[PATCH 7 of 9] sslutil: refactor code for fingerprint matching
Gregory Szorc
gregory.szorc at gmail.com
Mon May 30 19:03:09 EDT 2016
# HG changeset patch
# User Gregory Szorc <gregory.szorc at gmail.com>
# Date 1464648183 25200
# Mon May 30 15:43:03 2016 -0700
# Node ID 0820b14294b8a51b6e76103eee15615a25a0c058
# Parent da5c28f02c7b9561a15d2516c7bf8f67d98a82bd
sslutil: refactor code for fingerprint matching
We didn't need to use a temporary variable to indicate success because
we just return anyway.
This refactor makes the code simpler. While we're here, we also call
into formatfingerprint() to ensure the fingerprint from the proper
hashing algorithm is logged.
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -384,28 +384,25 @@ def validatesocket(sock):
nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256'])
if settings['legacyfingerprint']:
section = 'hostfingerprint'
else:
section = 'hostsecurity'
if settings['certfingerprints']:
- fingerprintmatch = False
for hash, fingerprint in settings['certfingerprints']:
if peerfingerprints[hash].lower() == fingerprint:
- fingerprintmatch = True
- break
- if not fingerprintmatch:
- raise error.Abort(_('certificate for %s has unexpected '
- 'fingerprint %s') % (host, legacyfingerprint),
- hint=_('check %s configuration') % section)
- ui.debug('%s certificate matched fingerprint %s\n' %
- (host, legacyfingerprint))
- return
+ ui.debug('%s certificate matched fingerprint %s:%s\n' %
+ (host, hash, fmtfingerprint(fingerprint)))
+ return
+
+ raise error.Abort(_('certificate for %s has unexpected '
+ 'fingerprint %s') % (host, legacyfingerprint),
+ hint=_('check %s configuration') % section)
if not sock._hgstate['caloaded']:
ui.warn(_('warning: %s certificate with fingerprint %s '
'not verified (check %s or web.cacerts config '
'setting)\n') %
(host, nicefingerprint, section))
return
More information about the Mercurial-devel
mailing list