[PATCH 4 of 7] sslutil: move _canloaddefaultcerts logic

Gregory Szorc gregory.szorc at gmail.com
Mon Mar 28 00:28:33 EDT 2016


# HG changeset patch
# User Gregory Szorc <gregory.szorc at gmail.com>
# Date 1459112932 25200
#      Sun Mar 27 14:08:52 2016 -0700
# Node ID bc7d81803a7558f7f744d2a26fab593466b6d5e9
# Parent  fe7f05150f59648c65c7e2c68c13981ab64a495f
sslutil: move _canloaddefaultcerts logic

We now have a newer block accessing SSLContext. Let's move this
code to make subsequent refactorings of the former block easier.

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -36,18 +36,20 @@ except AttributeError:
     OP_NO_SSLv2 = 0x1000000
     OP_NO_SSLv3 = 0x2000000
 
 try:
     # ssl.SSLContext was added in 2.7.9 and presence indicates modern
     # SSL/TLS features are available.
     SSLContext = ssl.SSLContext
     modernssl = True
+    _canloaddefaultcerts = util.safehasattr(SSLContext, 'load_default_certs')
 except AttributeError:
     modernssl = False
+    _canloaddefaultcerts = False
 
     # We implement SSLContext using the interface from the standard library.
     class SSLContext(object):
         # ssl.wrap_socket gained the "ciphers" named argument in 2.7.
         _supportsciphers = sys.version_info >= (2, 7)
 
         def __init__(self, protocol):
             # From the public interface of SSLContext
@@ -99,22 +101,20 @@ except AttributeError:
                 'ca_certs': self._cacerts,
             }
 
             if self._supportsciphers:
                 args['ciphers'] = self._ciphers
 
             return ssl.wrap_socket(socket, **args)
 
-_canloaddefaultcerts = False
 try:
     # ssl.SSLContext was added in 2.7.9 and presence indicates modern
     # SSL/TLS features are available.
     ssl_context = ssl.SSLContext
-    _canloaddefaultcerts = util.safehasattr(ssl_context, 'load_default_certs')
 
     def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE,
                    ca_certs=None, serverhostname=None):
         # Allow any version of SSL starting with TLSv1 and
         # up. Note that specifying TLSv1 here prohibits use of
         # newer standards (like TLSv1_2), so this is the right way
         # to do this. Note that in the future it'd be better to
         # support using ssl.create_default_context(), which sets


More information about the Mercurial-devel mailing list