##// END OF EJS Templates
color: move the '_render_effects' function to the core module
color: move the '_render_effects' function to the core module

File last commit:

r30669:10b17ed9 default
r30973:e5363cb9 default
Show More
sslutil.py
847 lines | 34.8 KiB | text/x-python | PythonLexer
Augie Fackler
sslutil: extracted ssl methods from httpsconnection in url.py...
r14204 # sslutil.py - SSL handling for mercurial
#
# Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
# Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version.
Gregory Szorc
sslutil: use absolute_import
r25977
from __future__ import absolute_import
Augie Fackler
sslutil: extracted ssl methods from httpsconnection in url.py...
r14204
Augie Fackler
cleanup: replace uses of util.(md5|sha1|sha256|sha512) with hashlib.\1...
r29341 import hashlib
Gregory Szorc
sslutil: use absolute_import
r25977 import os
Gregory Szorc
sslutil: synchronize hostname matching logic with CPython...
r29452 import re
Gregory Szorc
sslutil: use absolute_import
r25977 import ssl
import sys
from .i18n import _
Gregory Szorc
sslutil: use preferred formatting for import syntax
r28577 from . import (
error,
Pulkit Goyal
py3: replace os.name with pycompat.osname (part 1 of 2)...
r30639 pycompat,
Gregory Szorc
sslutil: use preferred formatting for import syntax
r28577 util,
)
Yuya Nishihara
ssl: load CA certificates from system's store by default on Python 2.7.9...
r24291
Gregory Szorc
sslutil: better document state of security/ssl module...
r28647 # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added
# support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are
# all exposed via the "ssl" module.
#
# Depending on the version of Python being used, SSL/TLS support is either
# modern/secure or legacy/insecure. Many operations in this module have
# separate code paths depending on support in Python.
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 configprotocols = set([
'tls1.0',
'tls1.1',
'tls1.2',
])
Gregory Szorc
sslutil: expose attribute indicating whether SNI is supported...
r26622
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 hassni = getattr(ssl, 'HAS_SNI', False)
Gregory Szorc
sslutil: store OP_NO_SSL* constants in module scope...
r28648
Gregory Szorc
sslutil: more robustly detect protocol support...
r29601 # TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled
# against doesn't support them.
supportedprotocols = set(['tls1.0'])
if util.safehasattr(ssl, 'PROTOCOL_TLSv1_1'):
supportedprotocols.add('tls1.1')
if util.safehasattr(ssl, 'PROTOCOL_TLSv1_2'):
supportedprotocols.add('tls1.2')
Gregory Szorc
sslutil: implement SSLContext class...
r28649 try:
# ssl.SSLContext was added in 2.7.9 and presence indicates modern
# SSL/TLS features are available.
SSLContext = ssl.SSLContext
modernssl = True
Gregory Szorc
sslutil: move _canloaddefaultcerts logic...
r28650 _canloaddefaultcerts = util.safehasattr(SSLContext, 'load_default_certs')
Gregory Szorc
sslutil: implement SSLContext class...
r28649 except AttributeError:
modernssl = False
Gregory Szorc
sslutil: move _canloaddefaultcerts logic...
r28650 _canloaddefaultcerts = False
Gregory Szorc
sslutil: implement SSLContext class...
r28649
# We implement SSLContext using the interface from the standard library.
class SSLContext(object):
# ssl.wrap_socket gained the "ciphers" named argument in 2.7.
_supportsciphers = sys.version_info >= (2, 7)
def __init__(self, protocol):
# From the public interface of SSLContext
self.protocol = protocol
self.check_hostname = False
self.options = 0
self.verify_mode = ssl.CERT_NONE
# Used by our implementation.
self._certfile = None
self._keyfile = None
self._certpassword = None
self._cacerts = None
self._ciphers = None
def load_cert_chain(self, certfile, keyfile=None, password=None):
self._certfile = certfile
self._keyfile = keyfile
self._certpassword = password
def load_default_certs(self, purpose=None):
pass
def load_verify_locations(self, cafile=None, capath=None, cadata=None):
if capath:
liscju
i18n: translate abort messages...
r29389 raise error.Abort(_('capath not supported'))
Gregory Szorc
sslutil: implement SSLContext class...
r28649 if cadata:
liscju
i18n: translate abort messages...
r29389 raise error.Abort(_('cadata not supported'))
Gregory Szorc
sslutil: implement SSLContext class...
r28649
self._cacerts = cafile
def set_ciphers(self, ciphers):
if not self._supportsciphers:
Gregory Szorc
sslutil: support defining cipher list...
r29577 raise error.Abort(_('setting ciphers in [hostsecurity] is not '
'supported by this version of Python'),
hint=_('remove the config option or run '
'Mercurial with a modern Python '
'version (preferred)'))
Gregory Szorc
sslutil: implement SSLContext class...
r28649
self._ciphers = ciphers
def wrap_socket(self, socket, server_hostname=None, server_side=False):
# server_hostname is unique to SSLContext.wrap_socket and is used
# for SNI in that context. So there's nothing for us to do with it
# in this legacy code since we don't support SNI.
args = {
'keyfile': self._keyfile,
'certfile': self._certfile,
'server_side': server_side,
'cert_reqs': self.verify_mode,
'ssl_version': self.protocol,
'ca_certs': self._cacerts,
}
if self._supportsciphers:
args['ciphers'] = self._ciphers
return ssl.wrap_socket(socket, **args)
Gregory Szorc
sslutil: introduce a function for determining host-specific settings...
r29258 def _hostsettings(ui, hostname):
"""Obtain security settings for a hostname.
Returns a dict of settings relevant to that hostname.
"""
s = {
Gregory Szorc
sslutil: add devel.disableloaddefaultcerts to disable CA loading...
r29288 # Whether we should attempt to load default/available CA certs
# if an explicit ``cafile`` is not defined.
'allowloaddefaultcerts': True,
Gregory Szorc
sslutil: introduce a function for determining host-specific settings...
r29258 # List of 2-tuple of (hash algorithm, hash).
