Mercurial: comparison mercurial/sslutil.py

equal deleted inserted replaced

-:c3e958b50a22
+:edc3a901a63d
 return
 peercert = sock.getpeercert(True)
 peerfingerprint = util.sha1(peercert).hexdigest()
 nicefingerprint = ":".join([peerfingerprint[x:x + 2]
 for x in xrange(0, len(peerfingerprint), 2)])
-if cacerts and not hostfingerprint:
+if hostfingerprint:
+if peerfingerprint.lower() != \
+hostfingerprint.replace(':', '').lower():
+raise util.Abort(_('invalid certificate for %s with '
+'fingerprint %s') % (host, nicefingerprint))
+self.ui.debug('%s certificate matched fingerprint %s\n' %
+(host, nicefingerprint))
+elif cacerts:
 msg = _verifycert(sock.getpeercert(), host)
 if msg:
 raise util.Abort(_('%s certificate error: %s') % (host, msg),
 hint=_('configure hostfingerprint %s or use '
 '--insecure to connect insecurely') %
 nicefingerprint)
 self.ui.debug('%s certificate successfully verified\n' % host)
 else:
-if hostfingerprint:
+self.ui.warn(_('warning: %s certificate with fingerprint %s not '
-if peerfingerprint.lower() != \
+'verified (check hostfingerprints or web.cacerts '
-hostfingerprint.replace(':', '').lower():
+'config setting)\n') %
-raise util.Abort(_('invalid certificate for %s '
+(host, nicefingerprint))
-'with fingerprint %s') %
-(host, nicefingerprint))
-self.ui.debug('%s certificate matched fingerprint %s\n' %
-(host, nicefingerprint))
-else:
-self.ui.warn(_('warning: %s certificate '
-'with fingerprint %s not verified '
-'(check hostfingerprints or web.cacerts '
-'config setting)\n') %
-(host, nicefingerprint))