# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1467651656 25200
# Node ID cdcb5747dc88dcd1a250be4c87e9eb50e3295235
# Parent  a62c00f6dd0418cbcb36e8b3eaa2f8c4ba12a8f3
sslutil: document the Apple OpenSSL cert trick

This is sort of documented in _plainapplypython()'s docstring. But
it helps to be explicit in security code.

diff -r a62c00f6dd04 -r cdcb5747dc88 mercurial/sslutil.py
--- a/mercurial/sslutil.py	Mon Jul 04 09:58:45 2016 -0700
+++ b/mercurial/sslutil.py	Mon Jul 04 10:00:56 2016 -0700
@@ -442,6 +442,9 @@
     except ImportError:
         pass
 
+    # Apple's OpenSSL has patches that allow a specially constructed certificate
+    # to load the system CA store. If we're running on Apple Python, use this
+    # trick.
     if _plainapplepython():
         dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
         if os.path.exists(dummycert):