'certfingerprints': [],
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260 # Path to file containing concatenated CA certs. Used by
# SSLContext.load_verify_locations().
'cafile': None,
Gregory Szorc
sslutil: store flag for whether cert verification is disabled...
r29287 # Whether certificate verification should be disabled.
'disablecertverification': False,
Gregory Szorc
sslutil: reference appropriate config section in messaging...
r29268 # Whether the legacy [hostfingerprints] section has data for this host.
'legacyfingerprint': False,
Gregory Szorc
sslutil: move protocol determination to _hostsettings...
r29507 # PROTOCOL_* constant to use for SSLContext.__init__.
'protocol': None,
Gregory Szorc
sslutil: capture string string representation of protocol...
r29618 # String representation of minimum protocol to be used for UI
# presentation.
'protocolui': None,
Gregory Szorc
sslutil: move SSLContext.verify_mode value into _hostsettings...
r29259 # ssl.CERT_* constant used by SSLContext.verify_mode.
'verifymode': None,
Gregory Szorc
sslutil: move context options flags to _hostsettings...
r29508 # Defines extra ssl.OP* bitwise options to set.
'ctxoptions': None,
Gregory Szorc
sslutil: support defining cipher list...
r29577 # OpenSSL Cipher List to use (instead of default).
'ciphers': None,
Gregory Szorc
sslutil: introduce a function for determining host-specific settings...
r29258 }
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 # Allow minimum TLS protocol to be specified in the config.
def validateprotocol(protocol, key):
if protocol not in configprotocols:
raise error.Abort(
_('unsupported protocol from hostsecurity.%s: %s') %
(key, protocol),
hint=_('valid protocols: %s') %
' '.join(sorted(configprotocols)))
Gregory Szorc
sslutil: move protocol determination to _hostsettings...
r29507
Gregory Szorc
sslutil: more robustly detect protocol support...
r29601 # We default to TLS 1.1+ where we can because TLS 1.0 has known
# vulnerabilities (like BEAST and POODLE). We allow users to downgrade to
# TLS 1.0+ via config options in case a legacy server is encountered.
if 'tls1.1' in supportedprotocols:
Gregory Szorc
sslutil: require TLS 1.1+ when supported...
r29560 defaultprotocol = 'tls1.1'
else:
Gregory Szorc
sslutil: more robustly detect protocol support...
r29601 # Let people know they are borderline secure.
Gregory Szorc
sslutil: print a warning when using TLS 1.0 on legacy Python...
r29561 # We don't document this config option because we want people to see
# the bold warnings on the web site.
# internal config: hostsecurity.disabletls10warning
if not ui.configbool('hostsecurity', 'disabletls10warning'):
ui.warn(_('warning: connecting to %s using legacy security '
'technology (TLS 1.0); see '
'https://mercurial-scm.org/wiki/SecureConnections for '
'more info\n') % hostname)
Gregory Szorc
sslutil: require TLS 1.1+ when supported...
r29560 defaultprotocol = 'tls1.0'
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 key = 'minimumprotocol'
Gregory Szorc
sslutil: require TLS 1.1+ when supported...
r29560 protocol = ui.config('hostsecurity', key, defaultprotocol)
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 validateprotocol(protocol, key)
Gregory Szorc
sslutil: move context options flags to _hostsettings...
r29508
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 key = '%s:minimumprotocol' % hostname
protocol = ui.config('hostsecurity', key, protocol)
validateprotocol(protocol, key)
Gregory Szorc
sslutil: allow TLS 1.0 when --insecure is used...
r29617 # If --insecure is used, we allow the use of TLS 1.0 despite config options.
# We always print a "connection security to %s is disabled..." message when
# --insecure is used. So no need to print anything more here.
if ui.insecureconnections:
protocol = 'tls1.0'
Gregory Szorc
sslutil: capture string string representation of protocol...
r29618 s['protocol'], s['ctxoptions'], s['protocolui'] = protocolsettings(protocol)
Gregory Szorc
sslutil: prevent CRIME...
r29558
Gregory Szorc
sslutil: support defining cipher list...
r29577 ciphers = ui.config('hostsecurity', 'ciphers')
ciphers = ui.config('hostsecurity', '%s:ciphers' % hostname, ciphers)
s['ciphers'] = ciphers
Gregory Szorc
sslutil: allow fingerprints to be specified in [hostsecurity]...
r29267 # Look for fingerprints in [hostsecurity] section. Value is a list
# of <alg>:<fingerprint> strings.
fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname,
[])
for fingerprint in fingerprints:
if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))):
raise error.Abort(_('invalid fingerprint for %s: %s') % (
hostname, fingerprint),
hint=_('must begin with "sha1:", "sha256:", '
'or "sha512:"'))
alg, fingerprint = fingerprint.split(':', 1)
fingerprint = fingerprint.replace(':', '').lower()
s['certfingerprints'].append((alg, fingerprint))
Gregory Szorc
sslutil: introduce a function for determining host-specific settings...
r29258 # Fingerprints from [hostfingerprints] are always SHA-1.
for fingerprint in ui.configlist('hostfingerprints', hostname, []):
fingerprint = fingerprint.replace(':', '').lower()
s['certfingerprints'].append(('sha1', fingerprint))
Gregory Szorc
sslutil: reference appropriate config section in messaging...
r29268 s['legacyfingerprint'] = True
Gregory Szorc
sslutil: introduce a function for determining host-specific settings...
r29258
Gregory Szorc
sslutil: move SSLContext.verify_mode value into _hostsettings...
r29259 # If a host cert fingerprint is defined, it is the only thing that
# matters. No need to validate CA certs.
if s['certfingerprints']:
s['verifymode'] = ssl.CERT_NONE
Gregory Szorc
sslutil: don't load default certificates when they aren't relevant...
r29447 s['allowloaddefaultcerts'] = False
Gregory Szorc
sslutil: move SSLContext.verify_mode value into _hostsettings...
r29259
# If --insecure is used, don't take CAs into consideration.
elif ui.insecureconnections:
Gregory Szorc
sslutil: store flag for whether cert verification is disabled...
r29287 s['disablecertverification'] = True
Gregory Szorc
sslutil: move SSLContext.verify_mode value into _hostsettings...
r29259 s['verifymode'] = ssl.CERT_NONE
Gregory Szorc
sslutil: don't load default certificates when they aren't relevant...
r29447 s['allowloaddefaultcerts'] = False
Gregory Szorc
sslutil: move SSLContext.verify_mode value into _hostsettings...
r29259
Gregory Szorc
sslutil: add devel.disableloaddefaultcerts to disable CA loading...
r29288 if ui.configbool('devel', 'disableloaddefaultcerts'):
s['allowloaddefaultcerts'] = False
Gregory Szorc
sslutil: per-host config option to define certificates...
r29334 # If both fingerprints and a per-host ca file are specified, issue a warning
# because users should not be surprised about what security is or isn't
# being performed.
cafile = ui.config('hostsecurity', '%s:verifycertsfile' % hostname)
if s['certfingerprints'] and cafile:
ui.warn(_('(hostsecurity.%s:verifycertsfile ignored when host '
'fingerprints defined; using host fingerprints for '
'verification)\n') % hostname)
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260 # Try to hook up CA certificate validation unless something above
# makes it not necessary.
if s['verifymode'] is None:
Gregory Szorc
sslutil: per-host config option to define certificates...
r29334 # Look at per-host ca file first.
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260 if cafile:
cafile = util.expandpath(cafile)
if not os.path.exists(cafile):
Gregory Szorc
sslutil: per-host config option to define certificates...
r29334 raise error.Abort(_('path specified by %s does not exist: %s') %
('hostsecurity.%s:verifycertsfile' % hostname,
cafile))
s['cafile'] = cafile
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260 else:
Gregory Szorc
sslutil: per-host config option to define certificates...
r29334 # Find global certificates file in config.
cafile = ui.config('web', 'cacerts')
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260 if cafile:
Gregory Szorc
sslutil: per-host config option to define certificates...
r29334 cafile = util.expandpath(cafile)
if not os.path.exists(cafile):
raise error.Abort(_('could not find web.cacerts: %s') %
cafile)
Gregory Szorc
sslutil: don't attempt to find default CA certs file when told not to...
r29484 elif s['allowloaddefaultcerts']:
Gregory Szorc
sslutil: change comment and logged message for found ca cert file...
r29482 # CAs not defined in config. Try to find system bundles.
Gregory Szorc
sslutil: pass ui to _defaultcacerts...
r29483 cafile = _defaultcacerts(ui)
Gregory Szorc
sslutil: per-host config option to define certificates...
r29334 if cafile:
Gregory Szorc
sslutil: change comment and logged message for found ca cert file...
r29482 ui.debug('using %s for CA file\n' % cafile)
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260
Gregory Szorc
sslutil: per-host config option to define certificates...
r29334 s['cafile'] = cafile
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260
# Require certificate validation if CA certs are being loaded and
# verification hasn't been disabled above.
Gregory Szorc
sslutil: add devel.disableloaddefaultcerts to disable CA loading...
r29288 if cafile or (_canloaddefaultcerts and s['allowloaddefaultcerts']):
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260 s['verifymode'] = ssl.CERT_REQUIRED
else:
# At this point we don't have a fingerprint, aren't being
# explicitly insecure, and can't load CA certs. Connecting
Gregory Szorc
sslutil: abort when unable to verify peer connection (BC)...
r29411 # is insecure. We allow the connection and abort during
# validation (once we have the fingerprint to print to the
# user).
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260 s['verifymode'] = ssl.CERT_NONE
Gregory Szorc
sslutil: move protocol determination to _hostsettings...
r29507 assert s['protocol'] is not None
Gregory Szorc
sslutil: move context options flags to _hostsettings...
r29508 assert s['ctxoptions'] is not None
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260 assert s['verifymode'] is not None
Gregory Szorc
sslutil: move SSLContext.verify_mode value into _hostsettings...
r29259
Gregory Szorc
sslutil: introduce a function for determining host-specific settings...
r29258 return s
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 def protocolsettings(protocol):
Gregory Szorc
sslutil: capture string string representation of protocol...
r29618 """Resolve the protocol for a config value.
Returns a 3-tuple of (protocol, options, ui value) where the first
2 items are values used by SSLContext and the last is a string value
of the ``minimumprotocol`` config option equivalent.
"""
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 if protocol not in configprotocols:
raise ValueError('protocol value not supported: %s' % protocol)
Gregory Szorc
sslutil: move comment about protocol constants...
r29578 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
# that both ends support, including TLS protocols. On legacy stacks,
# the highest it likely goes is TLS 1.0. On modern stacks, it can
# support TLS 1.2.
#
# The PROTOCOL_TLSv* constants select a specific TLS version
# only (as opposed to multiple versions). So the method for
# supporting multiple TLS versions is to use PROTOCOL_SSLv23 and
# disable protocols via SSLContext.options and OP_NO_* constants.
# However, SSLContext.options doesn't work unless we have the
# full/real SSLContext available to us.
Gregory Szorc
sslutil: more robustly detect protocol support...
r29601 if supportedprotocols == set(['tls1.0']):
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 if protocol != 'tls1.0':
raise error.Abort(_('current Python does not support protocol '
'setting %s') % protocol,
hint=_('upgrade Python or disable setting since '
'only TLS 1.0 is supported'))
Gregory Szorc
sslutil: capture string string representation of protocol...
r29618 return ssl.PROTOCOL_TLSv1, 0, 'tls1.0'
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559
# WARNING: returned options don't work unless the modern ssl module
# is available. Be careful when adding options here.
# SSLv2 and SSLv3 are broken. We ban them outright.
options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
if protocol == 'tls1.0':
# Defaults above are to use TLS 1.0+
pass
elif protocol == 'tls1.1':
options |= ssl.OP_NO_TLSv1
elif protocol == 'tls1.2':
options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
else:
raise error.Abort(_('this should not happen'))
# Prevent CRIME.
# There is no guarantee this attribute is defined on the module.
options |= getattr(ssl, 'OP_NO_COMPRESSION', 0)
Gregory Szorc
sslutil: capture string string representation of protocol...
r29618 return ssl.PROTOCOL_SSLv23, options, protocol
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559
Gregory Szorc
sslutil: move sslkwargs logic into internal function (API)...
r29249 def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None):
Gregory Szorc
sslutil: add docstring to wrapsocket()...
r28653 """Add SSL/TLS to a socket.
This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane
choices based on what security options are available.
In addition to the arguments supported by ``ssl.wrap_socket``, we allow
the following additional arguments:
* serverhostname - The expected hostname of the remote server. If the
server (and client) support SNI, this tells the server which certificate
to use.
"""
Gregory Szorc
sslutil: require serverhostname argument (API)...
r29224 if not serverhostname:
liscju
i18n: translate abort messages...
r29389 raise error.Abort(_('serverhostname argument is required'))
Gregory Szorc
sslutil: require serverhostname argument (API)...
r29224
Gregory Szorc
sslutil: move SSLContext.verify_mode value into _hostsettings...
r29259 settings = _hostsettings(ui, serverhostname)
Gregory Szorc
sslutil: move sslkwargs logic into internal function (API)...
r29249
Gregory Szorc
sslutil: update comment about create_default_context()...
r29557 # We can't use ssl.create_default_context() because it calls
# load_default_certs() unless CA arguments are passed to it. We want to
# have explicit control over CA loading because implicitly loading
# CAs may undermine the user's intent. For example, a user may define a CA
# bundle with a specific CA cert removed. If the system/default CA bundle
# is loaded and contains that removed CA, you've just undone the user's
# choice.
Gregory Szorc
sslutil: move protocol determination to _hostsettings...
r29507 sslcontext = SSLContext(settings['protocol'])
Gregory Szorc
sslutil: move context options flags to _hostsettings...
r29508 # This is a no-op unless using modern ssl.
sslcontext.options |= settings['ctxoptions']
Gregory Szorc
sslutil: always use SSLContext...
r28651
Gregory Szorc
sslutil: move and document verify_mode assignment...
r28848 # This still works on our fake SSLContext.
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260 sslcontext.verify_mode = settings['verifymode']
Gregory Szorc
sslutil: move and document verify_mode assignment...
r28848
Gregory Szorc
sslutil: support defining cipher list...
r29577 if settings['ciphers']:
try:
sslcontext.set_ciphers(settings['ciphers'])
except ssl.SSLError as e:
raise error.Abort(_('could not set ciphers: %s') % e.args[0],
hint=_('change cipher string (%s) in config') %
settings['ciphers'])
Gregory Szorc
sslutil: remove indentation in wrapsocket declaration...
r28652 if certfile is not None:
def password():
f = keyfile or certfile
return ui.getpass(_('passphrase for %s: ') % f, '')
sslcontext.load_cert_chain(certfile, keyfile, password)
Gregory Szorc
sslutil: move and document verify_mode assignment...
r28848
Gregory Szorc
sslutil: move CA file processing into _hostsettings()...
r29260 if settings['cafile'] is not None:
Gregory Szorc
sslutil: display a better error message when CA file loading fails...
r29446 try:
sslcontext.load_verify_locations(cafile=settings['cafile'])
except ssl.SSLError as e:
Pierre-Yves David
ssl: handle a difference in SSLError with pypy (issue5348)...
r29927 if len(e.args) == 1: # pypy has different SSLError args
msg = e.args[0]
else:
msg = e.args[1]
Gregory Szorc
sslutil: display a better error message when CA file loading fails...
r29446 raise error.Abort(_('error loading CA file %s: %s') % (
Pierre-Yves David
ssl: handle a difference in SSLError with pypy (issue5348)...
r29927 settings['cafile'], msg),
Gregory Szorc
sslutil: display a better error message when CA file loading fails...
r29446 hint=_('file is empty or malformed?'))
Gregory Szorc
sslutil: use CA loaded state to drive validation logic...
r29113 caloaded = True
Gregory Szorc
sslutil: add devel.disableloaddefaultcerts to disable CA loading...
r29288 elif settings['allowloaddefaultcerts']:
Gregory Szorc
sslutil: remove indentation in wrapsocket declaration...
r28652 # This is a no-op on old Python.
sslcontext.load_default_certs()
Gregory Szorc
sslutil: add devel.disableloaddefaultcerts to disable CA loading...
r29288 caloaded = True
else:
caloaded = False
Alex Orange
https: support tls sni (server name indication) for https urls (issue3090)...
r23834
Gregory Szorc
sslutil: emit warning when no CA certificates loaded...
r29449 try:
sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 except ssl.SSLError as e:
Gregory Szorc
sslutil: emit warning when no CA certificates loaded...
r29449 # If we're doing certificate verification and no CA certs are loaded,
# that is almost certainly the reason why verification failed. Provide
# a hint to the user.
# Only modern ssl module exposes SSLContext.get_ca_certs() so we can
# only show this warning if modern ssl is available.
Gregory Szorc
sslutil: work around SSLContext.get_ca_certs bug on Windows (issue5313)...
r29631 # The exception handler is here because of
# https://bugs.python.org/issue20916.
try:
if (caloaded and settings['verifymode'] == ssl.CERT_REQUIRED and
modernssl and not sslcontext.get_ca_certs()):
ui.warn(_('(an attempt was made to load CA certificates but '
'none were loaded; see '
'https://mercurial-scm.org/wiki/SecureConnections '
'for how to configure Mercurial to avoid this '
'error)\n'))
except ssl.SSLError:
pass
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 # Try to print more helpful error messages for known failures.
if util.safehasattr(e, 'reason'):
Gregory Szorc
sslutil: improve messaging around unsupported protocols (issue5303)...
r29619 # This error occurs when the client and server don't share a
# common/supported SSL/TLS protocol. We've disabled SSLv2 and SSLv3
# outright. Hopefully the reason for this error is that we require
# TLS 1.1+ and the server only supports TLS 1.0. Whatever the
# reason, try to emit an actionable warning.
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 if e.reason == 'UNSUPPORTED_PROTOCOL':
Gregory Szorc
sslutil: improve messaging around unsupported protocols (issue5303)...
r29619 # We attempted TLS 1.0+.
if settings['protocolui'] == 'tls1.0':
# We support more than just TLS 1.0+. If this happens,
# the likely scenario is either the client or the server
# is really old. (e.g. server doesn't support TLS 1.0+ or
# client doesn't support modern TLS versions introduced
# several years from when this comment was written).
if supportedprotocols != set(['tls1.0']):
ui.warn(_(
'(could not communicate with %s using security '
'protocols %s; if you are using a modern Mercurial '
'version, consider contacting the operator of this '
'server; see '
'https://mercurial-scm.org/wiki/SecureConnections '
'for more info)\n') % (
serverhostname,
', '.join(sorted(supportedprotocols))))
else:
ui.warn(_(
'(could not communicate with %s using TLS 1.0; the '
'likely cause of this is the server no longer '
'supports TLS 1.0 because it has known security '
'vulnerabilities; see '
'https://mercurial-scm.org/wiki/SecureConnections '
'for more info)\n') % serverhostname)
else:
# We attempted TLS 1.1+. We can only get here if the client
# supports the configured protocol. So the likely reason is
# the client wants better security than the server can
# offer.
ui.warn(_(
'(could not negotiate a common security protocol (%s+) '
'with %s; the likely cause is Mercurial is configured '
'to be more secure than the server can support)\n') % (
settings['protocolui'], serverhostname))
ui.warn(_('(consider contacting the operator of this '
'server and ask them to support modern TLS '
'protocol versions; or, set '
'hostsecurity.%s:minimumprotocol=tls1.0 to allow '
'use of legacy, less secure protocols when '
'communicating with this server)\n') %
serverhostname)
ui.warn(_(
'(see https://mercurial-scm.org/wiki/SecureConnections '
'for more info)\n'))
Gregory Szorc
sslutil: emit warning when no CA certificates loaded...
r29449 raise
Gregory Szorc
sslutil: remove indentation in wrapsocket declaration...
r28652 # check if wrap_socket failed silently because socket had been
# closed
# - see http://bugs.python.org/issue13721
if not sslsocket.cipher():
raise error.Abort(_('ssl connection failed'))
Gregory Szorc
sslutil: use CA loaded state to drive validation logic...
r29113
Gregory Szorc
sslutil: use a dict for hanging hg state off the wrapped socket...
r29225 sslsocket._hgstate = {
'caloaded': caloaded,
Gregory Szorc
sslutil: store and use hostname and ui in socket instance...
r29226 'hostname': serverhostname,
Gregory Szorc
sslutil: move SSLContext.verify_mode value into _hostsettings...
r29259 'settings': settings,
Gregory Szorc
sslutil: store and use hostname and ui in socket instance...
r29226 'ui': ui,
Gregory Szorc
sslutil: use a dict for hanging hg state off the wrapped socket...
r29225 }
Gregory Szorc
sslutil: use CA loaded state to drive validation logic...
r29113
Gregory Szorc
sslutil: remove indentation in wrapsocket declaration...
r28652 return sslsocket
Augie Fackler
sslutil: extracted ssl methods from httpsconnection in url.py...
r14204
Gregory Szorc
sslutil: implement wrapserversocket()...
r29554 def wrapserversocket(sock, ui, certfile=None, keyfile=None, cafile=None,
requireclientcert=False):
"""Wrap a socket for use by servers.
``certfile`` and ``keyfile`` specify the files containing the certificate's
public and private keys, respectively. Both keys can be defined in the same
file via ``certfile`` (the private key must come first in the file).
``cafile`` defines the path to certificate authorities.
``requireclientcert`` specifies whether to require client certificates.
Typically ``cafile`` is only defined if ``requireclientcert`` is true.
"""
Gregory Szorc
sslutil: capture string string representation of protocol...
r29618 protocol, options, _protocolui = protocolsettings('tls1.0')
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559
# This config option is intended for use in tests only. It is a giant
# footgun to kill security. Don't define it.
exactprotocol = ui.config('devel', 'serverexactprotocol')
if exactprotocol == 'tls1.0':
protocol = ssl.PROTOCOL_TLSv1
elif exactprotocol == 'tls1.1':
Gregory Szorc
sslutil: more robustly detect protocol support...
r29601 if 'tls1.1' not in supportedprotocols:
raise error.Abort(_('TLS 1.1 not supported by this Python'))
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 protocol = ssl.PROTOCOL_TLSv1_1
elif exactprotocol == 'tls1.2':
Gregory Szorc
sslutil: more robustly detect protocol support...
r29601 if 'tls1.2' not in supportedprotocols:
raise error.Abort(_('TLS 1.2 not supported by this Python'))
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 protocol = ssl.PROTOCOL_TLSv1_2
elif exactprotocol:
raise error.Abort(_('invalid value for serverexactprotocol: %s') %
exactprotocol)
Gregory Szorc
sslutil: implement wrapserversocket()...
r29554 if modernssl:
# We /could/ use create_default_context() here since it doesn't load
Gregory Szorc
sslutil: config option to specify TLS protocol version...
r29559 # CAs when configured for client auth. However, it is hard-coded to
# use ssl.PROTOCOL_SSLv23 which may not be appropriate here.
sslcontext = SSLContext(protocol)
sslcontext.options |= options
Gregory Szorc
sslutil: implement wrapserversocket()...
r29554 # Improve forward secrecy.
sslcontext.options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0)
sslcontext.options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0)
# Use the list of more secure ciphers if found in the ssl module.
if util.safehasattr(ssl, '_RESTRICTED_SERVER_CIPHERS'):
sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0)
sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS)
else:
sslcontext = SSLContext(ssl.PROTOCOL_TLSv1)
if requireclientcert:
sslcontext.verify_mode = ssl.CERT_REQUIRED
else:
sslcontext.verify_mode = ssl.CERT_NONE
if certfile or keyfile:
sslcontext.load_cert_chain(certfile=certfile, keyfile=keyfile)
if cafile:
sslcontext.load_verify_locations(cafile=cafile)
return sslcontext.wrap_socket(sock, server_side=True)
Gregory Szorc
sslutil: synchronize hostname matching logic with CPython...
r29452 class wildcarderror(Exception):
"""Represents an error parsing wildcards in DNS name."""
def _dnsnamematch(dn, hostname, maxwildcards=1):
"""Match DNS names according RFC 6125 section 6.4.3.
This code is effectively copied from CPython's ssl._dnsname_match.
Returns a bool indicating whether the expected hostname matches
the value in ``dn``.
"""
pats = []
if not dn:
return False
pieces = dn.split(r'.')
leftmost = pieces[0]
remainder = pieces[1:]
wildcards = leftmost.count('*')
if wildcards > maxwildcards:
raise wildcarderror(
_('too many wildcards in certificate DNS name: %s') % dn)
# speed up common case w/o wildcards
if not wildcards:
return dn.lower() == hostname.lower()
# RFC 6125, section 6.4.3, subitem 1.
# The client SHOULD NOT attempt to match a presented identifier in which
# the wildcard character comprises a label other than the left-most label.
if leftmost == '*':
# When '*' is a fragment by itself, it matches a non-empty dotless
# fragment.
pats.append('[^.]+')
elif leftmost.startswith('xn--') or hostname.startswith('xn--'):
# RFC 6125, section 6.4.3, subitem 3.
# The client SHOULD NOT attempt to match a presented identifier
# where the wildcard character is embedded within an A-label or
# U-label of an internationalized domain name.
pats.append(re.escape(leftmost))
else:
# Otherwise, '*' matches any dotless string, e.g. www*
pats.append(re.escape(leftmost).replace(r'\*', '[^.]*'))
# add the remaining fragments, ignore any wildcards
for frag in remainder:
pats.append(re.escape(frag))
pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE)
return pat.match(hostname) is not None
Augie Fackler
sslutil: extracted ssl methods from httpsconnection in url.py...
r14204 def _verifycert(cert, hostname):
'''Verify that cert (in socket.getpeercert() format) matches hostname.
CRLs is not handled.
Returns error message if any problems are found and None on success.
'''
if not cert:
return _('no certificate received')
Gregory Szorc
sslutil: synchronize hostname matching logic with CPython...
r29452 dnsnames = []
Augie Fackler
sslutil: extracted ssl methods from httpsconnection in url.py...
r14204 san = cert.get('subjectAltName', [])
Gregory Szorc
sslutil: synchronize hostname matching logic with CPython...
r29452 for key, value in san:
if key == 'DNS':
try:
if _dnsnamematch(value, hostname):
return
except wildcarderror as e:
Gregory Szorc
sslutil: don't access message attribute in exception (issue5285)...
r29460 return e.args[0]
Gregory Szorc
sslutil: synchronize hostname matching logic with CPython...
r29452
dnsnames.append(value)
Augie Fackler
sslutil: extracted ssl methods from httpsconnection in url.py...
r14204
Gregory Szorc
sslutil: synchronize hostname matching logic with CPython...
r29452 if not dnsnames:
# The subject is only checked when there is no DNS in subjectAltName.
for sub in cert.get('subject', []):
for key, value in sub:
# According to RFC 2818 the most specific Common Name must
# be used.
if key == 'commonName':
Mads Kiilerich
spelling: fixes of non-dictionary words
r30332 # 'subject' entries are unicode.
Gregory Szorc
sslutil: synchronize hostname matching logic with CPython...
r29452 try:
value = value.encode('ascii')
except UnicodeEncodeError:
return _('IDN in certificate not supported')
try:
if _dnsnamematch(value, hostname):
return
except wildcarderror as e:
Gregory Szorc
sslutil: don't access message attribute in exception (issue5285)...
r29460 return e.args[0]
Gregory Szorc
sslutil: synchronize hostname matching logic with CPython...
r29452
dnsnames.append(value)
if len(dnsnames) > 1:
return _('certificate is for %s') % ', '.join(dnsnames)
elif len(dnsnames) == 1:
return _('certificate is for %s') % dnsnames[0]
else:
return _('no commonName or subjectAltName found in certificate')
Augie Fackler
sslutil: extracted ssl methods from httpsconnection in url.py...
r14204
Mads Kiilerich
ssl: only use the dummy cert hack if using an Apple Python (issue4410)...
r23042 def _plainapplepython():
"""return true if this seems to be a pure Apple Python that
* is unfrozen and presumably has the whole mercurial module in the file
system
* presumably is an Apple Python that uses Apple OpenSSL which has patches
for using system certificate store CAs in addition to the provided
cacerts file
"""
Pulkit Goyal
py3: replace sys.platform with pycompat.sysplatform (part 1 of 2)...
r30641 if (pycompat.sysplatform != 'darwin' or
Pulkit Goyal
py3: replace sys.executable with pycompat.sysexecutable...
r30669 util.mainfrozen() or not pycompat.sysexecutable):
Mads Kiilerich
ssl: only use the dummy cert hack if using an Apple Python (issue4410)...
r23042 return False
Pulkit Goyal
py3: replace sys.executable with pycompat.sysexecutable...
r30669 exe = os.path.realpath(pycompat.sysexecutable).lower()
Mads Kiilerich
ssl: only use the dummy cert hack if using an Apple Python (issue4410)...
r23042 return (exe.startswith('/usr/bin/python') or
exe.startswith('/system/library/frameworks/python.framework/'))
Gregory Szorc
sslutil: try to find CA certficates in well-known locations...
r29500 _systemcacertpaths = [
# RHEL, CentOS, and Fedora
'/etc/pki/tls/certs/ca-bundle.trust.crt',
# Debian, Ubuntu, Gentoo
'/etc/ssl/certs/ca-certificates.crt',
]
Gregory Szorc
sslutil: pass ui to _defaultcacerts...
r29483 def _defaultcacerts(ui):
Gregory Szorc
sslutil: expand _defaultcacerts docstring to note calling assumptions...
r29488 """return path to default CA certificates or None.
It is assumed this function is called when the returned certificates
file will actually be used to validate connections. Therefore this
function may print warnings or debug messages assuming this usage.
Gregory Szorc
sslutil: try to find CA certficates in well-known locations...
r29500
We don't print a message when the Python is able to load default
CA certs because this scenario is detected at socket connect time.
Gregory Szorc
sslutil: expand _defaultcacerts docstring to note calling assumptions...
r29488 """
Gábor Stefanik
sslutil: guard against broken certifi installations (issue5406)...
r30228 # The "certifi" Python package provides certificates. If it is installed
# and usable, assume the user intends it to be used and use it.
Gregory Szorc
sslutil: use certificates provided by certifi if available...
r29486 try:
import certifi
certs = certifi.where()
Gábor Stefanik
sslutil: guard against broken certifi installations (issue5406)...
r30228 if os.path.exists(certs):
ui.debug('using ca certificates from certifi\n')
return certs
except (ImportError, AttributeError):
Gregory Szorc
sslutil: use certificates provided by certifi if available...
r29486 pass
Gregory Szorc
sslutil: handle default CA certificate loading on Windows...
r29489 # On Windows, only the modern ssl module is capable of loading the system
# CA certificates. If we're not capable of doing that, emit a warning
# because we'll get a certificate verification error later and the lack
# of loaded CA certificates will be the reason why.
# Assertion: this code is only called if certificates are being verified.
Pulkit Goyal
py3: replace os.name with pycompat.osname (part 1 of 2)...
r30639 if pycompat.osname == 'nt':
Gregory Szorc
sslutil: handle default CA certificate loading on Windows...
r29489 if not _canloaddefaultcerts:
ui.warn(_('(unable to load Windows CA certificates; see '
'https://mercurial-scm.org/wiki/SecureConnections for '
'how to configure Mercurial to avoid this message)\n'))
return None
Gregory Szorc
sslutil: document the Apple OpenSSL cert trick...
r29487 # Apple's OpenSSL has patches that allow a specially constructed certificate
# to load the system CA store. If we're running on Apple Python, use this
# trick.
Yuya Nishihara
ssl: extract function that returns dummycert path on Apple python...
r24288 if _plainapplepython():
dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
if os.path.exists(dummycert):
return dummycert
Gregory Szorc
sslutil: move code examining _canloaddefaultcerts out of _defaultcacerts...
r29107
Gregory Szorc
sslutil: issue warning when unable to load certificates on OS X...
r29499 # The Apple OpenSSL trick isn't available to us. If Python isn't able to
# load system certs, we're out of luck.
Pulkit Goyal
py3: replace sys.platform with pycompat.sysplatform (part 1 of 2)...
r30641 if pycompat.sysplatform == 'darwin':
Gregory Szorc
sslutil: issue warning when unable to load certificates on OS X...
r29499 # FUTURE Consider looking for Homebrew or MacPorts installed certs
# files. Also consider exporting the keychain certs to a file during
# Mercurial install.
if not _canloaddefaultcerts:
ui.warn(_('(unable to load CA certificates; see '
'https://mercurial-scm.org/wiki/SecureConnections for '
'how to configure Mercurial to avoid this message)\n'))
Yuya Nishihara
ssl: load CA certificates from system's store by default on Python 2.7.9...
r24291 return None
Yuya Nishihara
ssl: extract function that returns dummycert path on Apple python...
r24288
Gregory Szorc
sslutil: add assertion to prevent accidental CA usage on Windows...
r29537 # / is writable on Windows. Out of an abundance of caution make sure
# we're not on Windows because paths from _systemcacerts could be installed
# by non-admin users.
Pulkit Goyal
py3: replace os.name with pycompat.osname (part 1 of 2)...
r30639 assert pycompat.osname != 'nt'
Gregory Szorc
sslutil: add assertion to prevent accidental CA usage on Windows...
r29537
Gregory Szorc
sslutil: try to find CA certficates in well-known locations...
r29500 # Try to find CA certificates in well-known locations. We print a warning
# when using a found file because we don't want too much silent magic
# for security settings. The expectation is that proper Mercurial
# installs will have the CA certs path defined at install time and the
# installer/packager will make an appropriate decision on the user's
# behalf. We only get here and perform this setting as a feature of
# last resort.
if not _canloaddefaultcerts:
for path in _systemcacertpaths:
if os.path.isfile(path):
ui.warn(_('(using CA certificates from %s; if you see this '
'message, your Mercurial install is not properly '
'configured; see '
'https://mercurial-scm.org/wiki/SecureConnections '
'for how to configure Mercurial to avoid this '
'message)\n') % path)
return path
Augie Fackler
sslutil: extracted ssl methods from httpsconnection in url.py...
r14204
Gregory Szorc
sslutil: try to find CA certficates in well-known locations...
r29500 ui.warn(_('(unable to load CA certificates; see '
'https://mercurial-scm.org/wiki/SecureConnections for '
'how to configure Mercurial to avoid this message)\n'))
Augie Fackler
sslutil: extracted ssl methods from httpsconnection in url.py...
r14204
Gregory Szorc
sslutil: move code examining _canloaddefaultcerts out of _defaultcacerts...
r29107 return None
Yuya Nishihara
ssl: extract function that returns dummycert path on Apple python...
r24288
Gregory Szorc
sslutil: remove "strict" argument from validatesocket()...
r29286 def validatesocket(sock):
Mads Kiilerich
spelling: fixes of non-dictionary words
r30332 """Validate a socket meets security requirements.
