[PATCH] Allow fnmatch patterns in [hostfingerprint]
Mads Kiilerich
mads at kiilerich.com
Wed Sep 21 08:09:05 CDT 2011
On 09/21/2011 02:48 PM, Steffen Daode Nurpmeso wrote:
> Heya Mercurial,
>
> i track multiple repos from *.googlecode.com and i had to update
> multiple fingerprints once again. [Censored.]
Google has - for good reasons - moved their Mercurial hosting to urls
such as
https://code.google.com/p/dactyl/
instead of
https://dactyl.googlecode.com/hg/
> Anyway, here is a diff which supports fnmatch(3) patterns for
> hostname matching, of course preferring full matches instead of
> shell-style pattern matches. Since this matches only against the
> hostnames really used i fail to see any security problems.
> Applies to current tip, too.
I would rather avoid this flexibility in such a security critical place
- especially if there no longer is any "good" use cases for it.
(Wildcard certificates has also been "deprecated" in the latest RFC.)
/Mads
More information about the Mercurial-devel
mailing list