Show More
| @@ -373,8 +373,12 def validatesocket(sock): | |||||
| 373 | 'sha256': util.sha256(peercert).hexdigest(), |
|
373 | 'sha256': util.sha256(peercert).hexdigest(), | |
| 374 | 'sha512': util.sha512(peercert).hexdigest(), |
|
374 | 'sha512': util.sha512(peercert).hexdigest(), | |
| 375 | } |
|
375 | } | |
| 376 | nicefingerprint = ':'.join([peerfingerprints['sha1'][x:x + 2] |
|
376 | ||
| 377 | for x in range(0, len(peerfingerprints['sha1']), 2)]) |
|
377 | def fmtfingerprint(s): | |
|
|
378 | return ':'.join([s[x:x + 2] for x in range(0, len(s), 2)]) | |||
|
|
379 | ||||
|
|
380 | legacyfingerprint = fmtfingerprint(peerfingerprints['sha1']) | |||
|
|
381 | nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256']) | |||
| 378 |
|
382 | |||
| 379 | if settings['legacyfingerprint']: |
|
383 | if settings['legacyfingerprint']: | |
| 380 | section = 'hostfingerprint' |
|
384 | section = 'hostfingerprint' | |
| @@ -389,10 +393,10 def validatesocket(sock): | |||||
| 389 | break |
|
393 | break | |
| 390 | if not fingerprintmatch: |
|
394 | if not fingerprintmatch: | |
| 391 | raise error.Abort(_('certificate for %s has unexpected ' |
|
395 | raise error.Abort(_('certificate for %s has unexpected ' | |
| 392 |
'fingerprint %s') % (host, |
|
396 | 'fingerprint %s') % (host, legacyfingerprint), | |
| 393 | hint=_('check %s configuration') % section) |
|
397 | hint=_('check %s configuration') % section) | |
| 394 | ui.debug('%s certificate matched fingerprint %s\n' % |
|
398 | ui.debug('%s certificate matched fingerprint %s\n' % | |
| 395 |
(host, |
|
399 | (host, legacyfingerprint)) | |
| 396 | return |
|
400 | return | |
| 397 |
|
401 | |||
| 398 | if not sock._hgstate['caloaded']: |
|
402 | if not sock._hgstate['caloaded']: | |
| @@ -176,7 +176,7 we are able to load CA certs. | |||||
| 176 | clone via pull |
|
176 | clone via pull | |
| 177 |
|
177 | |||
| 178 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS |
|
178 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS | |
| 179 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostsecurity or web.cacerts config setting) |
|
179 | warning: localhost certificate with fingerprint sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 not verified (check hostsecurity or web.cacerts config setting) | |
| 180 | requesting all changes |
|
180 | requesting all changes | |
| 181 | adding changesets |
|
181 | adding changesets | |
| 182 | adding manifests |
|
182 | adding manifests | |
| @@ -203,7 +203,7 pull without cacert | |||||
| 203 | $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc |
|
203 | $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc | |
| 204 | $ hg pull $DISABLECACERTS |
|
204 | $ hg pull $DISABLECACERTS | |
| 205 | pulling from https://localhost:$HGPORT/ |
|
205 | pulling from https://localhost:$HGPORT/ | |
| 206 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostsecurity or web.cacerts config setting) |
|
206 | warning: localhost certificate with fingerprint sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 not verified (check hostsecurity or web.cacerts config setting) | |
| 207 | searching for changes |
|
207 | searching for changes | |
| 208 | adding changesets |
|
208 | adding changesets | |
| 209 | adding manifests |
|
209 | adding manifests | |
| @@ -244,7 +244,7 cacert mismatch | |||||
| 244 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ |
|
244 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ | |
| 245 | pulling from https://127.0.0.1:$HGPORT/ |
|
245 | pulling from https://127.0.0.1:$HGPORT/ | |
| 246 | abort: 127.0.0.1 certificate error: certificate is for localhost |
|
246 | abort: 127.0.0.1 certificate error: certificate is for localhost | |
| 247 | (configure hostsecurity 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca or use --insecure to connect insecurely) |
|
247 | (configure hostsecurity sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or use --insecure to connect insecurely) | |
| 248 | [255] |
|
248 | [255] | |
| 249 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure |
|
249 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure | |
| 250 | pulling from https://127.0.0.1:$HGPORT/ |
|
250 | pulling from https://127.0.0.1:$HGPORT/ | |
General Comments 0
You need to be logged in to leave comments.
Login now