Mercurial > public > mercurial-scm > hg-stable

diff mercurial/sslutil.py @ 29267:f0ccb6cde3e5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: allow fingerprints to be specified in [hostsecurity] We introduce the [hostsecurity] config section. It holds per-host security settings. Currently, the section only contains a "fingerprints" option, which behaves like [hostfingerprints] but supports specifying the hashing algorithm. There is still some follow-up work, such as changing some error messages.
author Gregory Szorc <gregory.szorc@gmail.com>
date Sat, 28 May 2016 12:37:36 -0700
parents dfc4f08aa160
children f200b58497f1
line wrap: on
line diff
--- a/mercurial/sslutil.py	Wed Mar 09 19:55:45 2016 +0000
+++ b/mercurial/sslutil.py	Sat May 28 12:37:36 2016 -0700
@@ -121,6 +121,21 @@
         'verifymode': None,
     }
 
+    # Look for fingerprints in [hostsecurity] section. Value is a list
+    # of <alg>:<fingerprint> strings.
+    fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname,
+                                 [])
+    for fingerprint in fingerprints:
+        if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))):
+            raise error.Abort(_('invalid fingerprint for %s: %s') % (
+                                hostname, fingerprint),
+                              hint=_('must begin with "sha1:", "sha256:", '
+                                     'or "sha512:"'))
+
+        alg, fingerprint = fingerprint.split(':', 1)
+        fingerprint = fingerprint.replace(':', '').lower()
+        s['certfingerprints'].append((alg, fingerprint))
+
     # Fingerprints from [hostfingerprints] are always SHA-1.
     for fingerprint in ui.configlist('hostfingerprints', hostname, []):
         fingerprint = fingerprint.replace(':', '').lower()