[PATCH 07 of 11] sslutil: check for ui.insecureconnections in sslkwargs
Gregory Szorc
gregory.szorc at gmail.com
Thu May 5 03:53:24 EDT 2016
# HG changeset patch
# User Gregory Szorc <gregory.szorc at gmail.com>
# Date 1462433745 25200
# Thu May 05 00:35:45 2016 -0700
# Node ID a32c736a9c48137accd777b343cbed85191409ef
# Parent a34fbd2d6235b34319d857bbbb313f1cc53d554b
sslutil: check for ui.insecureconnections in sslkwargs
The end result of this function is the same. We now have a more
explicit return branch.
We still keep the old code looking at web.cacerts=! a few lines
below because we're still setting web.cacerts=! and need to react
to the variable. This will be removed in an upcoming patch.
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -238,18 +238,23 @@ def sslkwargs(ui, host):
kws = {'ui': ui}
# If a host key fingerprint is on file, it is the only thing that matters
# and CA certs don't come into play.
hostfingerprint = ui.config('hostfingerprints', host)
if hostfingerprint:
return kws
- # dispatch sets web.cacerts=! when --insecure is used.
+ # The code below sets up CA verification arguments. If --insecure is
+ # used, we don't take CAs into consideration, so return early.
+ if ui.insecureconnections:
+ return kws
+
cacerts = ui.config('web', 'cacerts')
+ # TODO remove check when we stop setting this config.
if cacerts == '!':
return kws
# If a value is set in the config, validate against a path and load
# and require those certs.
if cacerts:
cacerts = util.expandpath(cacerts)
if not os.path.exists(cacerts):
More information about the Mercurial-devel
mailing list