sslutil: make cert fingerprints messages more actionable
The previous warning and abort messages were difficult to understand.
This patch makes them slightly better.
I think there is still room to tweak the messaging. And as we adopt
new security defaults, these messages will certainly change again.
But at least this takes us a step in the right direction.
References to "section" have been removed because if no fingerprint
is defined, "section" can never be "hostfingerprints." So just print
"hostsecurity" every time.
# Disable the $CAP wire protocol capability.
if test -z "$CAP"
then
echo "CAP environment variable not set."
fi
cat > notcapable-$CAP.py << EOF
from mercurial import extensions, peer, localrepo
def extsetup():
extensions.wrapfunction(peer.peerrepository, 'capable', wrapcapable)
extensions.wrapfunction(localrepo.localrepository, 'peer', wrappeer)
def wrapcapable(orig, self, name, *args, **kwargs):
if name in '$CAP'.split(' '):
return False
return orig(self, name, *args, **kwargs)
def wrappeer(orig, self):
# Since we're disabling some newer features, we need to make sure local
# repos add in the legacy features again.
return localrepo.locallegacypeer(self)
EOF
echo '[extensions]' >> $HGRCPATH
echo "notcapable-$CAP = `pwd`/notcapable-$CAP.py" >> $HGRCPATH