[PATCH 1 of 2] url: debug print ssl certificate if verify failed
Yuya Nishihara
yuya at tcha.org
Sat Jan 8 07:08:25 CST 2011
# HG changeset patch
# User Yuya Nishihara <yuya at tcha.org>
# Date 1294491293 -32400
# Branch stable
# Node ID 160f24a7970a402d0f7df1912b92419d7acbd8f3
# Parent 74ed7f84498b066d6d90c97a3b15240b499365c1
url: debug print ssl certificate if verify failed
diff --git a/mercurial/url.py b/mercurial/url.py
--- a/mercurial/url.py
+++ b/mercurial/url.py
@@ -509,6 +509,18 @@ def _verifycert(cert, hostname):
return _('certificate is for %s') % certname
return _('no commonName found in certificate')
+def _printcert(cert, write):
+ write('ssl certificate:\n')
+ for k in ('version', 'notBefore', 'notAfter'):
+ if k in cert:
+ write(' %s: %s\n' % (k, cert[k]))
+ for k in ('issuer', 'subject'):
+ for s in cert.get(k, []):
+ key, value = s[0]
+ write(' %s.%s: %s\n' % (k, key, value.encode('ascii', 'replace')))
+ for key, value in cert.get('subjectAltName', []):
+ write(' subjectAltName.%s: %s\n' % (key, value))
+
if has_https:
class BetterHTTPS(httplib.HTTPSConnection):
send = keepalive.safesend
@@ -528,6 +540,8 @@ if has_https:
ca_certs=cacerts)
msg = _verifycert(self.sock.getpeercert(), self.host)
if msg:
+ if self.ui.debugflag:
+ _printcert(self.sock.getpeercert(), self.ui.debug)
raise util.Abort(_('%s certificate error: %s') %
(self.host, msg))
self.ui.debug('%s certificate successfully verified\n' %
More information about the Mercurial-devel
mailing list