[PATCH 3 of 3] [RFC] sslutil: try to find and use system CA file when appropriate
Pierre-Yves David
pierre-yves.david at ens-lyon.org
Sat Jun 25 22:06:20 EDT 2016
On 06/25/2016 06:37 PM, Gregory Szorc wrote:
> # HG changeset patch
> # User Gregory Szorc <gregory.szorc at gmail.com>
> # Date 1466866076 25200
> # Sat Jun 25 07:47:56 2016 -0700
> # Node ID fb5033513e39b96777f9794b9542c3632a64fa75
> # Parent 13818ab440e16c575b09a6e4583f9a17550a6e52
> [RFC] sslutil: try to find and use system CA file when appropriate
I like the idea of trying to reduce the pain of user still on 2.6 by
looking the CA semi-automatically. However, I agree with you that doing
it might be suboptimal (especially security wise), I do not have a
strong opinion about doing it or not in absolute yet, but we should
probably at least issue a warning when doing so. With a pointer to why
the warning exist and how to suppress it.
As I understand it, in the same situation before we would have accept
the certificate with a warning so this seems like a proper evolution of
the behavior.
--
Pierre-Yves David
More information about the Mercurial-devel
mailing list