Mercurial Mercurial > mercurial / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: add assertion to prevent accidental CA usage on Windows
authorGregory Szorc <gregory.szorc@gmail.com>
Wed, 13 Jul 2016 19:33:52 -0700
changeset 29537 5f8b36d5a6ec
parent 29536 b17a6e3cd2ac
child 29538 df7d8ea90695
sslutil: add assertion to prevent accidental CA usage on Windows Yuya suggested we add this check to ensure we don't accidentally try to load user-writable paths on Windows if we change the control flow of this function later.
mercurial/sslutil.py file | annotate | diff | comparison | revisions 
--- a/mercurial/sslutil.py	Wed Jul 13 16:16:18 2016 +0100
+++ b/mercurial/sslutil.py	Wed Jul 13 19:33:52 2016 -0700
@@ -499,6 +499,11 @@
                       'how to configure Mercurial to avoid this message)\n'))
         return None
 
+    # / is writable on Windows. Out of an abundance of caution make sure
+    # we're not on Windows because paths from _systemcacerts could be installed
+    # by non-admin users.
+    assert os.name != 'nt'
+
     # Try to find CA certificates in well-known locations. We print a warning
     # when using a found file because we don't want too much silent magic
     # for security settings. The expectation is that proper Mercurial
mercurial