equal
deleted
inserted
replaced
371 peerfingerprints = { |
371 peerfingerprints = { |
372 'sha1': util.sha1(peercert).hexdigest(), |
372 'sha1': util.sha1(peercert).hexdigest(), |
373 'sha256': util.sha256(peercert).hexdigest(), |
373 'sha256': util.sha256(peercert).hexdigest(), |
374 'sha512': util.sha512(peercert).hexdigest(), |
374 'sha512': util.sha512(peercert).hexdigest(), |
375 } |
375 } |
376 nicefingerprint = ':'.join([peerfingerprints['sha1'][x:x + 2] |
376 |
377 for x in range(0, len(peerfingerprints['sha1']), 2)]) |
377 def fmtfingerprint(s): |
|
378 return ':'.join([s[x:x + 2] for x in range(0, len(s), 2)]) |
|
379 |
|
380 legacyfingerprint = fmtfingerprint(peerfingerprints['sha1']) |
|
381 nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256']) |
378 |
382 |
379 if settings['legacyfingerprint']: |
383 if settings['legacyfingerprint']: |
380 section = 'hostfingerprint' |
384 section = 'hostfingerprint' |
381 else: |
385 else: |
382 section = 'hostsecurity' |
386 section = 'hostsecurity' |
387 if peerfingerprints[hash].lower() == fingerprint: |
391 if peerfingerprints[hash].lower() == fingerprint: |
388 fingerprintmatch = True |
392 fingerprintmatch = True |
389 break |
393 break |
390 if not fingerprintmatch: |
394 if not fingerprintmatch: |
391 raise error.Abort(_('certificate for %s has unexpected ' |
395 raise error.Abort(_('certificate for %s has unexpected ' |
392 'fingerprint %s') % (host, nicefingerprint), |
396 'fingerprint %s') % (host, legacyfingerprint), |
393 hint=_('check %s configuration') % section) |
397 hint=_('check %s configuration') % section) |
394 ui.debug('%s certificate matched fingerprint %s\n' % |
398 ui.debug('%s certificate matched fingerprint %s\n' % |
395 (host, nicefingerprint)) |
399 (host, legacyfingerprint)) |
396 return |
400 return |
397 |
401 |
398 if not sock._hgstate['caloaded']: |
402 if not sock._hgstate['caloaded']: |
399 ui.warn(_('warning: %s certificate with fingerprint %s ' |
403 ui.warn(_('warning: %s certificate with fingerprint %s ' |
400 'not verified (check %s or web.cacerts config ' |
404 'not verified (check %s or web.cacerts config ' |