Mercurial > public > mercurial-scm > hg
diff mercurial/sslutil.py @ 29292:bc5f55493397
sslutil: make cert fingerprints messages more actionable
The previous warning and abort messages were difficult to understand.
This patch makes them slightly better.
I think there is still room to tweak the messaging. And as we adopt
new security defaults, these messages will certainly change again.
But at least this takes us a step in the right direction.
References to "section" have been removed because if no fingerprint
is defined, "section" can never be "hostfingerprints." So just print
"hostsecurity" every time.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Tue, 31 May 2016 19:21:08 -0700 |
| parents | 15e533b7909c |
| children | 1b3a0b0c414f |
line wrap: on
line diff
--- a/mercurial/sslutil.py Mon May 30 15:43:03 2016 -0700 +++ b/mercurial/sslutil.py Tue May 31 19:21:08 2016 -0700 @@ -397,15 +397,15 @@ hint=_('check %s configuration') % section) if not sock._hgstate['caloaded']: - ui.warn(_('warning: %s certificate with fingerprint %s ' - 'not verified (check %s or web.cacerts config ' - 'setting)\n') % - (host, nicefingerprint, section)) + ui.warn(_('warning: certificate for %s not verified ' + '(set hostsecurity.%s:certfingerprints=%s or web.cacerts ' + 'config settings)\n') % (host, host, nicefingerprint)) return msg = _verifycert(peercert2, host) if msg: raise error.Abort(_('%s certificate error: %s') % (host, msg), - hint=_('configure %s %s or use ' - '--insecure to connect insecurely') % - (section, nicefingerprint)) + hint=_('set hostsecurity.%s:certfingerprints=%s ' + 'config setting or use --insecure to connect ' + 'insecurely') % + (host, nicefingerprint))