# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1464648183 25200
# Node ID 15e533b7909cabf25e4de59ea038b593c58cf03a
# Parent  01248c37a68e8b99655f8bcaacc6966fbc413960
sslutil: refactor code for fingerprint matching

We didn't need to use a temporary variable to indicate success because
we just return anyway.

This refactor makes the code simpler. While we're here, we also call
into formatfingerprint() to ensure the fingerprint from the proper
hashing algorithm is logged.

diff -r 01248c37a68e -r 15e533b7909c mercurial/sslutil.py
--- a/mercurial/sslutil.py	Mon May 30 15:42:39 2016 -0700
+++ b/mercurial/sslutil.py	Mon May 30 15:43:03 2016 -0700
@@ -386,18 +386,15 @@
         section = 'hostsecurity'
 
     if settings['certfingerprints']:
-        fingerprintmatch = False
         for hash, fingerprint in settings['certfingerprints']:
             if peerfingerprints[hash].lower() == fingerprint:
-                fingerprintmatch = True
-                break
-        if not fingerprintmatch:
-            raise error.Abort(_('certificate for %s has unexpected '
-                               'fingerprint %s') % (host, legacyfingerprint),
-                              hint=_('check %s configuration') % section)
-        ui.debug('%s certificate matched fingerprint %s\n' %
-                 (host, legacyfingerprint))
-        return
+                ui.debug('%s certificate matched fingerprint %s:%s\n' %
+                         (host, hash, fmtfingerprint(fingerprint)))
+                return
+
+        raise error.Abort(_('certificate for %s has unexpected '
+                            'fingerprint %s') % (host, legacyfingerprint),
+                          hint=_('check %s configuration') % section)
 
     if not sock._hgstate['caloaded']:
         ui.warn(_('warning: %s certificate with fingerprint %s '