97 class validator(object): |
97 class validator(object): |
98 def __init__(self, ui, host): |
98 def __init__(self, ui, host): |
99 self.ui = ui |
99 self.ui = ui |
100 self.host = host |
100 self.host = host |
101 |
101 |
102 def __call__(self, sock): |
102 def __call__(self, sock, strict=False): |
103 host = self.host |
103 host = self.host |
104 cacerts = self.ui.config('web', 'cacerts') |
104 cacerts = self.ui.config('web', 'cacerts') |
105 hostfingerprint = self.ui.config('hostfingerprints', host) |
105 hostfingerprint = self.ui.config('hostfingerprints', host) |
106 if not getattr(sock, 'getpeercert', False): # python 2.5 ? |
106 if not getattr(sock, 'getpeercert', False): # python 2.5 ? |
107 if hostfingerprint: |
107 if hostfingerprint: |
108 raise util.Abort(_("host fingerprint for %s can't be " |
108 raise util.Abort(_("host fingerprint for %s can't be " |
109 "verified (Python too old)") % host) |
109 "verified (Python too old)") % host) |
|
110 if strict: |
|
111 raise util.Abort(_("certificate for %s can't be verified " |
|
112 "(Python too old)") % host) |
110 if self.ui.configbool('ui', 'reportoldssl', True): |
113 if self.ui.configbool('ui', 'reportoldssl', True): |
111 self.ui.warn(_("warning: certificate for %s can't be verified " |
114 self.ui.warn(_("warning: certificate for %s can't be verified " |
112 "(Python too old)\n") % host) |
115 "(Python too old)\n") % host) |
113 return |
116 return |
114 |
117 |
140 raise util.Abort(_('%s certificate error: %s') % (host, msg), |
143 raise util.Abort(_('%s certificate error: %s') % (host, msg), |
141 hint=_('configure hostfingerprint %s or use ' |
144 hint=_('configure hostfingerprint %s or use ' |
142 '--insecure to connect insecurely') % |
145 '--insecure to connect insecurely') % |
143 nicefingerprint) |
146 nicefingerprint) |
144 self.ui.debug('%s certificate successfully verified\n' % host) |
147 self.ui.debug('%s certificate successfully verified\n' % host) |
|
148 elif strict: |
|
149 raise util.Abort(_('%s certificate with fingerprint %s not ' |
|
150 'verified') % (host, nicefingerprint), |
|
151 hint=_('check hostfingerprints or web.cacerts ' |
|
152 'config setting')) |
145 else: |
153 else: |
146 self.ui.warn(_('warning: %s certificate with fingerprint %s not ' |
154 self.ui.warn(_('warning: %s certificate with fingerprint %s not ' |
147 'verified (check hostfingerprints or web.cacerts ' |
155 'verified (check hostfingerprints or web.cacerts ' |
148 'config setting)\n') % |
156 'config setting)\n') % |
149 (host, nicefingerprint)) |
157 (host, nicefingerprint)) |