[PATCH STABLE] sslutil: guard against broken certifi installations (issue5406)
Yuya Nishihara
yuya at tcha.org
Thu Oct 20 11:32:40 EDT 2016
On Wed, 19 Oct 2016 18:07:01 +0000, Gábor STEFANIK wrote:
> > >> You've gone from catching an ImportError to swallowing all exceptions.
> > >
> > > Intentional. ImportError is not the only thing that can be thrown
> > > here; e.g. if "certifi" is actually some unrelated module with no "where()"
> > method.
> > >
> > > No reason to let certifi crash Hg under any circumstances.
> >
> > I have a hard time imagining how another module named "certifi" without a
> > where() method would show up on any sane system.
> >
> > As Greg said, bare `except:` is banned in Mercurial. Catch the exceptions you
> > expect might happen, none others.
>
> Would "except Exception:" be acceptable? that one doesn't catch KeyboardInterrupt and other problematic exceptions.
ui.debug() might raise IOError. I would catch AttributeError instead.
try:
import certifi
certs = certifi.where()
except (AttributeError, ImportError):
pass
else:
ui.debug('using ca certificates from certifi\n')
return certs
And you'll need to update the comment added at a62c00f6dd04 since we'll have
more fallback cases.
More information about the Mercurial-devel
mailing list