# HG changeset patch
# User Mads Kiilerich <mads@kiilerich.com>
# Date 2012-01-09 13:56:05
# Node ID 8f377751b510f59f37f0756ac63c0d747da0f152
# Parent  4bb59919c905b4ace623ae627019b473224eaa60

sslutil: abort properly if no certificate received for https connection

According to the documentation SSLSocket.getpeercert() can return None.

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -113,6 +113,9 @@ class validator(object):
         if not sock.cipher(): # work around http://bugs.python.org/issue13721
             raise util.Abort(_('%s ssl connection error') % host)
         peercert = sock.getpeercert(True)
+        if not peercert:
+            raise util.Abort(_('%s certificate error: '
+                               'no certificate received') % host)
         peerfingerprint = util.sha1(peercert).hexdigest()
         nicefingerprint = ":".join([peerfingerprint[x:x + 2]
             for x in xrange(0, len(peerfingerprint), 2)])