equal
deleted
inserted
replaced
282 sslcontext.load_default_certs() |
282 sslcontext.load_default_certs() |
283 caloaded = True |
283 caloaded = True |
284 else: |
284 else: |
285 caloaded = False |
285 caloaded = False |
286 |
286 |
287 sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname) |
287 try: |
|
288 sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname) |
|
289 except ssl.SSLError: |
|
290 # If we're doing certificate verification and no CA certs are loaded, |
|
291 # that is almost certainly the reason why verification failed. Provide |
|
292 # a hint to the user. |
|
293 # Only modern ssl module exposes SSLContext.get_ca_certs() so we can |
|
294 # only show this warning if modern ssl is available. |
|
295 if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and |
|
296 modernssl and not sslcontext.get_ca_certs()): |
|
297 ui.warn(_('(an attempt was made to load CA certificates but none ' |
|
298 'were loaded; see ' |
|
299 'https://mercurial-scm.org/wiki/SecureConnections for ' |
|
300 'how to configure Mercurial to avoid this error)\n')) |
|
301 raise |
|
302 |
288 # check if wrap_socket failed silently because socket had been |
303 # check if wrap_socket failed silently because socket had been |
289 # closed |
304 # closed |
290 # - see http://bugs.python.org/issue13721 |
305 # - see http://bugs.python.org/issue13721 |
291 if not sslsocket.cipher(): |
306 if not sslsocket.cipher(): |
292 raise error.Abort(_('ssl connection failed')) |
307 raise error.Abort(_('ssl connection failed')) |