sslutil: introduce a function for determining host-specific settings
This patch marks the beginning of a series that introduces a new,
more configurable, per-host security settings mechanism. Currently,
we have global settings (like web.cacerts and the --insecure argument).
We also have per-host settings via [hostfingerprints].
Global security settings are good for defaults, but they don't
provide the amount of control often wanted. For example, an
organization may want to require a particular CA is used for a
particular hostname.
[hostfingerprints] is nice. But it currently assumes SHA-1.
Furthermore, there is no obvious place to put additional per-host
settings.
Subsequent patches will be introducing new mechanisms for defining
security settings, some on a per-host basis. This commits starts
the transition to that world by introducing the _hostsettings
function. It takes a ui and hostname and returns a dict of security
settings. Currently, it limits itself to returning host fingerprint
info.
We foreshadow the future support of non-SHA1 hashing algorithms
for verifying the host fingerprint by making the "certfingerprints"
key a list of tuples instead of a list of hashes.
We add this dict to the hgstate property on the socket and use it
during socket validation for checking fingerprints. There should be
no change in behavior.
$ hg init a
$ cd a
$ hg diff inexistent1 inexistent2
inexistent1: * (glob)
inexistent2: * (glob)
$ echo bar > foo
$ hg add foo
$ hg ci -m 'add foo'
$ echo foobar > foo
$ hg ci -m 'change foo'
$ hg --quiet diff -r 0 -r 1
--- a/foo Thu Jan 01 00:00:00 1970 +0000
+++ b/foo Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +1,1 @@
-bar
+foobar
$ hg diff -r 0 -r 1
diff -r a99fb63adac3 -r 9b8568d3af2f foo
--- a/foo Thu Jan 01 00:00:00 1970 +0000
+++ b/foo Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +1,1 @@
-bar
+foobar
$ hg --verbose diff -r 0 -r 1
diff -r a99fb63adac3 -r 9b8568d3af2f foo
--- a/foo Thu Jan 01 00:00:00 1970 +0000
+++ b/foo Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +1,1 @@
-bar
+foobar
$ hg --debug diff -r 0 -r 1
diff -r a99fb63adac3f31816a22f665bc3b7a7655b30f4 -r 9b8568d3af2f1749445eef03aede868a6f39f210 foo
--- a/foo Thu Jan 01 00:00:00 1970 +0000
+++ b/foo Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +1,1 @@
-bar
+foobar
$ cd ..