Mercurial Mercurial > public > mercurial-scm > hg / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mercurial/sslutil.py
changeset 15813 3ae04eb5e38a
parent 15812 0cc4ad757c77
child 15814 c3e958b50a22
equal deleted inserted replaced
15812:0cc4ad757c77 15813:3ae04eb5e38a 
   101 
   101 
   102     def __call__(self, sock):
 
   102     def __call__(self, sock):
 
   103         host = self.host
 
   103         host = self.host
 
   104         cacerts = self.ui.config('web', 'cacerts')
 
   104         cacerts = self.ui.config('web', 'cacerts')
 
   105         hostfingerprint = self.ui.config('hostfingerprints', host)
 
   105         hostfingerprint = self.ui.config('hostfingerprints', host)
 
       
   106         if not getattr(sock, 'getpeercert', False): # python 2.5 ?
 
       
   107             if hostfingerprint:
 
       
   108                 raise util.Abort(_("host fingerprint for %s can't be "
 
       
   109                                    "verified (Python too old)") % host)
 
       
   110             self.ui.warn(_("warning: certificate for %s can't be verified "
 
       
   111                            "(Python too old)\n") % host)
 
       
   112             return
 
   106         if cacerts and not hostfingerprint:
 
   113         if cacerts and not hostfingerprint:
 
   107             msg = _verifycert(sock.getpeercert(), host)
 
   114             msg = _verifycert(sock.getpeercert(), host)
 
   108             if msg:
 
   115             if msg:
 
   109                 raise util.Abort(_('%s certificate error: %s '
 
   116                 raise util.Abort(_('%s certificate error: %s '
 
   110                                    '(use --insecure to connect '
 
   117                                    '(use --insecure to connect '
 
   111                                    'insecurely)') % (host, msg))
 
   118                                    'insecurely)') % (host, msg))
 
   112             self.ui.debug('%s certificate successfully verified\n' % host)
 
   119             self.ui.debug('%s certificate successfully verified\n' % host)
 
   113         else:
 
   120         else:
 
   114             if getattr(sock, 'getpeercert', False):
 
   121             peercert = sock.getpeercert(True)
 
   115                 peercert = sock.getpeercert(True)
 
   122             peerfingerprint = util.sha1(peercert).hexdigest()
 
   116                 peerfingerprint = util.sha1(peercert).hexdigest()
 
   123             nicefingerprint = ":".join([peerfingerprint[x:x + 2]
 
   117                 nicefingerprint = ":".join([peerfingerprint[x:x + 2]
 
   124                 for x in xrange(0, len(peerfingerprint), 2)])
 
   118                     for x in xrange(0, len(peerfingerprint), 2)])
 
   125             if hostfingerprint:
 
   119                 if hostfingerprint:
 
   126                 if peerfingerprint.lower() != \
 
   120                     if peerfingerprint.lower() != \
 
   127                         hostfingerprint.replace(':', '').lower():
 
   121                             hostfingerprint.replace(':', '').lower():
 
   128                     raise util.Abort(_('invalid certificate for %s '
 
   122                         raise util.Abort(_('invalid certificate for %s '
 
   129                                        'with fingerprint %s') %
 
   123                                            'with fingerprint %s') %
 
   130                                      (host, nicefingerprint))
 
   124                                          (host, nicefingerprint))
 
   131                 self.ui.debug('%s certificate matched fingerprint %s\n' %
 
   125                     self.ui.debug('%s certificate matched fingerprint %s\n' %
 
   132                               (host, nicefingerprint))
 
   126                                   (host, nicefingerprint))
 
   133             else:
 
   127                 else:
 
   134                 self.ui.warn(_('warning: %s certificate '
 
   128                     self.ui.warn(_('warning: %s certificate '
 
   135                                'with fingerprint %s not verified '
 
   129                                    'with fingerprint %s not verified '
 
   136                                '(check hostfingerprints or web.cacerts '
 
   130                                    '(check hostfingerprints or web.cacerts '
 
   137                                'config setting)\n') %
 
   131                                    'config setting)\n') %
 
   138                              (host, nicefingerprint))
 
   132                                  (host, nicefingerprint))
 
       
   133             else: # python 2.5 ?
 
       
   134                 if hostfingerprint:
 
       
   135                     raise util.Abort(_("host fingerprint for %s can't be "
 
       
   136                                        "verified (Python too old)") % host)
 
       
   137                 self.ui.warn(_("warning: certificate for %s can't be "
 
       
   138                                "verified (Python too old)\n") % host)
mercurial-scm/hg