[PATCH 2 of 2] sslutil: Only emit debug log messages accessing https repo on python2.4+2.5
Mads Kiilerich
mads at kiilerich.com
Tue Jun 14 05:24:00 CDT 2011
Thanks for updating the patches. The first one is fine, and this one is
so clear that I can say that I don't agree:
On 06/14/2011 05:32 AM, Stephen Thorne wrote:
> # HG changeset patch
> # User Stephen Thorne<stephen at thorne.id.au>
> # Date 1308022297 -36000
> # Node ID 95f9cf24a44654c375cf4a3940ada279b29cb087
> # Parent 6a28d54139bdcc49820978ed0c292d8d8c19123f
> sslutil: Only emit debug log messages accessing https repo on python2.4+2.5
>
> When accessing a https repository, a warning would be mitted telling the user
> there was not hostfingerprint set in the configuration. If a hostfingerprint
> was added to the http configuration then an Abort would happen every time
> because socket.getpeercert() is not available and thus the fingerprint can't be
> verified.
>
> The warning has been downgraded to an info on python2.4+2.5 and no longer
> allows you to cause mercurial to simply Abort when you attempt to configure it
> to verify the certificate.
If Mercurial has been configured to check the fingerprint of the remote
server but can't do it then it MUST abort - just like it will abort with
"certificate checking requires Python 2.6" if web.cacerts has been
configured.
> diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
> --- a/mercurial/sslutil.py
> +++ b/mercurial/sslutil.py
...
> - else: # python 2.5 ?
> - if hostfingerprint:
> - raise util.Abort(_('no certificate for %s with '
> - 'configured hostfingerprint') % host)
A simple solution could be to change this message to something like
"configured hostfingerprint for %s can't be verified because of missing
Python SSL capabilities" ... only shorter.
> - self.ui.warn(_('warning: %s certificate not verified '
> - '(check web.cacerts config setting)\n') %
> - host)
And this one could be "warning: %s certificate for %s can't be verified
because of missing Python SSL capabilities'.
Would that solve the problem you see, or can you come up with something
smarter?
/Mads
More information about the Mercurial-devel
mailing list