upstream/mercurial-mirror Commit - r29293:1b3a0b0c

sslutil: print the fingerprint from the last hash used...

Gregory Szorc -

r29293:1b3a0b0c default

parent child

mercurial/sslutil.py

0 +8 -7

                 def fmtfingerprint(s):
                     return ':'.join([s[x:x + 2] for x in range(0, len(s), 2)])
-                legacyfingerprint = fmtfingerprint(peerfingerprints['sha1'])
                 nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256'])
-                if settings['legacyfingerprint']:
-                    section = 'hostfingerprint'
-                else:
-                    section = 'hostsecurity'
                 if settings['certfingerprints']:
                     for hash, fingerprint in settings['certfingerprints']:
                         if peerfingerprints[hash].lower() == fingerprint:
                                      (host, hash, fmtfingerprint(fingerprint)))
                             return
+                    # Pinned fingerprint didn't match. This is a fatal error.
+                    if settings['legacyfingerprint']:
+                        section = 'hostfingerprint'
+                        nice = fmtfingerprint(peerfingerprints['sha1'])
+                    else:
+                        section = 'hostsecurity'
+                        nice = '%s:%s' % (hash, fmtfingerprint(peerfingerprints[hash]))
                     raise error.Abort(_('certificate for %s has unexpected '
-                                        'fingerprint %s') % (host, legacyfingerprint),
+                                        'fingerprint %s') % (host, nice),
                                       hint=_('check %s configuration') % section)
                 if not sock._hgstate['caloaded']:

tests/test-https.t

0 +1 -1

               [255]
               $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
-              abort: certificate for localhost has unexpected fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca
+              abort: certificate for localhost has unexpected fingerprint sha1:91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca
               (check hostsecurity configuration)
               [255]

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages