D7850: sslutil: migrate to hashutil.sha1 instead of hashlib.sha1
durin42 (Augie Fackler)
phabricator at mercurial-scm.org
Mon Jan 13 22:48:46 UTC 2020
durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REVISION SUMMARY
This is a straight-line replacement like the others, but I split it
out since it's used in a network context and I'm not sure this is
appropriate (we should probably drop support for sha1
fingerprints over TLS) and wanted this to be easily dropped.
REPOSITORY
rHG Mercurial
BRANCH
default
REVISION DETAIL
https://phab.mercurial-scm.org/D7850
AFFECTED FILES
mercurial/sslutil.py
CHANGE DETAILS
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -24,6 +24,7 @@
util,
)
from .utils import (
+ hashutil,
resourceutil,
stringutil,
)
@@ -949,7 +950,7 @@
# If a certificate fingerprint is pinned, use it and only it to
# validate the remote cert.
peerfingerprints = {
- b'sha1': node.hex(hashlib.sha1(peercert).digest()),
+ b'sha1': node.hex(hashutil.sha1(peercert).digest()),
b'sha256': node.hex(hashlib.sha256(peercert).digest()),
b'sha512': node.hex(hashlib.sha512(peercert).digest()),
}
To: durin42, #hg-reviewers
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list