upstream/mercurial-mirror Commit - r29262:dfc4f08a

sslutil: calculate host fingerprints from additional algorithms...

Gregory Szorc -

r29262:dfc4f08a default

parent child

mercurial/sslutil.py

0 +9 -4

                 # If a certificate fingerprint is pinned, use it and only it to
                 # validate the remote cert.
-                peerfingerprint = util.sha1(peercert).hexdigest()
+                peerfingerprints = {
-                nicefingerprint = ":".join([peerfingerprint[x:x + 2]
+                    'sha1': util.sha1(peercert).hexdigest(),
-                    for x in xrange(0, len(peerfingerprint), 2)])
+                    'sha256': util.sha256(peercert).hexdigest(),
+                    'sha512': util.sha512(peercert).hexdigest(),
+                }
+                nicefingerprint = ':'.join([peerfingerprints['sha1'][x:x + 2]
+                    for x in range(0, len(peerfingerprints['sha1']), 2)])
                 if settings['certfingerprints']:
                     fingerprintmatch = False
                     for hash, fingerprint in settings['certfingerprints']:
-                        if peerfingerprint.lower() == fingerprint:
+                        if peerfingerprints[hash].lower() == fingerprint:
                             fingerprintmatch = True
                             break
                     if not fingerprintmatch:

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages