Mercurial > public > mercurial-scm > hg
comparison mercurial/sslutil.py @ 18887:2d7fac049d3a
sslutil: abort if peer certificate is not verified for secure use
Before this patch, "sslutil.validator" may returns successfully, even
if peer certificate is not verified because there is no information in
"[hostfingerprints]" and "[web] cacerts".
To prevent from sending authentication credential to untrustable SMTP
server, validation should be aborted if peer certificate is not
verified.
This patch introduces "strict" optional argument, and
"sslutil.validator" will abort if it is True and peer certificate is
not verified.
| author | FUJIWARA Katsunori <foozy@lares.dti.ne.jp> |
|---|---|
| date | Tue, 26 Mar 2013 02:28:10 +0900 |
| parents | 93b03a222c3e |
| children | 074bd02352c0 |
comparison
equal
deleted
inserted
replaced
| 18886:14a60a0f7122 | 18887:2d7fac049d3a |
|---|---|
| 97 class validator(object): | 97 class validator(object): |
| 98 def __init__(self, ui, host): | 98 def __init__(self, ui, host): |
| 99 self.ui = ui | 99 self.ui = ui |
| 100 self.host = host | 100 self.host = host |
| 101 | 101 |
| 102 def __call__(self, sock): | 102 def __call__(self, sock, strict=False): |
| 103 host = self.host | 103 host = self.host |
| 104 cacerts = self.ui.config('web', 'cacerts') | 104 cacerts = self.ui.config('web', 'cacerts') |
| 105 hostfingerprint = self.ui.config('hostfingerprints', host) | 105 hostfingerprint = self.ui.config('hostfingerprints', host) |
| 106 if not getattr(sock, 'getpeercert', False): # python 2.5 ? | 106 if not getattr(sock, 'getpeercert', False): # python 2.5 ? |
| 107 if hostfingerprint: | 107 if hostfingerprint: |
| 108 raise util.Abort(_("host fingerprint for %s can't be " | 108 raise util.Abort(_("host fingerprint for %s can't be " |
| 109 "verified (Python too old)") % host) | 109 "verified (Python too old)") % host) |
| 110 if strict: | |
| 111 raise util.Abort(_("certificate for %s can't be verified " | |
| 112 "(Python too old)") % host) | |
| 110 if self.ui.configbool('ui', 'reportoldssl', True): | 113 if self.ui.configbool('ui', 'reportoldssl', True): |
| 111 self.ui.warn(_("warning: certificate for %s can't be verified " | 114 self.ui.warn(_("warning: certificate for %s can't be verified " |
| 112 "(Python too old)\n") % host) | 115 "(Python too old)\n") % host) |
| 113 return | 116 return |
| 114 | 117 |
| 140 raise util.Abort(_('%s certificate error: %s') % (host, msg), | 143 raise util.Abort(_('%s certificate error: %s') % (host, msg), |
| 141 hint=_('configure hostfingerprint %s or use ' | 144 hint=_('configure hostfingerprint %s or use ' |
| 142 '--insecure to connect insecurely') % | 145 '--insecure to connect insecurely') % |
| 143 nicefingerprint) | 146 nicefingerprint) |
| 144 self.ui.debug('%s certificate successfully verified\n' % host) | 147 self.ui.debug('%s certificate successfully verified\n' % host) |
| 148 elif strict: | |
| 149 raise util.Abort(_('%s certificate with fingerprint %s not ' | |
| 150 'verified') % (host, nicefingerprint), | |
| 151 hint=_('check hostfingerprints or web.cacerts ' | |
| 152 'config setting')) | |
| 145 else: | 153 else: |
| 146 self.ui.warn(_('warning: %s certificate with fingerprint %s not ' | 154 self.ui.warn(_('warning: %s certificate with fingerprint %s not ' |
| 147 'verified (check hostfingerprints or web.cacerts ' | 155 'verified (check hostfingerprints or web.cacerts ' |
| 148 'config setting)\n') % | 156 'config setting)\n') % |
| 149 (host, nicefingerprint)) | 157 (host, nicefingerprint)) |