Show More
@@ -373,8 +373,12 b' def validatesocket(sock):' | |||
|
373 | 373 | 'sha256': util.sha256(peercert).hexdigest(), |
|
374 | 374 | 'sha512': util.sha512(peercert).hexdigest(), |
|
375 | 375 | } |
|
376 | nicefingerprint = ':'.join([peerfingerprints['sha1'][x:x + 2] | |
|
377 | for x in range(0, len(peerfingerprints['sha1']), 2)]) | |
|
376 | ||
|
377 | def fmtfingerprint(s): | |
|
378 | return ':'.join([s[x:x + 2] for x in range(0, len(s), 2)]) | |
|
379 | ||
|
380 | legacyfingerprint = fmtfingerprint(peerfingerprints['sha1']) | |
|
381 | nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256']) | |
|
378 | 382 | |
|
379 | 383 | if settings['legacyfingerprint']: |
|
380 | 384 | section = 'hostfingerprint' |
@@ -389,10 +393,10 b' def validatesocket(sock):' | |||
|
389 | 393 | break |
|
390 | 394 | if not fingerprintmatch: |
|
391 | 395 | raise error.Abort(_('certificate for %s has unexpected ' |
|
392 |
'fingerprint %s') % (host, |
|
|
393 | hint=_('check %s configuration') % section) | |
|
396 | 'fingerprint %s') % (host, legacyfingerprint), | |
|
397 | hint=_('check %s configuration') % section) | |
|
394 | 398 | ui.debug('%s certificate matched fingerprint %s\n' % |
|
395 |
(host, |
|
|
399 | (host, legacyfingerprint)) | |
|
396 | 400 | return |
|
397 | 401 | |
|
398 | 402 | if not sock._hgstate['caloaded']: |
@@ -176,7 +176,7 b' we are able to load CA certs.' | |||
|
176 | 176 | clone via pull |
|
177 | 177 | |
|
178 | 178 | $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS |
|
179 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostsecurity or web.cacerts config setting) | |
|
179 | warning: localhost certificate with fingerprint sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 not verified (check hostsecurity or web.cacerts config setting) | |
|
180 | 180 | requesting all changes |
|
181 | 181 | adding changesets |
|
182 | 182 | adding manifests |
@@ -203,7 +203,7 b' pull without cacert' | |||
|
203 | 203 | $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc |
|
204 | 204 | $ hg pull $DISABLECACERTS |
|
205 | 205 | pulling from https://localhost:$HGPORT/ |
|
206 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostsecurity or web.cacerts config setting) | |
|
206 | warning: localhost certificate with fingerprint sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 not verified (check hostsecurity or web.cacerts config setting) | |
|
207 | 207 | searching for changes |
|
208 | 208 | adding changesets |
|
209 | 209 | adding manifests |
@@ -244,7 +244,7 b' cacert mismatch' | |||
|
244 | 244 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ |
|
245 | 245 | pulling from https://127.0.0.1:$HGPORT/ |
|
246 | 246 | abort: 127.0.0.1 certificate error: certificate is for localhost |
|
247 | (configure hostsecurity 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca or use --insecure to connect insecurely) | |
|
247 | (configure hostsecurity sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or use --insecure to connect insecurely) | |
|
248 | 248 | [255] |
|
249 | 249 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure |
|
250 | 250 | pulling from https://127.0.0.1:$HGPORT/ |
General Comments 0
You need to be logged in to leave comments.
Login now