Mercurial > public > mercurial-scm > hg
comparison mercurial/sslutil.py @ 15817:8f377751b510
sslutil: abort properly if no certificate received for https connection
According to the documentation SSLSocket.getpeercert() can return None.
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Mon, 09 Jan 2012 14:56:05 +0100 |
| parents | 4bb59919c905 |
| children | a45516cb8d9f |
comparison
equal
deleted
inserted
replaced
| 15816:4bb59919c905 | 15817:8f377751b510 |
|---|---|
| 111 "(Python too old)\n") % host) | 111 "(Python too old)\n") % host) |
| 112 return | 112 return |
| 113 if not sock.cipher(): # work around http://bugs.python.org/issue13721 | 113 if not sock.cipher(): # work around http://bugs.python.org/issue13721 |
| 114 raise util.Abort(_('%s ssl connection error') % host) | 114 raise util.Abort(_('%s ssl connection error') % host) |
| 115 peercert = sock.getpeercert(True) | 115 peercert = sock.getpeercert(True) |
| 116 if not peercert: | |
| 117 raise util.Abort(_('%s certificate error: ' | |
| 118 'no certificate received') % host) | |
| 116 peerfingerprint = util.sha1(peercert).hexdigest() | 119 peerfingerprint = util.sha1(peercert).hexdigest() |
| 117 nicefingerprint = ":".join([peerfingerprint[x:x + 2] | 120 nicefingerprint = ":".join([peerfingerprint[x:x + 2] |
| 118 for x in xrange(0, len(peerfingerprint), 2)]) | 121 for x in xrange(0, len(peerfingerprint), 2)]) |
| 119 if hostfingerprint: | 122 if hostfingerprint: |
| 120 if peerfingerprint.lower() != \ | 123 if peerfingerprint.lower() != \ |