# HG changeset patch
# User Mads Kiilerich <mads@kiilerich.com>
# Date 2012-01-09 13:43:25
# Node ID 4bb59919c905b4ace623ae627019b473224eaa60
# Parent  edc3a901a63d23e8bcd9b15e52f64ac6be6bb91b

sslutil: work around validator crash getting certificate on failed sockets

The previous workaround for correct handling of wrapping of failing connections
might be enough to prevent this from happening, but the check here makes this
function more robust.

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -110,6 +110,8 @@ class validator(object):
             self.ui.warn(_("warning: certificate for %s can't be verified "
                            "(Python too old)\n") % host)
             return
+        if not sock.cipher(): # work around http://bugs.python.org/issue13721
+            raise util.Abort(_('%s ssl connection error') % host)
         peercert = sock.getpeercert(True)
         peerfingerprint = util.sha1(peercert).hexdigest()
         nicefingerprint = ":".join([peerfingerprint[x:x + 2]