Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/sslutil.py @ 29290:01248c37a68e
sslutil: print SHA-256 fingerprint by default
The world is starting to move on from SHA-1. A few commits ago, we
gained the ability to define certificate fingerprints using SHA-256
and SHA-512.
Let's start printing the SHA-256 fingerprint instead of the SHA-1
fingerprint to encourage people to pin with a more secure hashing
algorithm.
There is still a bit of work to be done around the fingerprint
messaging. This will be addressed in subsequent commits.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Mon, 30 May 2016 15:42:39 -0700 |
| parents | 3536673a25ae |
| children | 15e533b7909c |
comparison
equal
deleted
inserted
replaced
| 29289:3536673a25ae | 29290:01248c37a68e |
|---|---|
| 371 peerfingerprints = { | 371 peerfingerprints = { |
| 372 'sha1': util.sha1(peercert).hexdigest(), | 372 'sha1': util.sha1(peercert).hexdigest(), |
| 373 'sha256': util.sha256(peercert).hexdigest(), | 373 'sha256': util.sha256(peercert).hexdigest(), |
| 374 'sha512': util.sha512(peercert).hexdigest(), | 374 'sha512': util.sha512(peercert).hexdigest(), |
| 375 } | 375 } |
| 376 nicefingerprint = ':'.join([peerfingerprints['sha1'][x:x + 2] | 376 |
| 377 for x in range(0, len(peerfingerprints['sha1']), 2)]) | 377 def fmtfingerprint(s): |
| 378 return ':'.join([s[x:x + 2] for x in range(0, len(s), 2)]) | |
| 379 | |
| 380 legacyfingerprint = fmtfingerprint(peerfingerprints['sha1']) | |
| 381 nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256']) | |
| 378 | 382 |
| 379 if settings['legacyfingerprint']: | 383 if settings['legacyfingerprint']: |
| 380 section = 'hostfingerprint' | 384 section = 'hostfingerprint' |
| 381 else: | 385 else: |
| 382 section = 'hostsecurity' | 386 section = 'hostsecurity' |
| 387 if peerfingerprints[hash].lower() == fingerprint: | 391 if peerfingerprints[hash].lower() == fingerprint: |
| 388 fingerprintmatch = True | 392 fingerprintmatch = True |
| 389 break | 393 break |
| 390 if not fingerprintmatch: | 394 if not fingerprintmatch: |
| 391 raise error.Abort(_('certificate for %s has unexpected ' | 395 raise error.Abort(_('certificate for %s has unexpected ' |
| 392 'fingerprint %s') % (host, nicefingerprint), | 396 'fingerprint %s') % (host, legacyfingerprint), |
| 393 hint=_('check %s configuration') % section) | 397 hint=_('check %s configuration') % section) |
| 394 ui.debug('%s certificate matched fingerprint %s\n' % | 398 ui.debug('%s certificate matched fingerprint %s\n' % |
| 395 (host, nicefingerprint)) | 399 (host, legacyfingerprint)) |
| 396 return | 400 return |
| 397 | 401 |
| 398 if not sock._hgstate['caloaded']: | 402 if not sock._hgstate['caloaded']: |
| 399 ui.warn(_('warning: %s certificate with fingerprint %s ' | 403 ui.warn(_('warning: %s certificate with fingerprint %s ' |
| 400 'not verified (check %s or web.cacerts config ' | 404 'not verified (check %s or web.cacerts config ' |