upstream/mercurial-mirror Commit - r15813:3ae04eb5

sslutil: handle setups without .getpeercert() early in the validator...

Mads Kiilerich -

r15813:3ae04eb5 default

parent child

mercurial/sslutil.py

0 +7 -7

                     host = self.host
                     cacerts = self.ui.config('web', 'cacerts')
                     hostfingerprint = self.ui.config('hostfingerprints', host)
+                    if not getattr(sock, 'getpeercert', False): # python 2.5 ?
+                        if hostfingerprint:
+                            raise util.Abort(_("host fingerprint for %s can't be "
+                                               "verified (Python too old)") % host)
+                        self.ui.warn(_("warning: certificate for %s can't be verified "
+                                       "(Python too old)\n") % host)
+                        return
                     if cacerts and not hostfingerprint:
                         msg = _verifycert(sock.getpeercert(), host)
                         if msg:
                                                'insecurely)') % (host, msg))
                         self.ui.debug('%s certificate successfully verified\n' % host)
                     else:
-                        if getattr(sock, 'getpeercert', False):
                         peercert = sock.getpeercert(True)
                         peerfingerprint = util.sha1(peercert).hexdigest()
                         nicefingerprint = ":".join([peerfingerprint[x:x + 2]
                                            '(check hostfingerprints or web.cacerts '
                                            'config setting)\n') %
                                          (host, nicefingerprint))
-                        else: # python 2.5 ?
-                            if hostfingerprint:
-                                raise util.Abort(_("host fingerprint for %s can't be "
-                                                   "verified (Python too old)") % host)
-                            self.ui.warn(_("warning: certificate for %s can't be "
-                                           "verified (Python too old)\n") % host)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages