384 section = 'hostfingerprint' |
384 section = 'hostfingerprint' |
385 else: |
385 else: |
386 section = 'hostsecurity' |
386 section = 'hostsecurity' |
387 |
387 |
388 if settings['certfingerprints']: |
388 if settings['certfingerprints']: |
389 fingerprintmatch = False |
|
390 for hash, fingerprint in settings['certfingerprints']: |
389 for hash, fingerprint in settings['certfingerprints']: |
391 if peerfingerprints[hash].lower() == fingerprint: |
390 if peerfingerprints[hash].lower() == fingerprint: |
392 fingerprintmatch = True |
391 ui.debug('%s certificate matched fingerprint %s:%s\n' % |
393 break |
392 (host, hash, fmtfingerprint(fingerprint))) |
394 if not fingerprintmatch: |
393 return |
395 raise error.Abort(_('certificate for %s has unexpected ' |
394 |
396 'fingerprint %s') % (host, legacyfingerprint), |
395 raise error.Abort(_('certificate for %s has unexpected ' |
397 hint=_('check %s configuration') % section) |
396 'fingerprint %s') % (host, legacyfingerprint), |
398 ui.debug('%s certificate matched fingerprint %s\n' % |
397 hint=_('check %s configuration') % section) |
399 (host, legacyfingerprint)) |
|
400 return |
|
401 |
398 |
402 if not sock._hgstate['caloaded']: |
399 if not sock._hgstate['caloaded']: |
403 ui.warn(_('warning: %s certificate with fingerprint %s ' |
400 ui.warn(_('warning: %s certificate with fingerprint %s ' |
404 'not verified (check %s or web.cacerts config ' |
401 'not verified (check %s or web.cacerts config ' |
405 'setting)\n') % |
402 'setting)\n') % |