Show More
@@ -173,6 +173,8 b' def wrapsocket(sock, keyfile, certfile, ' | |||
|
173 | 173 | |
|
174 | 174 | sslsocket._hgstate = { |
|
175 | 175 | 'caloaded': caloaded, |
|
176 | 'hostname': serverhostname, | |
|
177 | 'ui': ui, | |
|
176 | 178 | } |
|
177 | 179 | |
|
178 | 180 | return sslsocket |
@@ -290,12 +292,12 b' def sslkwargs(ui, host):' | |||
|
290 | 292 | return kws |
|
291 | 293 | |
|
292 | 294 | class validator(object): |
|
293 | def __init__(self, ui, host): | |
|
294 | self.ui = ui | |
|
295 | self.host = host | |
|
295 | def __init__(self, ui=None, host=None): | |
|
296 | pass | |
|
296 | 297 | |
|
297 | 298 | def __call__(self, sock, strict=False): |
|
298 |
host = s |
|
|
299 | host = sock._hgstate['hostname'] | |
|
300 | ui = sock._hgstate['ui'] | |
|
299 | 301 | |
|
300 | 302 | if not sock.cipher(): # work around http://bugs.python.org/issue13721 |
|
301 | 303 | raise error.Abort(_('%s ssl connection error') % host) |
@@ -311,7 +313,7 b' class validator(object):' | |||
|
311 | 313 | |
|
312 | 314 | # If a certificate fingerprint is pinned, use it and only it to |
|
313 | 315 | # validate the remote cert. |
|
314 |
hostfingerprints = |
|
|
316 | hostfingerprints = ui.configlist('hostfingerprints', host) | |
|
315 | 317 | peerfingerprint = util.sha1(peercert).hexdigest() |
|
316 | 318 | nicefingerprint = ":".join([peerfingerprint[x:x + 2] |
|
317 | 319 | for x in xrange(0, len(peerfingerprint), 2)]) |
@@ -326,7 +328,7 b' class validator(object):' | |||
|
326 | 328 | raise error.Abort(_('certificate for %s has unexpected ' |
|
327 | 329 | 'fingerprint %s') % (host, nicefingerprint), |
|
328 | 330 | hint=_('check hostfingerprint configuration')) |
|
329 |
|
|
|
331 | ui.debug('%s certificate matched fingerprint %s\n' % | |
|
330 | 332 |
|
|
331 | 333 | return |
|
332 | 334 | |
@@ -336,8 +338,8 b' class validator(object):' | |||
|
336 | 338 | # It may seem odd that this is checked *after* host fingerprint pinning. |
|
337 | 339 | # This is for backwards compatibility (for now). The message is also |
|
338 | 340 | # the same as below for BC. |
|
339 |
if |
|
|
340 |
|
|
|
341 | if ui.insecureconnections: | |
|
342 | ui.warn(_('warning: %s certificate with fingerprint %s not ' | |
|
341 | 343 |
|
|
342 | 344 |
|
|
343 | 345 |
|
@@ -350,7 +352,7 b' class validator(object):' | |||
|
350 | 352 | hint=_('check hostfingerprints or ' |
|
351 | 353 | 'web.cacerts config setting')) |
|
352 | 354 | else: |
|
353 |
|
|
|
355 | ui.warn(_('warning: %s certificate with fingerprint %s ' | |
|
354 | 356 |
|
|
355 | 357 |
|
|
356 | 358 |
|
General Comments 0
You need to be logged in to leave comments.
Login now