sslutil: issue warning when [hostfingerprint] is used
Mercurial 3.9 added the [hostsecurity] section, which is better
than [hostfingerprints] in every way.
One of the ways that [hostsecurity] is better is that it supports
SHA-256 and SHA-512 fingerprints, not just SHA-1 fingerprints.
The world is moving away from SHA-1 because it is borderline
secure. Mercurial should be part of that movement.
This patch adds a warning when a valid SHA-1 fingerprint from
the [hostfingerprints] section is being used. The warning informs
users to switch to [hostsecurity]. It even prints the config
option they should set. It uses the SHA-256 fingerprint because
recommending a SHA-1 fingerprint in 2017 would be ill-advised.
The warning will print itself on every connection to a server until
it is fixed. There is no way to suppress the warning. I admit this
is annoying. But given the security implications of sticking with
SHA-1, I think this is justified. If this patch is accepted,
I'll likely send a follow-up to start warning on SHA-1
certificates in [hostsecurity] as well. Then sometime down
the road, we can drop support for SHA-1 fingerprints.
Credit for this idea comes from timeless in issue 5466.
#!/usr/bin/env python
# Filter output by pyflakes to control which warnings we check
from __future__ import absolute_import, print_function
import re
import sys
lines = []
for line in sys.stdin:
# We blacklist tests that are too noisy for us
pats = [
r"undefined name '(WindowsError|memoryview)'",
r"redefinition of unused '[^']+' from line",
]
keep = True
for pat in pats:
if re.search(pat, line):
keep = False
break # pattern matches
if keep:
fn = line.split(':', 1)[0]
f = open(fn)
data = f.read()
f.close()
if 'no-' 'check-code' in data:
continue
lines.append(line)
for line in lines:
sys.stdout.write(line)
print()
# self test of "undefined name" detection for other than 'memoryview'
if False:
print(memoryview)
print(undefinedname)