Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/sslutil.py @ 18879:93b03a222c3e
sslutil: try harder to avoid getpeercert problems
We wrap both calls to getpeercert in a try/except to make sure we
catch its bogus AttributeError.
| author | Matt Mackall <mpm@selenic.com> |
|---|---|
| date | Fri, 05 Apr 2013 12:20:14 -0500 |
| parents | 9cf7c9d529d0 |
| children | 2d7fac049d3a |
comparison
equal
deleted
inserted
replaced
| 18876:f63035b9b38a | 18879:93b03a222c3e |
|---|---|
| 109 "verified (Python too old)") % host) | 109 "verified (Python too old)") % host) |
| 110 if self.ui.configbool('ui', 'reportoldssl', True): | 110 if self.ui.configbool('ui', 'reportoldssl', True): |
| 111 self.ui.warn(_("warning: certificate for %s can't be verified " | 111 self.ui.warn(_("warning: certificate for %s can't be verified " |
| 112 "(Python too old)\n") % host) | 112 "(Python too old)\n") % host) |
| 113 return | 113 return |
| 114 | |
| 114 if not sock.cipher(): # work around http://bugs.python.org/issue13721 | 115 if not sock.cipher(): # work around http://bugs.python.org/issue13721 |
| 115 raise util.Abort(_('%s ssl connection error') % host) | 116 raise util.Abort(_('%s ssl connection error') % host) |
| 116 peercert = sock.getpeercert(True) | 117 try: |
| 118 peercert = sock.getpeercert(True) | |
| 119 peercert2 = sock.getpeercert() | |
| 120 except AttributeError: | |
| 121 raise util.Abort(_('%s ssl connection error') % host) | |
| 122 | |
| 117 if not peercert: | 123 if not peercert: |
| 118 raise util.Abort(_('%s certificate error: ' | 124 raise util.Abort(_('%s certificate error: ' |
| 119 'no certificate received') % host) | 125 'no certificate received') % host) |
| 120 peerfingerprint = util.sha1(peercert).hexdigest() | 126 peerfingerprint = util.sha1(peercert).hexdigest() |
| 121 nicefingerprint = ":".join([peerfingerprint[x:x + 2] | 127 nicefingerprint = ":".join([peerfingerprint[x:x + 2] |
| 127 'fingerprint %s') % (host, nicefingerprint), | 133 'fingerprint %s') % (host, nicefingerprint), |
| 128 hint=_('check hostfingerprint configuration')) | 134 hint=_('check hostfingerprint configuration')) |
| 129 self.ui.debug('%s certificate matched fingerprint %s\n' % | 135 self.ui.debug('%s certificate matched fingerprint %s\n' % |
| 130 (host, nicefingerprint)) | 136 (host, nicefingerprint)) |
| 131 elif cacerts: | 137 elif cacerts: |
| 132 msg = _verifycert(sock.getpeercert(), host) | 138 msg = _verifycert(peercert2, host) |
| 133 if msg: | 139 if msg: |
| 134 raise util.Abort(_('%s certificate error: %s') % (host, msg), | 140 raise util.Abort(_('%s certificate error: %s') % (host, msg), |
| 135 hint=_('configure hostfingerprint %s or use ' | 141 hint=_('configure hostfingerprint %s or use ' |
| 136 '--insecure to connect insecurely') % | 142 '--insecure to connect insecurely') % |
| 137 nicefingerprint) | 143 nicefingerprint) |