upstream/mercurial-mirror Commit - r15813:3ae04eb5

sslutil: handle setups without .getpeercert() early in the validator...

Mads Kiilerich -

r15813:3ae04eb5 default

parent child

mercurial/sslutil.py

0 +25 -25

		@@ -103,6 +103,13 b' class validator(object):'
103	103	host = self.host
104	104	cacerts = self.ui.config('web', 'cacerts')
105	105	hostfingerprint = self.ui.config('hostfingerprints', host)
	106	if not getattr(sock, 'getpeercert', False): # python 2.5 ?
	107	if hostfingerprint:
	108	raise util.Abort(_("host fingerprint for %s can't be "
	109	"verified (Python too old)") % host)
	110	self.ui.warn(_("warning: certificate for %s can't be verified "
	111	"(Python too old)\n") % host)
	112	return
106	113	if cacerts and not hostfingerprint:
107	114	msg = _verifycert(sock.getpeercert(), host)
108	115	if msg:
		@@ -111,28 +118,21 b' class validator(object):'
111	118	'insecurely)') % (host, msg))
112	119	self.ui.debug('%s certificate successfully verified\n' % host)
113	120	else:
114		if ~~getattr~~(~~sock~~, ~~'getpeercert'~~, ~~Fals~~e):
115		~~peercer~~t = ~~sock~~.~~getpeercert~~(~~True~~)
116		peerfingerprint = util.sha1(peercert).hexdigest()
117		~~nicefingerprint~~ = ~~":"~~.~~join~~([~~peerfingerprint~~[x:x + 2]
118		for x in xrange(0, len(peerfingerprint), 2)])
119		if ~~host~~fingerprint:
120		if ~~peerfingerprint~~.lower() != \
121		hostfingerprint.replace(':', '').lower():
122		raise util.Abort(_('invalid certificate for %s '
123		~~'with~~ fingerprint %s') %
124		(host, nicefingerprint))
125		self.ui.debug('%s certificate matched fingerprint %s\n' %
126		(host, nicefingerprint))
127		else:
128		self.ui.warn(_('warning: %s certificate '
129		'~~with~~ fingerprint %s ~~not verified~~ '
130		'~~(check hostfingerprints or web.cacerts~~ '
131		~~'config setting)~~\n') %
132		(host, nicefingerprint))
133		else: # python 2.5 ?
134		if hostfingerprint:
135		raise util.Abort(_("host fingerprint for %s can't be "
136		"verified (Python too old)") % host)
137		self.ui.warn(_("warning: certificate for %s can't be "
138		"verified (Python too old)\n") % host)
	121	peercert = sock.getpeercert(True)
	122	peerfingerprint = util.sha1(peercert).hexdigest()
	123	nicefingerprint = ":".join([peerfingerprint[x:x + 2]
	124	for x in xrange(0, len(peerfingerprint), 2)])
	125	if hostfingerprint:
	126	if peerfingerprint.lower() != \
	127	hostfingerprint.replace(':', '').lower():
	128	raise util.Abort(_('invalid certificate for %s '
	129	'with fingerprint %s') %
	130	(host, nicefingerprint))
	131	self.ui.debug('%s certificate matched fingerprint %s\n' %
	132	(host, nicefingerprint))
	133	else:
	134	self.ui.warn(_('warning: %s certificate '
	135	'with fingerprint %s not verified '
	136	'(check hostfingerprints or web.cacerts '
	137	'config setting)\n') %
	138	(host, nicefingerprint))

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages