.warn(_('(an attempt was made to load CA certificates but ' |
423 'none were loaded; see ' |
425 'none were loaded; see ' |