mercurial-scm/hg: comparison mercurial/sslutil.py

equal deleted inserted replaced

-:14a60a0f7122
+:2d7fac049d3a
 class validator(object):
 def __init__(self, ui, host):
 self.ui = ui
 self.host = host
-def __call__(self, sock):
+def __call__(self, sock, strict=False):
 host = self.host
 cacerts = self.ui.config('web', 'cacerts')
 hostfingerprint = self.ui.config('hostfingerprints', host)
 if not getattr(sock, 'getpeercert', False): # python 2.5 ?
 if hostfingerprint:
 raise util.Abort(_("host fingerprint for %s can't be "
 "verified (Python too old)") % host)
+if strict:
+raise util.Abort(_("certificate for %s can't be verified "
+"(Python too old)") % host)
 if self.ui.configbool('ui', 'reportoldssl', True):
 self.ui.warn(_("warning: certificate for %s can't be verified "
 "(Python too old)\n") % host)
 return
 raise util.Abort(_('%s certificate error: %s') % (host, msg),
 hint=_('configure hostfingerprint %s or use '
 '--insecure to connect insecurely') %
 nicefingerprint)
 self.ui.debug('%s certificate successfully verified\n' % host)
+elif strict:
+raise util.Abort(_('%s certificate with fingerprint %s not '
+'verified') % (host, nicefingerprint),
+hint=_('check hostfingerprints or web.cacerts '
+'config setting'))
 else:
 self.ui.warn(_('warning: %s certificate with fingerprint %s not '
 'verified (check hostfingerprints or web.cacerts '
 'config setting)\n') %
 (host, nicefingerprint))