sslutil: work around validator crash getting certificate on failed sockets The previous workaround for correct handling of wrapping of failing connections might be enough to prevent this from happening, but the check here makes this function more robust.

sslutil: reorder validator code to make it more readable

sslutil: show fingerprint when cacerts validation fails

sslutil: handle setups without .getpeercert() early in the validator This simplifies the code and makes the flow more obvious and reduces the indentation level.

sslutil: verify that wrap_socket really wrapped the socket This works around that ssl.wrap_socket silently skips ssl negotiation on sockets that was connected but since then has been reset by the peer but not yet closed at the Python level. That leaves the socket in a state where .getpeercert() fails with an AttributeError on None. See http://bugs.python.org/issue13721 . A call to .cipher() is now used to verify that the wrapping really did succeed. Otherwise it aborts with "ssl connection failed".

largefiles: remove pasted code Refactor and remove pasted code from lfcommands.py

largefiles: add tests for uncovered codepaths (issue3092) Add tests for lfconvert codepaths where: * largefiles have been both renamed and relinked * .hgtags has invalid content