Show More
| @@ -264,8 +264,6 b' class validator(object):' | |||
|
|
264 | 264 | |
|
|
265 | 265 | def __call__(self, sock, strict=False): |
|
|
266 | 266 | host = self.host |
|
|
267 | cacerts = self.ui.config('web', 'cacerts') | |
|
|
268 | hostfingerprints = self.ui.configlist('hostfingerprints', host) | |
|
|
269 | 267 | |
|
|
270 | 268 | if not sock.cipher(): # work around http://bugs.python.org/issue13721 |
|
|
271 | 269 | raise error.Abort(_('%s ssl connection error') % host) |
| @@ -278,6 +276,10 b' class validator(object):' | |||
|
|
278 | 276 | if not peercert: |
|
|
279 | 277 | raise error.Abort(_('%s certificate error: ' |
|
|
280 | 278 | 'no certificate received') % host) |
|
|
279 | ||
|
|
280 | # If a certificate fingerprint is pinned, use it and only it to | |
|
|
281 | # validate the remote cert. | |
|
|
282 | hostfingerprints = self.ui.configlist('hostfingerprints', host) | |
|
|
281 | 283 | peerfingerprint = util.sha1(peercert).hexdigest() |
|
|
282 | 284 | nicefingerprint = ":".join([peerfingerprint[x:x + 2] |
|
|
283 | 285 | for x in xrange(0, len(peerfingerprint), 2)]) |
| @@ -294,7 +296,11 b' class validator(object):' | |||
|
|
294 | 296 | hint=_('check hostfingerprint configuration')) |
|
|
295 | 297 | self.ui.debug('%s certificate matched fingerprint %s\n' % |
|
|
296 | 298 | (host, nicefingerprint)) |
|
|
297 | elif cacerts != '!': | |
|
|
299 | return | |
|
|
300 | ||
|
|
301 | # No pinned fingerprint. Establish trust by looking at the CAs. | |
|
|
302 | cacerts = self.ui.config('web', 'cacerts') | |
|
|
303 | if cacerts != '!': | |
|
|
298 | 304 | msg = _verifycert(peercert2, host) |
|
|
299 | 305 | if msg: |
|
|
300 | 306 | raise error.Abort(_('%s certificate error: %s') % (host, msg), |
General Comments 0
You need to be logged in to leave comments.
Login now