5b281c69d7c3d44aeada5a1b0ed152d345adf2e8
galt
  Tue Nov 9 11:09:59 2021 -0800
Squashed commit of the following:

Adding new features to https like cert verification, error messages that work right with warn and errAbort and our GUI in hgCustom and hgHubConnect and also logging especially for CGIs of problem certs. Also added callback so that we can support multiple levels like warn instead of abort. Cert verify options controlled by env vars and also hg.conf variables for CGIs that use the cart. Added basic info about the new httpsCertCheck setting to various documents. Added -httpsCertCheck=[abort|warn|none] command-line option to the hubCheck utility. refs #28332, #28457, #28458

diff --git src/lib/net.c src/lib/net.c
index f44a066..d6db8b4 100644
--- src/lib/net.c
+++ src/lib/net.c
@@ -1314,30 +1314,31 @@
     {
     if (endsWith(host, word))
 	return TRUE;
     }
 return FALSE;
 }
 
 int netHttpConnect(char *url, char *method, char *protocol, char *agent, char *optionalHeader)
 /* Parse URL, connect to associated server on port, and send most of
  * the request to the server.  If specified in the url send user name
  * and password too.  Typically the "method" will be "GET" or "POST"
  * and the agent will be the name of your program or
  * library. optionalHeader may be NULL or contain additional header
  * lines such as cookie info. 
  * Proxy support via hg.conf httpProxy or env var http_proxy
+ * Cert verification control via hg.conf httpsCertCheck or env var https_cert_check
  * Return data socket, or -1 if error.*/
 {
 struct netParsedUrl npu;
 struct netParsedUrl pxy;
 struct dyString *dy = newDyString(512);
 int sd = -1;
 /* Parse the URL and connect. */
 netParseUrl(url, &npu);
 
 boolean noProxy = checkNoProxy(npu.host);
 char *proxyUrl = getenv("http_proxy");
 if (sameString(npu.protocol, "https"))
     proxyUrl = NULL;
 if (noProxy)
     proxyUrl = NULL;