[PATCH] sslutil: clarify internal documentation
Matt Harbison
mharbison72 at gmail.com
Fri Mar 31 01:32:56 UTC 2017
# HG changeset patch
# User Matt Harbison <matt_harbison at yahoo.com>
# Date 1490795674 14400
# Wed Mar 29 09:54:34 2017 -0400
# Node ID 9505a8771bb00e56230e4c4b265e8369e659a54f
# Parent 2632df096fc0ac7582382b1f94ea4b9ad0bce8f2
sslutil: clarify internal documentation
I ran into this python issue with an incomplete certificate chain on Windows
recently, and this is the clarification that came from that experimenting. The
comment I left on the bug tracker [1] with a reference to the CPython code [2]
indicates that the original problem I had is a different bug, but happened to
be mentioned under issue20916 on the Python bug tracker.
[1] https://bz.mercurial-scm.org/show_bug.cgi?id=5313#c7
[2] https://hg.python.org/cpython/file/v2.7.12/Modules/_ssl.c#l628
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -414,8 +414,10 @@
# a hint to the user.
# Only modern ssl module exposes SSLContext.get_ca_certs() so we can
# only show this warning if modern ssl is available.
- # The exception handler is here because of
- # https://bugs.python.org/issue20916.
+ # The exception handler is here to handle bugs around cert attributes:
+ # https://bugs.python.org/issue20916#msg213479. (See issues5313.)
+ # When the main 20916 bug occurs, 'sslcontext.get_ca_certs()' is a
+ # non-empty list, but the following conditional is otherwise True.
try:
if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and
modernssl and not sslcontext.get_ca_certs()):
More information about the Mercurial-devel
mailing list