[PATCH 5 of 6] sslutil: move and document verify_mode assignment

Gregory Szorc gregory.szorc at gmail.com
Mon Mar 28 02:21:34 EDT 2016


# HG changeset patch
# User Gregory Szorc <gregory.szorc at gmail.com>
# Date 1459114159 25200
#      Sun Mar 27 14:29:19 2016 -0700
# Node ID dca2139096ad8c263eaa1cfe589814259d92f3b7
# Parent  cbe771e8d36d3e9685ede77ea37c42d4b4868cb8
sslutil: move and document verify_mode assignment

This makes the code a bit easier to read.

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -171,22 +171,25 @@ def wrapsocket(sock, keyfile, certfile, 
         protocol = ssl.PROTOCOL_TLSv1
 
     # TODO use ssl.create_default_context() on modernssl.
     sslcontext = SSLContext(protocol)
 
     # This is a no-op on old Python.
     sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3
 
+    # This does work on our fake SSLContext.
+    sslcontext.verify_mode = cert_reqs
+
     if certfile is not None:
         def password():
             f = keyfile or certfile
             return ui.getpass(_('passphrase for %s: ') % f, '')
         sslcontext.load_cert_chain(certfile, keyfile, password)
-    sslcontext.verify_mode = cert_reqs
+
     if ca_certs is not None:
         sslcontext.load_verify_locations(cafile=ca_certs)
     else:
         # This is a no-op on old Python.
         sslcontext.load_default_certs()
 
     sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)
     # check if wrap_socket failed silently because socket had been


More information about the Mercurial-devel mailing list