sslutil: introduce a function for determining host-specific settings
This patch marks the beginning of a series that introduces a new,
more configurable, per-host security settings mechanism. Currently,
we have global settings (like web.cacerts and the --insecure argument).
We also have per-host settings via [hostfingerprints].
Global security settings are good for defaults, but they don't
provide the amount of control often wanted. For example, an
organization may want to require a particular CA is used for a
particular hostname.
[hostfingerprints] is nice. But it currently assumes SHA-1.
Furthermore, there is no obvious place to put additional per-host
settings.
Subsequent patches will be introducing new mechanisms for defining
security settings, some on a per-host basis. This commits starts
the transition to that world by introducing the _hostsettings
function. It takes a ui and hostname and returns a dict of security
settings. Currently, it limits itself to returning host fingerprint
info.
We foreshadow the future support of non-SHA1 hashing algorithms
for verifying the host fingerprint by making the "certfingerprints"
key a list of tuples instead of a list of hashes.
We add this dict to the hgstate property on the socket and use it
during socket validation for checking fingerprints. There should be
no change in behavior.
$ hg init
$ cat > a <<EOF
> a
> b
> c
> EOF
$ hg ci -Am adda
adding a
$ cat > a <<EOF
> d
> e
> f
> EOF
$ hg ci -m moda
$ hg diff --reverse -r0 -r1
diff -r 2855cdcfcbb7 -r 8e1805a3cf6e a
--- a/a Thu Jan 01 00:00:00 1970 +0000
+++ b/a Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +1,3 @@
-d
-e
-f
+a
+b
+c
$ cat >> a <<EOF
> g
> h
> EOF
$ hg diff --reverse --nodates
diff -r 2855cdcfcbb7 a
--- a/a
+++ b/a
@@ -1,5 +1,3 @@
d
e
f
-g
-h
should show removed file 'a' as being added
$ hg revert a
$ hg rm a
$ hg diff --reverse --nodates a
diff -r 2855cdcfcbb7 a
--- /dev/null
+++ b/a
@@ -0,0 +1,3 @@
+d
+e
+f
should show added file 'b' as being removed
$ echo b >> b
$ hg add b
$ hg diff --reverse --nodates b
diff -r 2855cdcfcbb7 b
--- a/b
+++ /dev/null
@@ -1,1 +0,0 @@
-b