Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/sslutil.py @ 15814:c3e958b50a22
sslutil: show fingerprint when cacerts validation fails
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Mon, 09 Jan 2012 14:43:24 +0100 |
| parents | 3ae04eb5e38a |
| children | edc3a901a63d |
comparison
equal
deleted
inserted
replaced
| 15813:3ae04eb5e38a | 15814:c3e958b50a22 |
|---|---|
| 108 raise util.Abort(_("host fingerprint for %s can't be " | 108 raise util.Abort(_("host fingerprint for %s can't be " |
| 109 "verified (Python too old)") % host) | 109 "verified (Python too old)") % host) |
| 110 self.ui.warn(_("warning: certificate for %s can't be verified " | 110 self.ui.warn(_("warning: certificate for %s can't be verified " |
| 111 "(Python too old)\n") % host) | 111 "(Python too old)\n") % host) |
| 112 return | 112 return |
| 113 peercert = sock.getpeercert(True) | |
| 114 peerfingerprint = util.sha1(peercert).hexdigest() | |
| 115 nicefingerprint = ":".join([peerfingerprint[x:x + 2] | |
| 116 for x in xrange(0, len(peerfingerprint), 2)]) | |
| 113 if cacerts and not hostfingerprint: | 117 if cacerts and not hostfingerprint: |
| 114 msg = _verifycert(sock.getpeercert(), host) | 118 msg = _verifycert(sock.getpeercert(), host) |
| 115 if msg: | 119 if msg: |
| 116 raise util.Abort(_('%s certificate error: %s ' | 120 raise util.Abort(_('%s certificate error: %s') % (host, msg), |
| 117 '(use --insecure to connect ' | 121 hint=_('configure hostfingerprint %s or use ' |
| 118 'insecurely)') % (host, msg)) | 122 '--insecure to connect insecurely') % |
| 123 nicefingerprint) | |
| 119 self.ui.debug('%s certificate successfully verified\n' % host) | 124 self.ui.debug('%s certificate successfully verified\n' % host) |
| 120 else: | 125 else: |
| 121 peercert = sock.getpeercert(True) | |
| 122 peerfingerprint = util.sha1(peercert).hexdigest() | |
| 123 nicefingerprint = ":".join([peerfingerprint[x:x + 2] | |
| 124 for x in xrange(0, len(peerfingerprint), 2)]) | |
| 125 if hostfingerprint: | 126 if hostfingerprint: |
| 126 if peerfingerprint.lower() != \ | 127 if peerfingerprint.lower() != \ |
| 127 hostfingerprint.replace(':', '').lower(): | 128 hostfingerprint.replace(':', '').lower(): |
| 128 raise util.Abort(_('invalid certificate for %s ' | 129 raise util.Abort(_('invalid certificate for %s ' |
| 129 'with fingerprint %s') % | 130 'with fingerprint %s') % |