Mercurial: mercurial/sslutil.py comparison

comparison mercurial/sslutil.py @ 29291:15e533b7909c

sslutil: refactor code for fingerprint matching We didn't need to use a temporary variable to indicate success because we just return anyway. This refactor makes the code simpler. While we're here, we also call into formatfingerprint() to ensure the fingerprint from the proper hashing algorithm is logged.

author	Gregory Szorc <gregory.szorc@gmail.com>
date	Mon, 30 May 2016 15:43:03 -0700
parents	01248c37a68e
children	bc5f55493397

comparison

equal deleted inserted replaced

-:01248c37a68e
+:15e533b7909c
 section = 'hostfingerprint'
 else:
 section = 'hostsecurity'
 if settings['certfingerprints']:
-fingerprintmatch = False
 for hash, fingerprint in settings['certfingerprints']:
 if peerfingerprints[hash].lower() == fingerprint:
-fingerprintmatch = True
+ui.debug('%s certificate matched fingerprint %s:%s\n' %
-break
+(host, hash, fmtfingerprint(fingerprint)))
-if not fingerprintmatch:
+return
-raise error.Abort(_('certificate for %s has unexpected '
-'fingerprint %s') % (host, legacyfingerprint),
+raise error.Abort(_('certificate for %s has unexpected '
-hint=_('check %s configuration') % section)
+'fingerprint %s') % (host, legacyfingerprint),
-ui.debug('%s certificate matched fingerprint %s\n' %
+hint=_('check %s configuration') % section)
-(host, legacyfingerprint))
-return
 if not sock._hgstate['caloaded']:
 ui.warn(_('warning: %s certificate with fingerprint %s '
 'not verified (check %s or web.cacerts config '
 'setting)\n') %

Mercurial > hg

comparison mercurial/sslutil.py @ 29291:15e533b7909c