Show More
@@ -110,18 +110,19 b' class validator(object):' | |||||
110 | self.ui.warn(_("warning: certificate for %s can't be verified " |
|
110 | self.ui.warn(_("warning: certificate for %s can't be verified " | |
111 | "(Python too old)\n") % host) |
|
111 | "(Python too old)\n") % host) | |
112 | return |
|
112 | return | |
|
113 | peercert = sock.getpeercert(True) | |||
|
114 | peerfingerprint = util.sha1(peercert).hexdigest() | |||
|
115 | nicefingerprint = ":".join([peerfingerprint[x:x + 2] | |||
|
116 | for x in xrange(0, len(peerfingerprint), 2)]) | |||
113 | if cacerts and not hostfingerprint: |
|
117 | if cacerts and not hostfingerprint: | |
114 | msg = _verifycert(sock.getpeercert(), host) |
|
118 | msg = _verifycert(sock.getpeercert(), host) | |
115 | if msg: |
|
119 | if msg: | |
116 |
raise util.Abort(_('%s certificate error: %s |
|
120 | raise util.Abort(_('%s certificate error: %s') % (host, msg), | |
117 | '(use --insecure to connect ' |
|
121 | hint=_('configure hostfingerprint %s or use ' | |
118 |
'insecurely |
|
122 | '--insecure to connect insecurely') % | |
|
123 | nicefingerprint) | |||
119 | self.ui.debug('%s certificate successfully verified\n' % host) |
|
124 | self.ui.debug('%s certificate successfully verified\n' % host) | |
120 | else: |
|
125 | else: | |
121 | peercert = sock.getpeercert(True) |
|
|||
122 | peerfingerprint = util.sha1(peercert).hexdigest() |
|
|||
123 | nicefingerprint = ":".join([peerfingerprint[x:x + 2] |
|
|||
124 | for x in xrange(0, len(peerfingerprint), 2)]) |
|
|||
125 | if hostfingerprint: |
|
126 | if hostfingerprint: | |
126 | if peerfingerprint.lower() != \ |
|
127 | if peerfingerprint.lower() != \ | |
127 | hostfingerprint.replace(':', '').lower(): |
|
128 | hostfingerprint.replace(':', '').lower(): |
@@ -180,7 +180,8 b' variables in the filename' | |||||
180 | cacert mismatch |
|
180 | cacert mismatch | |
181 |
|
181 | |||
182 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ |
|
182 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ | |
183 |
abort: 127.0.0.1 certificate error: certificate is for localhost |
|
183 | abort: 127.0.0.1 certificate error: certificate is for localhost | |
|
184 | (configure hostfingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca or use --insecure to connect insecurely) | |||
184 | [255] |
|
185 | [255] | |
185 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure |
|
186 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure | |
186 | warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
|
187 | warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) |
General Comments 0
You need to be logged in to leave comments.
Login now