[PATCH STABLE] sslutil: guard against broken certifi installations (issue5406)
Kevin Bullock
kbullock+mercurial at ringworld.org
Wed Oct 19 12:18:03 EDT 2016
> On Oct 19, 2016, at 11:07, Gábor Stefanik <gabor.stefanik at nng.com> wrote:
>
> # HG changeset patch
> # User Gábor Stefanik <gabor.stefanik at nng.com>
> # Date 1476893174 -7200
> # Wed Oct 19 18:06:14 2016 +0200
> # Branch stable
> # Node ID 77e20e2892a869717db636f56ab1b9664fc8b285
> # Parent e478f11e418288b8308457303d3ddf6a23f874f8
> sslutil: guard against broken certifi installations (issue5406)
>
> Certifi is currently incompatible with py2exe; the Python code for certifi gets
> included in library.zip, but not the cacert.pem file - and even if it were
> included, SSLContext can't load a cacert.pem file from library.zip.
> This currently makes it impossible to build a standalone Windows version of
> Mercurial.
>
> Guard against this, and possibly other situations where a module with the name
> "certifi" exists, but is not usable.
>
> diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
> --- a/mercurial/sslutil.py
> +++ b/mercurial/sslutil.py
> @@ -695,9 +695,10 @@
> try:
> import certifi
> certs = certifi.where()
> - ui.debug('using ca certificates from certifi\n')
> - return certs
> - except ImportError:
> + if os.path.exists(certs):
> + ui.debug('using ca certificates from certifi\n')
> + return certs
> + except:
You've gone from catching an ImportError to swallowing all exceptions.
pacem in terris / мир / शान्ति / سَلاَم / 平和
Kevin R. Bullock
More information about the Mercurial-devel
mailing list