upstream/mercurial-mirror Commit - r18887:2d7fac04

sslutil: abort if peer certificate is not verified for secure use...

FUJIWARA Katsunori -

r18887:2d7fac04 default

parent child

mercurial/sslutil.py

0 +9 -1

                     self.ui = ui
                     self.host = host
-                def __call__(self, sock):
+                def __call__(self, sock, strict=False):
                     host = self.host
                     cacerts = self.ui.config('web', 'cacerts')
                     hostfingerprint = self.ui.config('hostfingerprints', host)
                         if hostfingerprint:
                             raise util.Abort(_("host fingerprint for %s can't be "
                                                "verified (Python too old)") % host)
+                        if strict:
+                            raise util.Abort(_("certificate for %s can't be verified "
+                                               "(Python too old)") % host)
                         if self.ui.configbool('ui', 'reportoldssl', True):
                             self.ui.warn(_("warning: certificate for %s can't be verified "
                                            "(Python too old)\n") % host)
                                                     '--insecure to connect insecurely') %
                                                   nicefingerprint)
                         self.ui.debug('%s certificate successfully verified\n' % host)
+                    elif strict:
+                        raise util.Abort(_('%s certificate with fingerprint %s not '
+                                           'verified') % (host, nicefingerprint),
+                                         hint=_('check hostfingerprints or web.cacerts '
+                                                 'config setting'))
                     else:
                         self.ui.warn(_('warning: %s certificate with fingerprint %s not '
                                        'verified (check hostfingerprints or web.cacerts '

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages