Mercurial > hg > mercurial-crew
comparison tests/hghave.py @ 24397:b76d8c641746
ssl: set explicit symbol "!" to web.cacerts to disable SSL verification (BC)
The next patch will enable verification by using the system's CA store if
possible, which means we would have to distinguish None (=use default) from
'' (=--insecure). This smells bug-prone and provides no way to override
web.cacerts to forcibly use the system's store by --config argument.
This patch changes the meaning of web.cacerts as follows:
value behavior
------- ---------------------------------------
None/'' use default
'!' never use CA certs (set by --insecure)
<path> verify by the specified CA certificates
Values other than <path> are for internal use and therefore undocumented.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Wed, 04 Mar 2015 23:27:04 +0900 |
| parents | 07fafcd4bc74 |
| children | 252412e24551 |
comparison
equal
deleted
inserted
replaced
| 24396:07fafcd4bc74 | 24397:b76d8c641746 |
|---|---|
| 321 return False | 321 return False |
| 322 | 322 |
| 323 @check("defaultcacerts", "can verify SSL certs by system's CA certs store") | 323 @check("defaultcacerts", "can verify SSL certs by system's CA certs store") |
| 324 def has_defaultcacerts(): | 324 def has_defaultcacerts(): |
| 325 from mercurial import sslutil | 325 from mercurial import sslutil |
| 326 return sslutil._defaultcacerts() | 326 return sslutil._defaultcacerts() != '!' |
| 327 | 327 |
| 328 @check("windows", "Windows") | 328 @check("windows", "Windows") |
| 329 def has_windows(): | 329 def has_windows(): |
| 330 return os.name == 'nt' | 330 return os.name == 'nt' |
| 331 | 331 |