118 # SSLContext.load_verify_locations(). |
118 # SSLContext.load_verify_locations(). |
119 'cafile': None, |
119 'cafile': None, |
120 # ssl.CERT_* constant used by SSLContext.verify_mode. |
120 # ssl.CERT_* constant used by SSLContext.verify_mode. |
121 'verifymode': None, |
121 'verifymode': None, |
122 } |
122 } |
|
123 |
|
124 # Look for fingerprints in [hostsecurity] section. Value is a list |
|
125 # of <alg>:<fingerprint> strings. |
|
126 fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname, |
|
127 []) |
|
128 for fingerprint in fingerprints: |
|
129 if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))): |
|
130 raise error.Abort(_('invalid fingerprint for %s: %s') % ( |
|
131 hostname, fingerprint), |
|
132 hint=_('must begin with "sha1:", "sha256:", ' |
|
133 'or "sha512:"')) |
|
134 |
|
135 alg, fingerprint = fingerprint.split(':', 1) |
|
136 fingerprint = fingerprint.replace(':', '').lower() |
|
137 s['certfingerprints'].append((alg, fingerprint)) |
123 |
138 |
124 # Fingerprints from [hostfingerprints] are always SHA-1. |
139 # Fingerprints from [hostfingerprints] are always SHA-1. |
125 for fingerprint in ui.configlist('hostfingerprints', hostname, []): |
140 for fingerprint in ui.configlist('hostfingerprints', hostname, []): |
126 fingerprint = fingerprint.replace(':', '').lower() |
141 fingerprint = fingerprint.replace(':', '').lower() |
127 s['certfingerprints'].append(('sha1', fingerprint)) |
142 s['certfingerprints'].append(('sha1', fingerprint)) |