Show More
| @@ -264,8 +264,6 b' class validator(object):' | |||||
| 264 |
|
264 | |||
| 265 | def __call__(self, sock, strict=False): |
|
265 | def __call__(self, sock, strict=False): | |
| 266 | host = self.host |
|
266 | host = self.host | |
| 267 | cacerts = self.ui.config('web', 'cacerts') |
|
|||
| 268 | hostfingerprints = self.ui.configlist('hostfingerprints', host) |
|
|||
| 269 |
|
267 | |||
| 270 | if not sock.cipher(): # work around http://bugs.python.org/issue13721 |
|
268 | if not sock.cipher(): # work around http://bugs.python.org/issue13721 | |
| 271 | raise error.Abort(_('%s ssl connection error') % host) |
|
269 | raise error.Abort(_('%s ssl connection error') % host) | |
| @@ -278,6 +276,10 b' class validator(object):' | |||||
| 278 | if not peercert: |
|
276 | if not peercert: | |
| 279 | raise error.Abort(_('%s certificate error: ' |
|
277 | raise error.Abort(_('%s certificate error: ' | |
| 280 | 'no certificate received') % host) |
|
278 | 'no certificate received') % host) | |
|
|
279 | ||||
|
|
280 | # If a certificate fingerprint is pinned, use it and only it to | |||
|
|
281 | # validate the remote cert. | |||
|
|
282 | hostfingerprints = self.ui.configlist('hostfingerprints', host) | |||
| 281 | peerfingerprint = util.sha1(peercert).hexdigest() |
|
283 | peerfingerprint = util.sha1(peercert).hexdigest() | |
| 282 | nicefingerprint = ":".join([peerfingerprint[x:x + 2] |
|
284 | nicefingerprint = ":".join([peerfingerprint[x:x + 2] | |
| 283 | for x in xrange(0, len(peerfingerprint), 2)]) |
|
285 | for x in xrange(0, len(peerfingerprint), 2)]) | |
| @@ -294,7 +296,11 b' class validator(object):' | |||||
| 294 | hint=_('check hostfingerprint configuration')) |
|
296 | hint=_('check hostfingerprint configuration')) | |
| 295 | self.ui.debug('%s certificate matched fingerprint %s\n' % |
|
297 | self.ui.debug('%s certificate matched fingerprint %s\n' % | |
| 296 | (host, nicefingerprint)) |
|
298 | (host, nicefingerprint)) | |
| 297 | elif cacerts != '!': |
|
299 | return | |
|
|
300 | ||||
|
|
301 | # No pinned fingerprint. Establish trust by looking at the CAs. | |||
|
|
302 | cacerts = self.ui.config('web', 'cacerts') | |||
|
|
303 | if cacerts != '!': | |||
| 298 | msg = _verifycert(peercert2, host) |
|
304 | msg = _verifycert(peercert2, host) | |
| 299 | if msg: |
|
305 | if msg: | |
| 300 | raise error.Abort(_('%s certificate error: %s') % (host, msg), |
|
306 | raise error.Abort(_('%s certificate error: %s') % (host, msg), | |
General Comments 0
You need to be logged in to leave comments.
Login now