Mercurial > public > mercurial-scm > hg
comparison mercurial/sslutil.py @ 29106:fe7ebef8796a
sslutil: further refactor sslkwargs
The logic here and what happens with web.cacerts is mind numbing.
Make the code even more explicit.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Wed, 04 May 2016 23:01:49 -0700 |
| parents | 548e9c8c2841 |
| children | c8fbfb9163ce |
comparison
equal
deleted
inserted
replaced
| 29105:548e9c8c2841 | 29106:fe7ebef8796a |
|---|---|
| 247 # dispatch sets web.cacerts=! when --insecure is used. | 247 # dispatch sets web.cacerts=! when --insecure is used. |
| 248 cacerts = ui.config('web', 'cacerts') | 248 cacerts = ui.config('web', 'cacerts') |
| 249 if cacerts == '!': | 249 if cacerts == '!': |
| 250 return kws | 250 return kws |
| 251 | 251 |
| 252 # If a value is set in the config, validate against a path and load | |
| 253 # and require those certs. | |
| 252 if cacerts: | 254 if cacerts: |
| 253 cacerts = util.expandpath(cacerts) | 255 cacerts = util.expandpath(cacerts) |
| 254 if not os.path.exists(cacerts): | 256 if not os.path.exists(cacerts): |
| 255 raise error.Abort(_('could not find web.cacerts: %s') % cacerts) | 257 raise error.Abort(_('could not find web.cacerts: %s') % cacerts) |
| 256 else: | 258 |
| 257 # CA certs aren't explicitly listed in the config. See if we can load | 259 kws.update({'ca_certs': cacerts, |
| 258 # defaults. | 260 'cert_reqs': ssl.CERT_REQUIRED}) |
| 259 cacerts = _defaultcacerts() | 261 return kws |
| 260 if cacerts and cacerts != '!': | 262 |
| 261 ui.debug('using %s to enable OS X system CA\n' % cacerts) | 263 # No CAs in config. See if we can load defaults. |
| 262 ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') | 264 cacerts = _defaultcacerts() |
| 265 if cacerts and cacerts != '!': | |
| 266 ui.debug('using %s to enable OS X system CA\n' % cacerts) | |
| 267 ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') | |
| 263 | 268 |
| 264 if cacerts != '!': | 269 if cacerts != '!': |
| 265 kws.update({'ca_certs': cacerts, | 270 kws.update({'ca_certs': cacerts, |
| 266 'cert_reqs': ssl.CERT_REQUIRED, | 271 'cert_reqs': ssl.CERT_REQUIRED, |
| 267 }) | 272 }) |