mercurial/sslutil.py
changeset 15815 edc3a901a63d
parent 15814 c3e958b50a22
child 15816 4bb59919c905
--- a/mercurial/sslutil.py	Mon Jan 09 14:43:24 2012 +0100
+++ b/mercurial/sslutil.py	Mon Jan 09 14:43:24 2012 +0100
@@ -114,7 +114,14 @@
         peerfingerprint = util.sha1(peercert).hexdigest()
         nicefingerprint = ":".join([peerfingerprint[x:x + 2]
             for x in xrange(0, len(peerfingerprint), 2)])
-        if cacerts and not hostfingerprint:
+        if hostfingerprint:
+            if peerfingerprint.lower() != \
+                    hostfingerprint.replace(':', '').lower():
+                raise util.Abort(_('invalid certificate for %s with '
+                                   'fingerprint %s') % (host, nicefingerprint))
+            self.ui.debug('%s certificate matched fingerprint %s\n' %
+                          (host, nicefingerprint))
+        elif cacerts:
             msg = _verifycert(sock.getpeercert(), host)
             if msg:
                 raise util.Abort(_('%s certificate error: %s') % (host, msg),
@@ -123,17 +130,7 @@
                                       nicefingerprint)
             self.ui.debug('%s certificate successfully verified\n' % host)
         else:
-            if hostfingerprint:
-                if peerfingerprint.lower() != \
-                        hostfingerprint.replace(':', '').lower():
-                    raise util.Abort(_('invalid certificate for %s '
-                                       'with fingerprint %s') %
-                                     (host, nicefingerprint))
-                self.ui.debug('%s certificate matched fingerprint %s\n' %
-                              (host, nicefingerprint))
-            else:
-                self.ui.warn(_('warning: %s certificate '
-                               'with fingerprint %s not verified '
-                               '(check hostfingerprints or web.cacerts '
-                               'config setting)\n') %
-                             (host, nicefingerprint))
+            self.ui.warn(_('warning: %s certificate with fingerprint %s not '
+                           'verified (check hostfingerprints or web.cacerts '
+                           'config setting)\n') %
+                         (host, nicefingerprint))