[PATCH 02 of 11 V4] sslutil: add assertion to prevent accidental CA usage on Windows

Gregory Szorc gregory.szorc at gmail.com
Fri Jul 15 00:09:03 EDT 2016


# HG changeset patch
# User Gregory Szorc <gregory.szorc at gmail.com>
# Date 1468463632 25200
#      Wed Jul 13 19:33:52 2016 -0700
# Node ID 0f573e972f02063bf12aa0a72d11903760860111
# Parent  9e91be071422676679cdef44e74f4ea34dd81be1
sslutil: add assertion to prevent accidental CA usage on Windows

Yuya suggested we add this check to ensure we don't accidentally try
to load user-writable paths on Windows if we change the control
flow of this function later.

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -494,16 +494,21 @@ def _defaultcacerts(ui):
         # files. Also consider exporting the keychain certs to a file during
         # Mercurial install.
         if not _canloaddefaultcerts:
             ui.warn(_('(unable to load CA certificates; see '
                       'https://mercurial-scm.org/wiki/SecureConnections for '
                       'how to configure Mercurial to avoid this message)\n'))
         return None
 
+    # / is writable on Windows. Out of an abundance of caution make sure
+    # we're not on Windows because paths from _systemcacerts could be installed
+    # by non-admin users.
+    assert os.name != 'nt'
+
     # Try to find CA certificates in well-known locations. We print a warning
     # when using a found file because we don't want too much silent magic
     # for security settings. The expectation is that proper Mercurial
     # installs will have the CA certs path defined at install time and the
     # installer/packager will make an appropriate decision on the user's
     # behalf. We only get here and perform this setting as a feature of
     # last resort.
     if not _canloaddefaultcerts:


More information about the Mercurial-devel mailing list