upstream/mercurial-mirror Commit - r29226:33006bd6

sslutil: store and use hostname and ui in socket instance...

Gregory Szorc -

r29226:33006bd6 default

parent child

mercurial/sslutil.py

0 +11 -9

                  sslsocket._hgstate = {
                      'caloaded': caloaded,
+                     'hostname': serverhostname,
+                     'ui': ui,
                  }
                  return sslsocket
                  return kws
              class validator(object):
-                 def __init__(self, ui, host):
-                     self.ui = ui
-                     self.host = host
+                 def __init__(self, ui=None, host=None):
+                     pass
                  def __call__(self, sock, strict=False):
-                     host = self.host
+                     host = sock._hgstate['hostname']
+                     ui = sock._hgstate['ui']
                      if not sock.cipher(): # work around http://bugs.python.org/issue13721
                          raise error.Abort(_('%s ssl connection error') % host)
                      # If a certificate fingerprint is pinned, use it and only it to
                      # validate the remote cert.
-                     hostfingerprints = self.ui.configlist('hostfingerprints', host)
+                     hostfingerprints = ui.configlist('hostfingerprints', host)
                      peerfingerprint = util.sha1(peercert).hexdigest()
                      nicefingerprint = ":".join([peerfingerprint[x:x + 2]
                          for x in xrange(0, len(peerfingerprint), 2)])
                              raise error.Abort(_('certificate for %s has unexpected '
                                                 'fingerprint %s') % (host, nicefingerprint),
                                               hint=_('check hostfingerprint configuration'))
-                         self.ui.debug('%s certificate matched fingerprint %s\n' %
+                         ui.debug('%s certificate matched fingerprint %s\n' %
-                                       (host, nicefingerprint))
                          return
                      # It may seem odd that this is checked *after* host fingerprint pinning.
                      # This is for backwards compatibility (for now). The message is also
                      # the same as below for BC.
-                     if self.ui.insecureconnections:
-                         self.ui.warn(_('warning: %s certificate with fingerprint %s not '
+                     if ui.insecureconnections:
+                         ui.warn(_('warning: %s certificate with fingerprint %s not '
-                                        'verified (check hostfingerprints or web.cacerts '
-                                        'config setting)\n') %
-                                      (host, nicefingerprint))
                                                hint=_('check hostfingerprints or '
                                                       'web.cacerts config setting'))
                          else:
-                             self.ui.warn(_('warning: %s certificate with fingerprint %s '
+                             ui.warn(_('warning: %s certificate with fingerprint %s '
-                                            'not verified (check hostfingerprints or '
-                                            'web.cacerts config setting)\n') %
-                                          (host, nicefingerprint))

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages