[PATCH 4 of 6] sslutil: reorder validator code to make it more readable
Mads Kiilerich
mads at kiilerich.com
Mon Jan 9 08:00:48 CST 2012
# HG changeset patch
# User Mads Kiilerich <mads at kiilerich.com>
# Date 1326116604 -3600
# Node ID 6723ed3093373a3bb91234c95e16409c594c10ce
# Parent 6ce058b7926290d410276154ffc5b0587ec56957
sslutil: reorder validator code to make it more readable
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -114,7 +114,14 @@
peerfingerprint = util.sha1(peercert).hexdigest()
nicefingerprint = ":".join([peerfingerprint[x:x + 2]
for x in xrange(0, len(peerfingerprint), 2)])
- if cacerts and not hostfingerprint:
+ if hostfingerprint:
+ if peerfingerprint.lower() != \
+ hostfingerprint.replace(':', '').lower():
+ raise util.Abort(_('invalid certificate for %s with '
+ 'fingerprint %s') % (host, nicefingerprint))
+ self.ui.debug('%s certificate matched fingerprint %s\n' %
+ (host, nicefingerprint))
+ elif cacerts:
msg = _verifycert(sock.getpeercert(), host)
if msg:
raise util.Abort(_('%s certificate error: %s') % (host, msg),
@@ -123,17 +130,7 @@
nicefingerprint)
self.ui.debug('%s certificate successfully verified\n' % host)
else:
- if hostfingerprint:
- if peerfingerprint.lower() != \
- hostfingerprint.replace(':', '').lower():
- raise util.Abort(_('invalid certificate for %s '
- 'with fingerprint %s') %
- (host, nicefingerprint))
- self.ui.debug('%s certificate matched fingerprint %s\n' %
- (host, nicefingerprint))
- else:
- self.ui.warn(_('warning: %s certificate '
- 'with fingerprint %s not verified '
- '(check hostfingerprints or web.cacerts '
- 'config setting)\n') %
- (host, nicefingerprint))
+ self.ui.warn(_('warning: %s certificate with fingerprint %s not '
+ 'verified (check hostfingerprints or web.cacerts '
+ 'config setting)\n') %
+ (host, nicefingerprint))
More information about the Mercurial-devel
mailing list