[PATCH] ui: optionally quiesce ssl verification warnings

Steven Stallion sstallion at gmail.com
Sun Apr 8 17:30:48 CDT 2012 

# HG changeset patch
# User Steven Stallion <sstallion at gmail.com>
# Date 1333924158 25200
# Node ID 87d271ff44bd1f06b3eeee36439f3c0306793516
# Parent  329887a7074c8e49e73fa76712d8d45aee0d0fd7
ui: optionally quiesce ssl verification warnings

Some platforms, notably Plan 9 from Bell Labs are stuck on older
releases of Python. Due to restrictions in the platform, it is not
possible to backport the SSL library to the existing Python port.
This patch permits the UI to quiesce SSL verification warnings by
adding a configuration entry named report_unverified to ui.

diff -r 329887a7074c -r 87d271ff44bd mercurial/help/config.txt
--- a/mercurial/help/config.txt	Fri Apr 06 15:18:14 2012 -0500
+++ b/mercurial/help/config.txt	Sun Apr 08 15:29:18 2012 -0700
@@ -1134,6 +1134,10 @@
     Warn if a ``.hg/hgrc`` file is ignored due to not being owned by a
     trusted user or group. True or False. Default is True.
 
+``report_unverified``
+    Warn if an SSL certificate is unable to be verified. True or False.
+    Default is True.
+
 ``slash``
     Display paths using a slash (``/``) as the path separator. This
     only makes a difference on systems where the default path
diff -r 329887a7074c -r 87d271ff44bd mercurial/sslutil.py
--- a/mercurial/sslutil.py	Fri Apr 06 15:18:14 2012 -0500
+++ b/mercurial/sslutil.py	Sun Apr 08 15:29:18 2012 -0700
@@ -103,12 +103,14 @@
         host = self.host
         cacerts = self.ui.config('web', 'cacerts')
         hostfingerprint = self.ui.config('hostfingerprints', host)
+        reportunverified = self.ui.configbool('ui', 'report_unverified', True)
         if not getattr(sock, 'getpeercert', False): # python 2.5 ?
             if hostfingerprint:
                 raise util.Abort(_("host fingerprint for %s can't be "
                                    "verified (Python too old)") % host)
-            self.ui.warn(_("warning: certificate for %s can't be verified "
-                           "(Python too old)\n") % host)
+            if reportunverified:
+                self.ui.warn(_("warning: certificate for %s can't be verified "
+                               "(Python too old)\n") % host)
             return
         if not sock.cipher(): # work around http://bugs.python.org/issue13721
             raise util.Abort(_('%s ssl connection error') % host)
@@ -135,7 +137,7 @@
                                         '--insecure to connect insecurely') %
                                       nicefingerprint)
             self.ui.debug('%s certificate successfully verified\n' % host)
-        else:
+        elif reportunverified:
             self.ui.warn(_('warning: %s certificate with fingerprint %s not '
                            'verified (check hostfingerprints or web.cacerts '
                            'config setting)\n') %

More information about the Mercurial-devel mailing list