[PATCH 2 of 2] cacert: improve error report when web.cacert file does not exist
timeless
timeless at gmail.com
Sun Mar 6 10:27:11 CST 2011
# HG changeset patch
# User timeless <timeless at gmail.com>
# Date 1299428827 21600
# Node ID 083b5876f26ea7b9d80f2dee4ce6ac0fb9ecea90
# Parent a2b1ee41dc4ef99c2297d7aab241b7141d1259c3
cacert: improve error report when web.cacert file does not exist
diff --git a/mercurial/url.py b/mercurial/url.py
--- a/mercurial/url.py
+++ b/mercurial/url.py
@@ -557,12 +557,18 @@ if has_https:
host = self.realhostport.rsplit(':', 1)[0]
cacerts = self.ui.config('web', 'cacerts')
+
hostfingerprint = self.ui.config('hostfingerprints', host)
if cacerts and not hostfingerprint:
+ cacerts = util.expandpath(cacerts)
+ if not os.path.exists(cacerts):
+ raise util.Abort(_('could not find '
+ 'web.cacerts: %s\n') % cacerts)
self.sock = _ssl_wrap_socket(self.sock, self.key_file,
self.cert_file, cert_reqs=CERT_REQUIRED,
- ca_certs=util.expandpath(cacerts))
+ ca_certs=cacerts)
+
msg = _verifycert(self.sock.getpeercert(), host)
if msg:
raise util.Abort(_('%s certificate error: %s '
diff --git a/tests/test-https.t b/tests/test-https.t
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -96,6 +96,13 @@ pub.pem patched with other notBefore / n
$ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
$ cat ../hg0.pid >> $DAEMON_PIDS
+cacert not found
+
+ $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
+ abort: could not find web.cacerts: no-such.pem
+
+ [255]
+
Test server address cannot be reused
$ hg serve -p $HGPORT --certificate=$PRIV 2>&1
More information about the Mercurial-devel
mailing list