ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs This will give PKI-secure behaviour out of the box, without any configuration. Setting web.cacerts to any value or empty will disable this trick. This dummy cert trick only works on OS X 10.6+, but 10.5 had Python 2.5 which didn't have certificate validation at all.

--- a/tests/hghave.py
+++ b/tests/hghave.py
@@ -332,6 +332,10 @@
 def has_aix():
     return sys.platform.startswith("aix")
 
+@check("osx", "OS X")
+def has_osx():
+    return sys.platform == 'darwin'
+
 @check("absimport", "absolute_import in __future__")
 def has_absimport():
     import __future__