Overview

File mercurial-2.6.3-ssl.diff of Package mercurial

Index: mercurial-2.6.3/mercurial/sslutil.py
===================================================================
--- mercurial-2.6.3.orig/mercurial/sslutil.py
+++ mercurial-2.6.3/mercurial/sslutil.py
@@ -83,12 +83,15 @@ def _verifycert(cert, hostname):
 # busted on those versions.
 
 def sslkwargs(ui, host):
-    cacerts = ui.config('web', 'cacerts')
     hostfingerprint = ui.config('hostfingerprints', host)
-    if cacerts and not hostfingerprint:
-        cacerts = util.expandpath(cacerts)
-        if not os.path.exists(cacerts):
-            raise util.Abort(_('could not find web.cacerts: %s') % cacerts)
+    if not hostfingerprint:
+        cacerts = ui.config('web', 'cacerts')
+	# cacerts explicitly set to empty string means to disable
+	# checking. See insecure option in dispatch.py
+        if cacerts is not None and cacerts != '':
+            cacerts = util.expandpath(cacerts)
+            if not os.path.exists(cacerts):
+                raise util.Abort(_('could not find web.cacerts: %s') % cacerts)
         return {'ca_certs': cacerts,
                 'cert_reqs': CERT_REQUIRED,
                 }
@@ -137,7 +140,7 @@ class validator(object):
                                  hint=_('check hostfingerprint configuration'))
             self.ui.debug('%s certificate matched fingerprint %s\n' %
                           (host, nicefingerprint))
-        elif cacerts:
+        elif cacerts is None or cacerts != '':
             msg = _verifycert(peercert2, host)
             if msg:
                 raise util.Abort(_('%s certificate error: %s') % (host, msg),
openSUSE Build Service is sponsored by
Places