Mercurial > public > mercurial-scm > hg
comparison mercurial/url.py @ 13315:0d1dca7d2a04
merge with stable
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Fri, 28 Jan 2011 03:09:22 +0100 |
| parents | 1a4330e30017 8dc488dfcdb4 |
| children | 4e92ad05fe18 |
comparison
equal
deleted
inserted
replaced
| 13313:0c493e5ce8e9 | 13315:0d1dca7d2a04 |
|---|---|
| 549 if cacerts: | 549 if cacerts: |
| 550 cacerts = util.expandpath(cacerts) | 550 cacerts = util.expandpath(cacerts) |
| 551 else: | 551 else: |
| 552 cacerts = None | 552 cacerts = None |
| 553 | 553 |
| 554 if cacerts: | 554 hostfingerprint = self.ui.config('hostfingerprints', self.host) |
| 555 if cacerts and not hostfingerprint: | |
| 555 sock = _create_connection((self.host, self.port)) | 556 sock = _create_connection((self.host, self.port)) |
| 556 self.sock = _ssl_wrap_socket(sock, self.key_file, | 557 self.sock = _ssl_wrap_socket(sock, self.key_file, |
| 557 self.cert_file, cert_reqs=CERT_REQUIRED, | 558 self.cert_file, cert_reqs=CERT_REQUIRED, |
| 558 ca_certs=cacerts) | 559 ca_certs=cacerts) |
| 559 msg = _verifycert(self.sock.getpeercert(), self.host) | 560 msg = _verifycert(self.sock.getpeercert(), self.host) |
| 561 raise util.Abort(_('%s certificate error: %s') % | 562 raise util.Abort(_('%s certificate error: %s') % |
| 562 (self.host, msg)) | 563 (self.host, msg)) |
| 563 self.ui.debug('%s certificate successfully verified\n' % | 564 self.ui.debug('%s certificate successfully verified\n' % |
| 564 self.host) | 565 self.host) |
| 565 else: | 566 else: |
| 566 self.ui.warn(_("warning: %s certificate not verified " | |
| 567 "(check web.cacerts config setting)\n") % | |
| 568 self.host) | |
| 569 httplib.HTTPSConnection.connect(self) | 567 httplib.HTTPSConnection.connect(self) |
| 568 if hasattr(self.sock, 'getpeercert'): | |
| 569 peercert = self.sock.getpeercert(True) | |
| 570 peerfingerprint = util.sha1(peercert).hexdigest() | |
| 571 nicefingerprint = ":".join([peerfingerprint[x:x + 2] | |
| 572 for x in xrange(0, len(peerfingerprint), 2)]) | |
| 573 if hostfingerprint: | |
| 574 if peerfingerprint.lower() != \ | |
| 575 hostfingerprint.replace(':', '').lower(): | |
| 576 raise util.Abort(_('invalid certificate for %s ' | |
| 577 'with fingerprint %s') % | |
| 578 (self.host, nicefingerprint)) | |
| 579 self.ui.debug('%s certificate matched fingerprint %s\n' % | |
| 580 (self.host, nicefingerprint)) | |
| 581 else: | |
| 582 self.ui.warn(_('warning: %s certificate ' | |
| 583 'with fingerprint %s not verified ' | |
| 584 '(check hostfingerprints or web.cacerts ' | |
| 585 'config setting)\n') % | |
| 586 (self.host, nicefingerprint)) | |
| 587 else: # python 2.5 ? | |
| 588 if hostfingerprint: | |
| 589 raise util.Abort(_('no certificate for %s ' | |
| 590 'with fingerprint') % self.host) | |
| 591 self.ui.warn(_('warning: %s certificate not verified ' | |
| 592 '(check web.cacerts config setting)\n') % | |
| 593 self.host) | |
| 570 | 594 |
| 571 class httpsconnection(BetterHTTPS): | 595 class httpsconnection(BetterHTTPS): |
| 572 response_class = keepalive.HTTPResponse | 596 response_class = keepalive.HTTPResponse |
| 573 # must be able to send big bundle as stream. | 597 # must be able to send big bundle as stream. |
| 574 send = _gen_sendfile(BetterHTTPS) | 598 send = _gen_sendfile(BetterHTTPS) |