Mercurial: mercurial/sslutil.py comparison

comparison mercurial/sslutil.py @ 29292:bc5f55493397

sslutil: make cert fingerprints messages more actionable The previous warning and abort messages were difficult to understand. This patch makes them slightly better. I think there is still room to tweak the messaging. And as we adopt new security defaults, these messages will certainly change again. But at least this takes us a step in the right direction. References to "section" have been removed because if no fingerprint is defined, "section" can never be "hostfingerprints." So just print "hostsecurity" every time.

author	Gregory Szorc <gregory.szorc@gmail.com>
date	Tue, 31 May 2016 19:21:08 -0700
parents	15e533b7909c
children	1b3a0b0c414f

comparison

equal deleted inserted replaced

-:15e533b7909c
+:bc5f55493397
 raise error.Abort(_('certificate for %s has unexpected '
 'fingerprint %s') % (host, legacyfingerprint),
 hint=_('check %s configuration') % section)
 if not sock._hgstate['caloaded']:
-ui.warn(_('warning: %s certificate with fingerprint %s '
+ui.warn(_('warning: certificate for %s not verified '
-'not verified (check %s or web.cacerts config '
+'(set hostsecurity.%s:certfingerprints=%s or web.cacerts '
-'setting)\n') %
+'config settings)\n') % (host, host, nicefingerprint))
-(host, nicefingerprint, section))
 return
 msg = _verifycert(peercert2, host)
 if msg:
 raise error.Abort(_('%s certificate error: %s') % (host, msg),
-hint=_('configure %s %s or use '
+hint=_('set hostsecurity.%s:certfingerprints=%s '
-'--insecure to connect insecurely') %
+'config setting or use --insecure to connect '
-(section, nicefingerprint))
+'insecurely') %
+(host, nicefingerprint))

Mercurial > hg

comparison mercurial/sslutil.py @ 29292:bc5f55493397