[PATCH STABLE] sslutil: work around SSLContext.get_ca_certs bug on Windows (issue5313)
Yuya Nishihara
yuya at tcha.org
Tue Jul 26 08:55:45 EDT 2016
On Mon, 25 Jul 2016 20:57:55 -0400, Matt Harbison wrote:
> On Mon, 25 Jul 2016 15:01:08 -0400, Gregory Szorc
> <gregory.szorc at gmail.com> wrote:
>
> > # HG changeset patch
> > # User Gregory Szorc <gregory.szorc at gmail.com>
> > # Date 1469473255 25200
> > # Mon Jul 25 12:00:55 2016 -0700
> > # Branch stable
> > # Node ID 94abd7d9e7a1b8f689da7758927700a2e28959a6
> > # Parent 9c2cc107547fd701a7604349632f2f590366f17c
> > sslutil: work around SSLContext.get_ca_certs bug on Windows (issue5313)
Queued, thanks.
> > SSLContext.get_ca_certs() can raise
> > "ssl.SSLError: unknown error (_ssl.c:636)" on Windows. See
> > https://bugs.python.org/issue20916 for more info.
> >
> > We add a try..except that swallows the exception to work around
> > this bug. If we encounter the bug, we won't print a warning
> > message about attempting to load CA certificates. This is
> > unfortunate. But there appears to be little we can do :/
>
> This fixes it for me, thanks.
>
> I wonder if the exception handler should duplicate the warning message,
> since it looks like get_ca_certs() is the only thing that can throw
> there. OTOH, the output I got was pretty clear (though presumably there
> are other reasons the certs could fail to load?)
I think it doesn't show the warning because the failure of get_ca_certs()
doesn't mean no certs were loaded.
More information about the Mercurial-devel
mailing list