equal
deleted
inserted
replaced
327 hint=_('check hostfingerprint configuration')) |
327 hint=_('check hostfingerprint configuration')) |
328 self.ui.debug('%s certificate matched fingerprint %s\n' % |
328 self.ui.debug('%s certificate matched fingerprint %s\n' % |
329 (host, nicefingerprint)) |
329 (host, nicefingerprint)) |
330 return |
330 return |
331 |
331 |
|
332 # If insecure connections were explicitly requested via --insecure, |
|
333 # print a warning and do no verification. |
|
334 # |
|
335 # It may seem odd that this is checked *after* host fingerprint pinning. |
|
336 # This is for backwards compatibility (for now). The message is also |
|
337 # the same as below for BC. |
|
338 if self.ui.insecureconnections: |
|
339 self.ui.warn(_('warning: %s certificate with fingerprint %s not ' |
|
340 'verified (check hostfingerprints or web.cacerts ' |
|
341 'config setting)\n') % |
|
342 (host, nicefingerprint)) |
|
343 return |
|
344 |
332 # No pinned fingerprint. Establish trust by looking at the CAs. |
345 # No pinned fingerprint. Establish trust by looking at the CAs. |
333 cacerts = self.ui.config('web', 'cacerts') |
346 cacerts = self.ui.config('web', 'cacerts') |
334 if cacerts != '!': |
347 if cacerts != '!': |
335 msg = _verifycert(peercert2, host) |
348 msg = _verifycert(peercert2, host) |
336 if msg: |
349 if msg: |