Mercurial > public > mercurial-scm > hg
comparison mercurial/sslutil.py @ 44061:cbc5755df6bf
sslutil: migrate to hashutil.sha1 instead of hashlib.sha1
This is a straight-line replacement like the others, but I split it
out since it's used in a network context and I'm not sure this is
appropriate (we should probably drop support for sha1
fingerprints over TLS) and wanted this to be easily dropped.
Differential Revision: https://phab.mercurial-scm.org/D7850
| author | Augie Fackler <augie@google.com> |
|---|---|
| date | Mon, 13 Jan 2020 17:16:54 -0500 |
| parents | 664e24207728 |
| children | 47b3c8383cc1 |
comparison
equal
deleted
inserted
replaced
| 44060:a61287a95dc3 | 44061:cbc5755df6bf |
|---|---|
| 22 node, | 22 node, |
| 23 pycompat, | 23 pycompat, |
| 24 util, | 24 util, |
| 25 ) | 25 ) |
| 26 from .utils import ( | 26 from .utils import ( |
| 27 hashutil, | |
| 27 resourceutil, | 28 resourceutil, |
| 28 stringutil, | 29 stringutil, |
| 29 ) | 30 ) |
| 30 | 31 |
| 31 # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added | 32 # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added |
| 947 return | 948 return |
| 948 | 949 |
| 949 # If a certificate fingerprint is pinned, use it and only it to | 950 # If a certificate fingerprint is pinned, use it and only it to |
| 950 # validate the remote cert. | 951 # validate the remote cert. |
| 951 peerfingerprints = { | 952 peerfingerprints = { |
| 952 b'sha1': node.hex(hashlib.sha1(peercert).digest()), | 953 b'sha1': node.hex(hashutil.sha1(peercert).digest()), |
| 953 b'sha256': node.hex(hashlib.sha256(peercert).digest()), | 954 b'sha256': node.hex(hashlib.sha256(peercert).digest()), |
| 954 b'sha512': node.hex(hashlib.sha512(peercert).digest()), | 955 b'sha512': node.hex(hashlib.sha512(peercert).digest()), |
| 955 } | 956 } |
| 956 | 957 |
| 957 def fmtfingerprint(s): | 958 def fmtfingerprint(s): |