hg-stable: comparison mercurial/sslutil.py

equal deleted inserted replaced

-:d51c658d3f04
+:56b2bcea2529
 import os
 import ssl
 import sys
 from .i18n import _
-from . import util
+from . import error, util
 _canloaddefaultcerts = False
 try:
 ssl_context = ssl.SSLContext
 _canloaddefaultcerts = util.safehasattr(ssl_context, 'load_default_certs')
 sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname)
 # check if wrap_socket failed silently because socket had been
 # closed
 # - see http://bugs.python.org/issue13721
 if not sslsocket.cipher():
-raise util.Abort(_('ssl connection failed'))
+raise error.Abort(_('ssl connection failed'))
 return sslsocket
 except AttributeError:
 def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE,
 ca_certs=None, serverhostname=None):
 sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
 ssl_version=ssl.PROTOCOL_TLSv1)
 # check if wrap_socket failed silently because socket had been
 # closed
 # - see http://bugs.python.org/issue13721
 if not sslsocket.cipher():
-raise util.Abort(_('ssl connection failed'))
+raise error.Abort(_('ssl connection failed'))
 return sslsocket
 def _verifycert(cert, hostname):
 '''Verify that cert (in socket.getpeercert() format) matches hostname.
 CRLs is not handled.
 if cacerts == '!':
 pass
 elif cacerts:
 cacerts = util.expandpath(cacerts)
 if not os.path.exists(cacerts):
-raise util.Abort(_('could not find web.cacerts: %s') % cacerts)
+raise error.Abort(_('could not find web.cacerts: %s') % cacerts)
 else:
 cacerts = _defaultcacerts()
 if cacerts and cacerts != '!':
 ui.debug('using %s to enable OS X system CA\n' % cacerts)
 ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
 host = self.host
 cacerts = self.ui.config('web', 'cacerts')
 hostfingerprint = self.ui.config('hostfingerprints', host)
 if not sock.cipher(): # work around http://bugs.python.org/issue13721
-raise util.Abort(_('%s ssl connection error') % host)
+raise error.Abort(_('%s ssl connection error') % host)
 try:
 peercert = sock.getpeercert(True)
 peercert2 = sock.getpeercert()
 except AttributeError:
-raise util.Abort(_('%s ssl connection error') % host)
+raise error.Abort(_('%s ssl connection error') % host)
 if not peercert:
-raise util.Abort(_('%s certificate error: '
+raise error.Abort(_('%s certificate error: '
 'no certificate received') % host)
 peerfingerprint = util.sha1(peercert).hexdigest()
 nicefingerprint = ":".join([peerfingerprint[x:x + 2]
 for x in xrange(0, len(peerfingerprint), 2)])
 if hostfingerprint:
 if peerfingerprint.lower() != \
 hostfingerprint.replace(':', '').lower():
-raise util.Abort(_('certificate for %s has unexpected '
+raise error.Abort(_('certificate for %s has unexpected '
 'fingerprint %s') % (host, nicefingerprint),
 hint=_('check hostfingerprint configuration'))
 self.ui.debug('%s certificate matched fingerprint %s\n' %
 (host, nicefingerprint))
 elif cacerts != '!':
 msg = _verifycert(peercert2, host)
 if msg:
-raise util.Abort(_('%s certificate error: %s') % (host, msg),
+raise error.Abort(_('%s certificate error: %s') % (host, msg),
 hint=_('configure hostfingerprint %s or use '
 '--insecure to connect insecurely') %
 nicefingerprint)
 self.ui.debug('%s certificate successfully verified\n' % host)
 elif strict:
-raise util.Abort(_('%s certificate with fingerprint %s not '
+raise error.Abort(_('%s certificate with fingerprint %s not '
 'verified') % (host, nicefingerprint),
 hint=_('check hostfingerprints or web.cacerts '
 'config setting'))
 else:
 self.ui.warn(_('warning: %s certificate with fingerprint %s not '

changeset 26587	56b2bcea2529
parent 25977	696f6e2be282
child 26622	9e15286609ae