Show More
@@ -173,6 +173,8 b' def wrapsocket(sock, keyfile, certfile, ' | |||||
173 |
|
173 | |||
174 | sslsocket._hgstate = { |
|
174 | sslsocket._hgstate = { | |
175 | 'caloaded': caloaded, |
|
175 | 'caloaded': caloaded, | |
|
176 | 'hostname': serverhostname, | |||
|
177 | 'ui': ui, | |||
176 | } |
|
178 | } | |
177 |
|
179 | |||
178 | return sslsocket |
|
180 | return sslsocket | |
@@ -290,12 +292,12 b' def sslkwargs(ui, host):' | |||||
290 | return kws |
|
292 | return kws | |
291 |
|
293 | |||
292 | class validator(object): |
|
294 | class validator(object): | |
293 | def __init__(self, ui, host): |
|
295 | def __init__(self, ui=None, host=None): | |
294 | self.ui = ui |
|
296 | pass | |
295 | self.host = host |
|
|||
296 |
|
297 | |||
297 | def __call__(self, sock, strict=False): |
|
298 | def __call__(self, sock, strict=False): | |
298 |
host = s |
|
299 | host = sock._hgstate['hostname'] | |
|
300 | ui = sock._hgstate['ui'] | |||
299 |
|
301 | |||
300 | if not sock.cipher(): # work around http://bugs.python.org/issue13721 |
|
302 | if not sock.cipher(): # work around http://bugs.python.org/issue13721 | |
301 | raise error.Abort(_('%s ssl connection error') % host) |
|
303 | raise error.Abort(_('%s ssl connection error') % host) | |
@@ -311,7 +313,7 b' class validator(object):' | |||||
311 |
|
313 | |||
312 | # If a certificate fingerprint is pinned, use it and only it to |
|
314 | # If a certificate fingerprint is pinned, use it and only it to | |
313 | # validate the remote cert. |
|
315 | # validate the remote cert. | |
314 |
hostfingerprints = |
|
316 | hostfingerprints = ui.configlist('hostfingerprints', host) | |
315 | peerfingerprint = util.sha1(peercert).hexdigest() |
|
317 | peerfingerprint = util.sha1(peercert).hexdigest() | |
316 | nicefingerprint = ":".join([peerfingerprint[x:x + 2] |
|
318 | nicefingerprint = ":".join([peerfingerprint[x:x + 2] | |
317 | for x in xrange(0, len(peerfingerprint), 2)]) |
|
319 | for x in xrange(0, len(peerfingerprint), 2)]) | |
@@ -326,7 +328,7 b' class validator(object):' | |||||
326 | raise error.Abort(_('certificate for %s has unexpected ' |
|
328 | raise error.Abort(_('certificate for %s has unexpected ' | |
327 | 'fingerprint %s') % (host, nicefingerprint), |
|
329 | 'fingerprint %s') % (host, nicefingerprint), | |
328 | hint=_('check hostfingerprint configuration')) |
|
330 | hint=_('check hostfingerprint configuration')) | |
329 |
|
|
331 | ui.debug('%s certificate matched fingerprint %s\n' % | |
330 |
|
|
332 | (host, nicefingerprint)) | |
331 | return |
|
333 | return | |
332 |
|
334 | |||
@@ -336,8 +338,8 b' class validator(object):' | |||||
336 | # It may seem odd that this is checked *after* host fingerprint pinning. |
|
338 | # It may seem odd that this is checked *after* host fingerprint pinning. | |
337 | # This is for backwards compatibility (for now). The message is also |
|
339 | # This is for backwards compatibility (for now). The message is also | |
338 | # the same as below for BC. |
|
340 | # the same as below for BC. | |
339 |
if |
|
341 | if ui.insecureconnections: | |
340 |
|
|
342 | ui.warn(_('warning: %s certificate with fingerprint %s not ' | |
341 |
|
|
343 | 'verified (check hostfingerprints or web.cacerts ' | |
342 |
|
|
344 | 'config setting)\n') % | |
343 |
|
|
345 | (host, nicefingerprint)) | |
@@ -350,7 +352,7 b' class validator(object):' | |||||
350 | hint=_('check hostfingerprints or ' |
|
352 | hint=_('check hostfingerprints or ' | |
351 | 'web.cacerts config setting')) |
|
353 | 'web.cacerts config setting')) | |
352 | else: |
|
354 | else: | |
353 |
|
|
355 | ui.warn(_('warning: %s certificate with fingerprint %s ' | |
354 |
|
|
356 | 'not verified (check hostfingerprints or ' | |
355 |
|
|
357 | 'web.cacerts config setting)\n') % | |
356 |
|
|
358 | (host, nicefingerprint)) |
General Comments 0
You need to be logged in to leave comments.
Login now