changeset 29291:15e533b7909c

sslutil: refactor code for fingerprint matching We didn't need to use a temporary variable to indicate success because we just return anyway. This refactor makes the code simpler. While we're here, we also call into formatfingerprint() to ensure the fingerprint from the proper hashing algorithm is logged.
author Gregory Szorc <gregory.szorc@gmail.com>
date Mon, 30 May 2016 15:43:03 -0700
parents 01248c37a68e
children bc5f55493397
files mercurial/sslutil.py
diffstat 1 files changed, 7 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/sslutil.py	Mon May 30 15:42:39 2016 -0700
+++ b/mercurial/sslutil.py	Mon May 30 15:43:03 2016 -0700
@@ -386,18 +386,15 @@
         section = 'hostsecurity'
 
     if settings['certfingerprints']:
-        fingerprintmatch = False
         for hash, fingerprint in settings['certfingerprints']:
             if peerfingerprints[hash].lower() == fingerprint:
-                fingerprintmatch = True
-                break
-        if not fingerprintmatch:
-            raise error.Abort(_('certificate for %s has unexpected '
-                               'fingerprint %s') % (host, legacyfingerprint),
-                              hint=_('check %s configuration') % section)
-        ui.debug('%s certificate matched fingerprint %s\n' %
-                 (host, legacyfingerprint))
-        return
+                ui.debug('%s certificate matched fingerprint %s:%s\n' %
+                         (host, hash, fmtfingerprint(fingerprint)))
+                return
+
+        raise error.Abort(_('certificate for %s has unexpected '
+                            'fingerprint %s') % (host, legacyfingerprint),
+                          hint=_('check %s configuration') % section)
 
     if not sock._hgstate['caloaded']:
         ui.warn(_('warning: %s certificate with fingerprint %s '