##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sslutil: issue warning when [hostfingerprint] is used...
sslutil: issue warning when [hostfingerprint] is used Mercurial 3.9 added the [hostsecurity] section, which is better than [hostfingerprints] in every way. One of the ways that [hostsecurity] is better is that it supports SHA-256 and SHA-512 fingerprints, not just SHA-1 fingerprints. The world is moving away from SHA-1 because it is borderline secure. Mercurial should be part of that movement. This patch adds a warning when a valid SHA-1 fingerprint from the [hostfingerprints] section is being used. The warning informs users to switch to [hostsecurity]. It even prints the config option they should set. It uses the SHA-256 fingerprint because recommending a SHA-1 fingerprint in 2017 would be ill-advised. The warning will print itself on every connection to a server until it is fixed. There is no way to suppress the warning. I admit this is annoying. But given the security implications of sticking with SHA-1, I think this is justified. If this patch is accepted, I'll likely send a follow-up to start warning on SHA-1 certificates in [hostsecurity] as well. Then sometime down the road, we can drop support for SHA-1 fingerprints. Credit for this idea comes from timeless in issue 5466.
Gregory Szorc - - Load All Authors

File last commit:

r30766:d7bf7d2b default
r31290:f819aa9d default
Show More
shortlog.tmpl
59 lines | 2.3 KiB | application/x-cheetah | CheetahLexer
/ mercurial / templates / monoblue / shortlog.tmpl
History | Annotation | Raw |Copy content |Copy permalink
{header}
<title>{repo|escape}: shortlog</title>
<link rel="alternate" type="application/atom+xml" href="{url|urlescape}atom-log" title="Atom feed for {repo|escape}"/>
<link rel="alternate" type="application/rss+xml" href="{url|urlescape}rss-log" title="RSS feed for {repo|escape}"/>
</head>
<body>
<div id="container">
<div class="page-header">
<h1 class="breadcrumb"><a href="/">Mercurial</a> {pathdef%breadcrumb} / shortlog</h1>
<form action="{url|urlescape}log">
{sessionvars%hiddenformentry}
<dl class="search">
<dt><label>Search: </label></dt>
<dd><input type="text" name="rev" /></dd>
</dl>
</form>
<ul class="page-nav">
<li><a href="{url|urlescape}summary{sessionvars%urlparameter}">summary</a></li>
<li class="current">shortlog</li>
<li><a href="{url|urlescape}log{sessionvars%urlparameter}">changelog</a></li>
<li><a href="{url|urlescape}graph/{symrev}{sessionvars%urlparameter}">graph</a></li>
<li><a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a></li>
<li><a href="{url|urlescape}bookmarks{sessionvars%urlparameter}">bookmarks</a></li>
<li><a href="{url|urlescape}branches{sessionvars%urlparameter}">branches</a></li>
<li><a href="{url|urlescape}file/{symrev}{sessionvars%urlparameter}">files</a></li>
{archives%archiveentry}
<li><a href="{url|urlescape}help{sessionvars%urlparameter}">help</a></li>
</ul>
</div>
<h2 class="no-link no-border">shortlog</h2>
<table class="shortlogtable">
{entries%shortlogentry}
</table>
<div class="page-path">
{changenav%navshort}
</div>
<script type="text/javascript"{if(nonce, ' nonce="{nonce}"')}>
ajaxScrollInit(
'{url|urlescape}shortlog/%next%{sessionvars%urlparameter}',
'{nextentry%"{node}"}', <!-- NEXTHASH
function (htmlText, previousVal) \{
var m = htmlText.match(/'(\w+)', <!-- NEXTHASH/);
return m ? m[1] : null;
},
'.shortlogtable > tbody:nth-of-type(1)',
'<tr class="%class%">\
<td colspan="4" style="text-align: center;">%text%</td>\
</tr>'
);
</script>
{footer}