# HG changeset patch # User Mads Kiilerich # Date 1326116603 -3600 # Node ID 3ae04eb5e38a30b4bba97e8b1927431280a98821 # Parent 0cc4ad757c77d47ba5a29dda9245509136177d72 sslutil: handle setups without .getpeercert() early in the validator This simplifies the code and makes the flow more obvious and reduces the indentation level. diff -r 0cc4ad757c77 -r 3ae04eb5e38a mercurial/sslutil.py --- a/mercurial/sslutil.py Mon Jan 09 14:43:15 2012 +0100 +++ b/mercurial/sslutil.py Mon Jan 09 14:43:23 2012 +0100 @@ -103,6 +103,13 @@ host = self.host cacerts = self.ui.config('web', 'cacerts') hostfingerprint = self.ui.config('hostfingerprints', host) + if not getattr(sock, 'getpeercert', False): # python 2.5 ? + if hostfingerprint: + raise util.Abort(_("host fingerprint for %s can't be " + "verified (Python too old)") % host) + self.ui.warn(_("warning: certificate for %s can't be verified " + "(Python too old)\n") % host) + return if cacerts and not hostfingerprint: msg = _verifycert(sock.getpeercert(), host) if msg: @@ -111,28 +118,21 @@ 'insecurely)') % (host, msg)) self.ui.debug('%s certificate successfully verified\n' % host) else: - if getattr(sock, 'getpeercert', False): - peercert = sock.getpeercert(True) - peerfingerprint = util.sha1(peercert).hexdigest() - nicefingerprint = ":".join([peerfingerprint[x:x + 2] - for x in xrange(0, len(peerfingerprint), 2)]) - if hostfingerprint: - if peerfingerprint.lower() != \ - hostfingerprint.replace(':', '').lower(): - raise util.Abort(_('invalid certificate for %s ' - 'with fingerprint %s') % - (host, nicefingerprint)) - self.ui.debug('%s certificate matched fingerprint %s\n' % - (host, nicefingerprint)) - else: - self.ui.warn(_('warning: %s certificate ' - 'with fingerprint %s not verified ' - '(check hostfingerprints or web.cacerts ' - 'config setting)\n') % - (host, nicefingerprint)) - else: # python 2.5 ? - if hostfingerprint: - raise util.Abort(_("host fingerprint for %s can't be " - "verified (Python too old)") % host) - self.ui.warn(_("warning: certificate for %s can't be " - "verified (Python too old)\n") % host) + peercert = sock.getpeercert(True) + peerfingerprint = util.sha1(peercert).hexdigest() + nicefingerprint = ":".join([peerfingerprint[x:x + 2] + for x in xrange(0, len(peerfingerprint), 2)]) + if hostfingerprint: + if peerfingerprint.lower() != \ + hostfingerprint.replace(':', '').lower(): + raise util.Abort(_('invalid certificate for %s ' + 'with fingerprint %s') % + (host, nicefingerprint)) + self.ui.debug('%s certificate matched fingerprint %s\n' % + (host, nicefingerprint)) + else: + self.ui.warn(_('warning: %s certificate ' + 'with fingerprint %s not verified ' + '(check hostfingerprints or web.cacerts ' + 'config setting)\n') % + (host, nicefingerprint))