Show More
| @@ -546,23 +546,21 b' if has_https:' | |||||
| 546 | send = keepalive.safesend |
|
546 | send = keepalive.safesend | |
| 547 |
|
547 | |||
| 548 | def connect(self): |
|
548 | def connect(self): | |
|
|
549 | host = self.host | |||
| 549 | cacerts = self.ui.config('web', 'cacerts') |
|
550 | cacerts = self.ui.config('web', 'cacerts') | |
| 550 | if cacerts: |
|
551 | hostfingerprint = self.ui.config('hostfingerprints', host) | |
| 551 | cacerts = util.expandpath(cacerts) |
|
|||
| 552 |
|
552 | |||
| 553 | hostfingerprint = self.ui.config('hostfingerprints', self.host) |
|
|||
| 554 | if cacerts and not hostfingerprint: |
|
553 | if cacerts and not hostfingerprint: | |
| 555 | sock = _create_connection((self.host, self.port)) |
|
554 | sock = _create_connection((self.host, self.port)) | |
| 556 | self.sock = _ssl_wrap_socket(sock, self.key_file, |
|
555 | self.sock = _ssl_wrap_socket(self.sock, self.key_file, | |
| 557 |
|
|
556 | self.cert_file, cert_reqs=CERT_REQUIRED, | |
| 558 |
|
|
557 | ca_certs=util.expandpath(cacerts)) | |
| 559 |
msg = _verifycert(self.sock.getpeercert(), |
|
558 | msg = _verifycert(self.sock.getpeercert(), host) | |
| 560 | if msg: |
|
559 | if msg: | |
| 561 | raise util.Abort(_('%s certificate error: %s ' |
|
560 | raise util.Abort(_('%s certificate error: %s ' | |
| 562 | '(use --insecure to connect ' |
|
561 | '(use --insecure to connect ' | |
| 563 |
'insecurely)') % ( |
|
562 | 'insecurely)') % (host, msg)) | |
| 564 | self.ui.debug('%s certificate successfully verified\n' % |
|
563 | self.ui.debug('%s certificate successfully verified\n' % host) | |
| 565 | self.host) |
|
|||
| 566 | else: |
|
564 | else: | |
| 567 | httplib.HTTPSConnection.connect(self) |
|
565 | httplib.HTTPSConnection.connect(self) | |
| 568 | if hasattr(self.sock, 'getpeercert'): |
|
566 | if hasattr(self.sock, 'getpeercert'): | |
| @@ -575,22 +573,22 b' if has_https:' | |||||
| 575 | hostfingerprint.replace(':', '').lower(): |
|
573 | hostfingerprint.replace(':', '').lower(): | |
| 576 | raise util.Abort(_('invalid certificate for %s ' |
|
574 | raise util.Abort(_('invalid certificate for %s ' | |
| 577 | 'with fingerprint %s') % |
|
575 | 'with fingerprint %s') % | |
| 578 |
( |
|
576 | (host, nicefingerprint)) | |
| 579 | self.ui.debug('%s certificate matched fingerprint %s\n' % |
|
577 | self.ui.debug('%s certificate matched fingerprint %s\n' % | |
| 580 |
( |
|
578 | (host, nicefingerprint)) | |
| 581 | else: |
|
579 | else: | |
| 582 | self.ui.warn(_('warning: %s certificate ' |
|
580 | self.ui.warn(_('warning: %s certificate ' | |
| 583 | 'with fingerprint %s not verified ' |
|
581 | 'with fingerprint %s not verified ' | |
| 584 | '(check hostfingerprints or web.cacerts ' |
|
582 | '(check hostfingerprints or web.cacerts ' | |
| 585 | 'config setting)\n') % |
|
583 | 'config setting)\n') % | |
| 586 |
( |
|
584 | (host, nicefingerprint)) | |
| 587 | else: # python 2.5 ? |
|
585 | else: # python 2.5 ? | |
| 588 | if hostfingerprint: |
|
586 | if hostfingerprint: | |
| 589 | raise util.Abort(_('no certificate for %s ' |
|
587 | raise util.Abort(_('no certificate for %s with ' | |
| 590 |
' |
|
588 | 'configured hostfingerprint') % host) | |
| 591 | self.ui.warn(_('warning: %s certificate not verified ' |
|
589 | self.ui.warn(_('warning: %s certificate not verified ' | |
| 592 | '(check web.cacerts config setting)\n') % |
|
590 | '(check web.cacerts config setting)\n') % | |
| 593 |
|
|
591 | host) | |
| 594 |
|
592 | |||
| 595 | class httpsconnection(BetterHTTPS): |
|
593 | class httpsconnection(BetterHTTPS): | |
| 596 | response_class = keepalive.HTTPResponse |
|
594 | response_class = keepalive.HTTPResponse | |
General Comments 0
You need to be logged in to leave comments.
Login now