Mercurial > hg
diff mercurial/sslutil.py @ 15814:c3e958b50a22
sslutil: show fingerprint when cacerts validation fails
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Mon, 09 Jan 2012 14:43:24 +0100 |
| parents | 3ae04eb5e38a |
| children | edc3a901a63d |
line wrap: on
line diff
--- a/mercurial/sslutil.py Mon Jan 09 14:43:23 2012 +0100 +++ b/mercurial/sslutil.py Mon Jan 09 14:43:24 2012 +0100 @@ -110,18 +110,19 @@ self.ui.warn(_("warning: certificate for %s can't be verified " "(Python too old)\n") % host) return + peercert = sock.getpeercert(True) + peerfingerprint = util.sha1(peercert).hexdigest() + nicefingerprint = ":".join([peerfingerprint[x:x + 2] + for x in xrange(0, len(peerfingerprint), 2)]) if cacerts and not hostfingerprint: msg = _verifycert(sock.getpeercert(), host) if msg: - raise util.Abort(_('%s certificate error: %s ' - '(use --insecure to connect ' - 'insecurely)') % (host, msg)) + raise util.Abort(_('%s certificate error: %s') % (host, msg), + hint=_('configure hostfingerprint %s or use ' + '--insecure to connect insecurely') % + nicefingerprint) self.ui.debug('%s certificate successfully verified\n' % host) else: - peercert = sock.getpeercert(True) - peerfingerprint = util.sha1(peercert).hexdigest() - nicefingerprint = ":".join([peerfingerprint[x:x + 2] - for x in xrange(0, len(peerfingerprint), 2)]) if hostfingerprint: if peerfingerprint.lower() != \ hostfingerprint.replace(':', '').lower():