sslutil: introduce a function for determining host-specific settings This patch marks the beginning of a series that introduces a new, more configurable, per-host security settings mechanism. Currently, we have global settings (like web.cacerts and the --insecure argument). We also have per-host settings via [hostfingerprints]. Global security settings are good for defaults, but they don't provide the amount of control often wanted. For example, an organization may want to require a particular CA is used for a particular hostname. [hostfingerprints] is nice. But it currently assumes SHA-1. Furthermore, there is no obvious place to put additional per-host settings. Subsequent patches will be introducing new mechanisms for defining security settings, some on a per-host basis. This commits starts the transition to that world by introducing the _hostsettings function. It takes a ui and hostname and returns a dict of security settings. Currently, it limits itself to returning host fingerprint info. We foreshadow the future support of non-SHA1 hashing algorithms for verifying the host fingerprint by making the "certfingerprints" key a list of tuples instead of a list of hashes. We add this dict to the hgstate property on the socket and use it during socket validation for checking fingerprints. There should be no change in behavior.

*** 'a\nc\n\n\n\n' 'a\nb\n\n\n'
*** 'a\nb\nc\n' 'a\nc\n'
*** '' ''
*** 'a\nb\nc' 'a\nb\nc'
*** 'a\nb\nc\nd\n' 'a\nd\n'
*** 'a\nb\nc\nd\n' 'a\nc\ne\n'
*** 'a\nb\nc\n' 'a\nc\n'
*** 'a\n' 'c\na\nb\n'
*** 'a\n' ''
*** 'a\n' 'b\nc\n'
*** 'a\n' 'c\na\n'
*** '' 'adjfkjdjksdhfksj'
*** '' 'ab'
*** '' 'abc'
*** 'a' 'a'
*** 'ab' 'ab'
*** 'abc' 'abc'
*** 'a\n' 'a\n'
*** 'a\nb' 'a\nb'
6 6 'y\n\n'
6 6 'y\n\n'
9 9 'y\n\n'
0 0 'a\nb\nb\n'
12 12 'b\nc\n.\n'
16 18 ''
done
done