[PATCH 4 of 8] util: add sha256

Gregory Szorc gregory.szorc at gmail.com
Sat May 28 16:04:26 EDT 2016


# HG changeset patch
# User Gregory Szorc <gregory.szorc at gmail.com>
# Date 1464465448 25200
#      Sat May 28 12:57:28 2016 -0700
# Node ID 91e745e440f753fb6c04516dfb507cf9aba585fb
# Parent  f38165c251143b5ac249773a12a1f993da539974
util: add sha256

Upcoming patches will teach host fingerprint checking to verify
non-SHA1 fingerprints.

Many x509 certificates these days are SHA-256. And modern browsers
often display the SHA-256 fingerprint for certificates. Since
SHA-256 fingerprints are highly visible and easy to obtain, we
want to support them for fingerprint pinning. So add SHA-256
support to util.

I did not add SHA-256 to DIGESTS and DIGESTS_BY_STRENGTH because
this will advertise the algorithm on the wire protocol. I wasn't
sure if that would be appropriate. I'm playing it safe by leaving
it out for now.

diff --git a/mercurial/util.py b/mercurial/util.py
--- a/mercurial/util.py
+++ b/mercurial/util.py
@@ -60,16 +60,17 @@ urlreq = pycompat.urlreq
 
 if os.name == 'nt':
     from . import windows as platform
 else:
     from . import posix as platform
 
 md5 = hashlib.md5
 sha1 = hashlib.sha1
+sha256 = hashlib.sha256
 sha512 = hashlib.sha512
 _ = i18n._
 
 cachestat = platform.cachestat
 checkexec = platform.checkexec
 checklink = platform.checklink
 copymode = platform.copymode
 executablepath = platform.executablepath


More information about the Mercurial-devel mailing list