[PATCH 7 of 9 V4] sslutil: refactor code for fingerprint matching

Gregory Szorc gregory.szorc at gmail.com
Sat Jun 4 14:16:53 EDT 2016


# HG changeset patch
# User Gregory Szorc <gregory.szorc at gmail.com>
# Date 1464648183 25200
#      Mon May 30 15:43:03 2016 -0700
# Node ID d99610cfbe9be330081167e3c8136f39511068a5
# Parent  e4535162242a56b8f01c1ad9705b911e2a54c1d9
sslutil: refactor code for fingerprint matching

We didn't need to use a temporary variable to indicate success because
we just return anyway.

This refactor makes the code simpler. While we're here, we also call
into formatfingerprint() to ensure the fingerprint from the proper
hashing algorithm is logged.

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -381,28 +381,25 @@ def validatesocket(sock):
     nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256'])
 
     if settings['legacyfingerprint']:
         section = 'hostfingerprint'
     else:
         section = 'hostsecurity'
 
     if settings['certfingerprints']:
-        fingerprintmatch = False
         for hash, fingerprint in settings['certfingerprints']:
             if peerfingerprints[hash].lower() == fingerprint:
-                fingerprintmatch = True
-                break
-        if not fingerprintmatch:
-            raise error.Abort(_('certificate for %s has unexpected '
-                               'fingerprint %s') % (host, legacyfingerprint),
-                              hint=_('check %s configuration') % section)
-        ui.debug('%s certificate matched fingerprint %s\n' %
-                 (host, legacyfingerprint))
-        return
+                ui.debug('%s certificate matched fingerprint %s:%s\n' %
+                         (host, hash, fmtfingerprint(fingerprint)))
+                return
+
+        raise error.Abort(_('certificate for %s has unexpected '
+                           'fingerprint %s') % (host, legacyfingerprint),
+                          hint=_('check %s configuration') % section)
 
     if not sock._hgstate['caloaded']:
         ui.warn(_('warning: %s certificate with fingerprint %s '
                   'not verified (check %s or web.cacerts config '
                   'setting)\n') %
                 (host, nicefingerprint, section))
         return
 


More information about the Mercurial-devel mailing list