108 raise util.Abort(_("host fingerprint for %s can't be " |
108 raise util.Abort(_("host fingerprint for %s can't be " |
109 "verified (Python too old)") % host) |
109 "verified (Python too old)") % host) |
110 self.ui.warn(_("warning: certificate for %s can't be verified " |
110 self.ui.warn(_("warning: certificate for %s can't be verified " |
111 "(Python too old)\n") % host) |
111 "(Python too old)\n") % host) |
112 return |
112 return |
|
113 peercert = sock.getpeercert(True) |
|
114 peerfingerprint = util.sha1(peercert).hexdigest() |
|
115 nicefingerprint = ":".join([peerfingerprint[x:x + 2] |
|
116 for x in xrange(0, len(peerfingerprint), 2)]) |
113 if cacerts and not hostfingerprint: |
117 if cacerts and not hostfingerprint: |
114 msg = _verifycert(sock.getpeercert(), host) |
118 msg = _verifycert(sock.getpeercert(), host) |
115 if msg: |
119 if msg: |
116 raise util.Abort(_('%s certificate error: %s ' |
120 raise util.Abort(_('%s certificate error: %s') % (host, msg), |
117 '(use --insecure to connect ' |
121 hint=_('configure hostfingerprint %s or use ' |
118 'insecurely)') % (host, msg)) |
122 '--insecure to connect insecurely') % |
|
123 nicefingerprint) |
119 self.ui.debug('%s certificate successfully verified\n' % host) |
124 self.ui.debug('%s certificate successfully verified\n' % host) |
120 else: |
125 else: |
121 peercert = sock.getpeercert(True) |
|
122 peerfingerprint = util.sha1(peercert).hexdigest() |
|
123 nicefingerprint = ":".join([peerfingerprint[x:x + 2] |
|
124 for x in xrange(0, len(peerfingerprint), 2)]) |
|
125 if hostfingerprint: |
126 if hostfingerprint: |
126 if peerfingerprint.lower() != \ |
127 if peerfingerprint.lower() != \ |
127 hostfingerprint.replace(':', '').lower(): |
128 hostfingerprint.replace(':', '').lower(): |
128 raise util.Abort(_('invalid certificate for %s ' |
129 raise util.Abort(_('invalid certificate for %s ' |
129 'with fingerprint %s') % |
130 'with fingerprint %s') % |