# HG changeset patch # User Matt Harbison <matt_harbi...@yahoo.com> # Date 1490795674 14400 # Wed Mar 29 09:54:34 2017 -0400 # Node ID 9505a8771bb00e56230e4c4b265e8369e659a54f # Parent 2632df096fc0ac7582382b1f94ea4b9ad0bce8f2 sslutil: clarify internal documentation
I ran into this python issue with an incomplete certificate chain on Windows recently, and this is the clarification that came from that experimenting. The comment I left on the bug tracker [1] with a reference to the CPython code [2] indicates that the original problem I had is a different bug, but happened to be mentioned under issue20916 on the Python bug tracker. [1] https://bz.mercurial-scm.org/show_bug.cgi?id=5313#c7 [2] https://hg.python.org/cpython/file/v2.7.12/Modules/_ssl.c#l628 diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py --- a/mercurial/sslutil.py +++ b/mercurial/sslutil.py @@ -414,8 +414,10 @@ # a hint to the user. # Only modern ssl module exposes SSLContext.get_ca_certs() so we can # only show this warning if modern ssl is available. - # The exception handler is here because of - # https://bugs.python.org/issue20916. + # The exception handler is here to handle bugs around cert attributes: + # https://bugs.python.org/issue20916#msg213479. (See issues5313.) + # When the main 20916 bug occurs, 'sslcontext.get_ca_certs()' is a + # non-empty list, but the following conditional is otherwise True. try: if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and modernssl and not sslcontext.get_ca_certs()): _______________________________________________ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
