247 # dispatch sets web.cacerts=! when --insecure is used. |
247 # dispatch sets web.cacerts=! when --insecure is used. |
248 cacerts = ui.config('web', 'cacerts') |
248 cacerts = ui.config('web', 'cacerts') |
249 if cacerts == '!': |
249 if cacerts == '!': |
250 return kws |
250 return kws |
251 |
251 |
|
252 # If a value is set in the config, validate against a path and load |
|
253 # and require those certs. |
252 if cacerts: |
254 if cacerts: |
253 cacerts = util.expandpath(cacerts) |
255 cacerts = util.expandpath(cacerts) |
254 if not os.path.exists(cacerts): |
256 if not os.path.exists(cacerts): |
255 raise error.Abort(_('could not find web.cacerts: %s') % cacerts) |
257 raise error.Abort(_('could not find web.cacerts: %s') % cacerts) |
256 else: |
258 |
257 # CA certs aren't explicitly listed in the config. See if we can load |
259 kws.update({'ca_certs': cacerts, |
258 # defaults. |
260 'cert_reqs': ssl.CERT_REQUIRED}) |
259 cacerts = _defaultcacerts() |
261 return kws |
260 if cacerts and cacerts != '!': |
262 |
261 ui.debug('using %s to enable OS X system CA\n' % cacerts) |
263 # No CAs in config. See if we can load defaults. |
262 ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') |
264 cacerts = _defaultcacerts() |
|
265 if cacerts and cacerts != '!': |
|
266 ui.debug('using %s to enable OS X system CA\n' % cacerts) |
|
267 ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts') |
263 |
268 |
264 if cacerts != '!': |
269 if cacerts != '!': |
265 kws.update({'ca_certs': cacerts, |
270 kws.update({'ca_certs': cacerts, |
266 'cert_reqs': ssl.CERT_REQUIRED, |
271 'cert_reqs': ssl.CERT_REQUIRED, |
267 }) |
272 }) |