Matt Mackall
sslutil: try harder to avoid getpeercert problems...
r18879
Gregory Szorc
sslutil: convert socket validation from a class to a function (API)...
r29227 The passed socket must have been created with ``wrapsocket()``.
"""
host = sock._hgstate['hostname']
ui = sock._hgstate['ui']
Gregory Szorc
sslutil: introduce a function for determining host-specific settings...
r29258 settings = sock._hgstate['settings']
Matt Mackall
sslutil: try harder to avoid getpeercert problems...
r18879
Gregory Szorc
sslutil: convert socket validation from a class to a function (API)...
r29227 try:
peercert = sock.getpeercert(True)
peercert2 = sock.getpeercert()
except AttributeError:
raise error.Abort(_('%s ssl connection error') % host)
Yuya Nishihara
ssl: extract function that returns dummycert path on Apple python...
r24288
Gregory Szorc
sslutil: convert socket validation from a class to a function (API)...
r29227 if not peercert:
raise error.Abort(_('%s certificate error: '
'no certificate received') % host)
Matt Mackall
sslutil: try harder to avoid getpeercert problems...
r18879
Gregory Szorc
sslutil: move and change warning when cert verification is disabled...
r29289 if settings['disablecertverification']:
# We don't print the certificate fingerprint because it shouldn't
# be necessary: if the user requested certificate verification be
# disabled, they presumably already saw a message about the inability
# to verify the certificate and this message would have printed the
# fingerprint. So printing the fingerprint here adds little to no
# value.
ui.warn(_('warning: connection security to %s is disabled per current '
'settings; communication is susceptible to eavesdropping '
'and tampering\n') % host)
return
Matt Mackall
sslutil: try harder to avoid getpeercert problems...
r18879
Gregory Szorc
sslutil: convert socket validation from a class to a function (API)...
r29227 # If a certificate fingerprint is pinned, use it and only it to
# validate the remote cert.
Gregory Szorc
sslutil: calculate host fingerprints from additional algorithms...
r29262 peerfingerprints = {
Augie Fackler
cleanup: replace uses of util.(md5|sha1|sha256|sha512) with hashlib.\1...
r29341 'sha1': hashlib.sha1(peercert).hexdigest(),
'sha256': hashlib.sha256(peercert).hexdigest(),
'sha512': hashlib.sha512(peercert).hexdigest(),
Gregory Szorc
sslutil: calculate host fingerprints from additional algorithms...
r29262 }
Matt Mackall
sslutil: try harder to avoid getpeercert problems...
r18879
Gregory Szorc
sslutil: print SHA-256 fingerprint by default...
r29290 def fmtfingerprint(s):
return ':'.join([s[x:x + 2] for x in range(0, len(s), 2)])
nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256'])
Gregory Szorc
sslutil: document and slightly refactor validation logic...
r28850
Gregory Szorc
sslutil: introduce a function for determining host-specific settings...
r29258 if settings['certfingerprints']:
for hash, fingerprint in settings['certfingerprints']:
Gregory Szorc
sslutil: calculate host fingerprints from additional algorithms...
r29262 if peerfingerprints[hash].lower() == fingerprint:
Gregory Szorc
sslutil: refactor code for fingerprint matching...
r29291 ui.debug('%s certificate matched fingerprint %s:%s\n' %
(host, hash, fmtfingerprint(fingerprint)))
return
Gregory Szorc
sslutil: document and slightly refactor validation logic...
r28850
Gregory Szorc
sslutil: print the fingerprint from the last hash used...
r29293 # Pinned fingerprint didn't match. This is a fatal error.
if settings['legacyfingerprint']:
section = 'hostfingerprint'
nice = fmtfingerprint(peerfingerprints['sha1'])
else:
section = 'hostsecurity'
nice = '%s:%s' % (hash, fmtfingerprint(peerfingerprints[hash]))
Gregory Szorc
sslutil: refactor code for fingerprint matching...
r29291 raise error.Abort(_('certificate for %s has unexpected '
Gregory Szorc
sslutil: print the fingerprint from the last hash used...
r29293 'fingerprint %s') % (host, nice),
Gregory Szorc
sslutil: refactor code for fingerprint matching...
r29291 hint=_('check %s configuration') % section)
Gregory Szorc
sslutil: document and slightly refactor validation logic...
r28850
Gregory Szorc
sslutil: abort when unable to verify peer connection (BC)...
r29411 # Security is enabled but no CAs are loaded. We can't establish trust
# for the cert so abort.
Gregory Szorc
sslutil: convert socket validation from a class to a function (API)...
r29227 if not sock._hgstate['caloaded']:
Gregory Szorc
sslutil: abort when unable to verify peer connection (BC)...
r29411 raise error.Abort(
_('unable to verify security of %s (no loaded CA certificates); '
'refusing to connect') % host,
hint=_('see https://mercurial-scm.org/wiki/SecureConnections for '
'how to configure Mercurial to avoid this error or set '
'hostsecurity.%s:fingerprints=%s to trust this server') %
(host, nicefingerprint))
Gregory Szorc
sslutil: use CA loaded state to drive validation logic...
r29113
Gregory Szorc
sslutil: convert socket validation from a class to a function (API)...
r29227 msg = _verifycert(peercert2, host)
if msg:
raise error.Abort(_('%s certificate error: %s') % (host, msg),
Gregory Szorc
sslutil: make cert fingerprints messages more actionable...
r29292 hint=_('set hostsecurity.%s:certfingerprints=%s '
'config setting or use --insecure to connect '
'insecurely') %
(host, nicefingerprint))