mercurial/sslutil.py
changeset 18887 2d7fac049d3a
parent 18879 93b03a222c3e
child 19490 074bd02352c0
equal deleted inserted replaced
18886:14a60a0f7122 18887:2d7fac049d3a
    97 class validator(object):
    97 class validator(object):
    98     def __init__(self, ui, host):
    98     def __init__(self, ui, host):
    99         self.ui = ui
    99         self.ui = ui
   100         self.host = host
   100         self.host = host
   101 
   101 
   102     def __call__(self, sock):
   102     def __call__(self, sock, strict=False):
   103         host = self.host
   103         host = self.host
   104         cacerts = self.ui.config('web', 'cacerts')
   104         cacerts = self.ui.config('web', 'cacerts')
   105         hostfingerprint = self.ui.config('hostfingerprints', host)
   105         hostfingerprint = self.ui.config('hostfingerprints', host)
   106         if not getattr(sock, 'getpeercert', False): # python 2.5 ?
   106         if not getattr(sock, 'getpeercert', False): # python 2.5 ?
   107             if hostfingerprint:
   107             if hostfingerprint:
   108                 raise util.Abort(_("host fingerprint for %s can't be "
   108                 raise util.Abort(_("host fingerprint for %s can't be "
   109                                    "verified (Python too old)") % host)
   109                                    "verified (Python too old)") % host)
       
   110             if strict:
       
   111                 raise util.Abort(_("certificate for %s can't be verified "
       
   112                                    "(Python too old)") % host)
   110             if self.ui.configbool('ui', 'reportoldssl', True):
   113             if self.ui.configbool('ui', 'reportoldssl', True):
   111                 self.ui.warn(_("warning: certificate for %s can't be verified "
   114                 self.ui.warn(_("warning: certificate for %s can't be verified "
   112                                "(Python too old)\n") % host)
   115                                "(Python too old)\n") % host)
   113             return
   116             return
   114 
   117 
   140                 raise util.Abort(_('%s certificate error: %s') % (host, msg),
   143                 raise util.Abort(_('%s certificate error: %s') % (host, msg),
   141                                  hint=_('configure hostfingerprint %s or use '
   144                                  hint=_('configure hostfingerprint %s or use '
   142                                         '--insecure to connect insecurely') %
   145                                         '--insecure to connect insecurely') %
   143                                       nicefingerprint)
   146                                       nicefingerprint)
   144             self.ui.debug('%s certificate successfully verified\n' % host)
   147             self.ui.debug('%s certificate successfully verified\n' % host)
       
   148         elif strict:
       
   149             raise util.Abort(_('%s certificate with fingerprint %s not '
       
   150                                'verified') % (host, nicefingerprint),
       
   151                              hint=_('check hostfingerprints or web.cacerts '
       
   152                                      'config setting'))
   145         else:
   153         else:
   146             self.ui.warn(_('warning: %s certificate with fingerprint %s not '
   154             self.ui.warn(_('warning: %s certificate with fingerprint %s not '
   147                            'verified (check hostfingerprints or web.cacerts '
   155                            'verified (check hostfingerprints or web.cacerts '
   148                            'config setting)\n') %
   156                            'config setting)\n') %
   149                          (host, nicefingerprint))
   157                          (host, nicefingerprint))