##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sslutil: print SHA-256 fingerprint by default...
Gregory Szorc -
r29290:01248c37 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -373,8 +373,12 b' def validatesocket(sock):'
373 373 'sha256': util.sha256(peercert).hexdigest(),
374 374 'sha512': util.sha512(peercert).hexdigest(),
375 375 }
376 nicefingerprint = ':'.join([peerfingerprints['sha1'][x:x + 2]
377 for x in range(0, len(peerfingerprints['sha1']), 2)])
376
377 def fmtfingerprint(s):
378 return ':'.join([s[x:x + 2] for x in range(0, len(s), 2)])
379
380 legacyfingerprint = fmtfingerprint(peerfingerprints['sha1'])
381 nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256'])
378 382
379 383 if settings['legacyfingerprint']:
380 384 section = 'hostfingerprint'
@@ -389,10 +393,10 b' def validatesocket(sock):'
389 393 break
390 394 if not fingerprintmatch:
391 395 raise error.Abort(_('certificate for %s has unexpected '
392 'fingerprint %s') % (host, nicefingerprint),
396 'fingerprint %s') % (host, legacyfingerprint),
393 397 hint=_('check %s configuration') % section)
394 398 ui.debug('%s certificate matched fingerprint %s\n' %
395 (host, nicefingerprint))
399 (host, legacyfingerprint))
396 400 return
397 401
398 402 if not sock._hgstate['caloaded']:
Show file before | Show file after | Hide comments
@@ -176,7 +176,7 b' we are able to load CA certs.'
176 176 clone via pull
177 177
178 178 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
179 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostsecurity or web.cacerts config setting)
179 warning: localhost certificate with fingerprint sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 not verified (check hostsecurity or web.cacerts config setting)
180 180 requesting all changes
181 181 adding changesets
182 182 adding manifests
@@ -203,7 +203,7 b' pull without cacert'
203 203 $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc
204 204 $ hg pull $DISABLECACERTS
205 205 pulling from https://localhost:$HGPORT/
206 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostsecurity or web.cacerts config setting)
206 warning: localhost certificate with fingerprint sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 not verified (check hostsecurity or web.cacerts config setting)
207 207 searching for changes
208 208 adding changesets
209 209 adding manifests
@@ -244,7 +244,7 b' cacert mismatch'
244 244 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/
245 245 pulling from https://127.0.0.1:$HGPORT/
246 246 abort: 127.0.0.1 certificate error: certificate is for localhost
247 (configure hostsecurity 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca or use --insecure to connect insecurely)
247 (configure hostsecurity sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 or use --insecure to connect insecurely)
248 248 [255]
249 249 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure
250 250 pulling from https://127.0.0.1:$HGPORT/
General Comments 0
You need to be logged in to leave comments. Login now