Show More
@@ -377,14 +377,8 b' def validatesocket(sock):' | |||||
377 | def fmtfingerprint(s): |
|
377 | def fmtfingerprint(s): | |
378 | return ':'.join([s[x:x + 2] for x in range(0, len(s), 2)]) |
|
378 | return ':'.join([s[x:x + 2] for x in range(0, len(s), 2)]) | |
379 |
|
379 | |||
380 | legacyfingerprint = fmtfingerprint(peerfingerprints['sha1']) |
|
|||
381 | nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256']) |
|
380 | nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256']) | |
382 |
|
381 | |||
383 | if settings['legacyfingerprint']: |
|
|||
384 | section = 'hostfingerprint' |
|
|||
385 | else: |
|
|||
386 | section = 'hostsecurity' |
|
|||
387 |
|
||||
388 | if settings['certfingerprints']: |
|
382 | if settings['certfingerprints']: | |
389 | for hash, fingerprint in settings['certfingerprints']: |
|
383 | for hash, fingerprint in settings['certfingerprints']: | |
390 | if peerfingerprints[hash].lower() == fingerprint: |
|
384 | if peerfingerprints[hash].lower() == fingerprint: | |
@@ -392,8 +386,15 b' def validatesocket(sock):' | |||||
392 | (host, hash, fmtfingerprint(fingerprint))) |
|
386 | (host, hash, fmtfingerprint(fingerprint))) | |
393 | return |
|
387 | return | |
394 |
|
388 | |||
|
389 | # Pinned fingerprint didn't match. This is a fatal error. | |||
|
390 | if settings['legacyfingerprint']: | |||
|
391 | section = 'hostfingerprint' | |||
|
392 | nice = fmtfingerprint(peerfingerprints['sha1']) | |||
|
393 | else: | |||
|
394 | section = 'hostsecurity' | |||
|
395 | nice = '%s:%s' % (hash, fmtfingerprint(peerfingerprints[hash])) | |||
395 | raise error.Abort(_('certificate for %s has unexpected ' |
|
396 | raise error.Abort(_('certificate for %s has unexpected ' | |
396 |
'fingerprint %s') % (host, |
|
397 | 'fingerprint %s') % (host, nice), | |
397 | hint=_('check %s configuration') % section) |
|
398 | hint=_('check %s configuration') % section) | |
398 |
|
399 | |||
399 | if not sock._hgstate['caloaded']: |
|
400 | if not sock._hgstate['caloaded']: |
@@ -314,7 +314,7 b' Fingerprints' | |||||
314 | [255] |
|
314 | [255] | |
315 |
|
315 | |||
316 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ |
|
316 | $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ | |
317 | abort: certificate for localhost has unexpected fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca |
|
317 | abort: certificate for localhost has unexpected fingerprint sha1:91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca | |
318 | (check hostsecurity configuration) |
|
318 | (check hostsecurity configuration) | |
319 | [255] |
|
319 | [255] | |
320 |
|
320 |
General Comments 0
You need to be logged in to leave comments.
Login now