# HG changeset patch
# User Mads Kiilerich <mads@kiilerich.com>
# Date 1326116605 -3600
# Node ID 4bb59919c905b4ace623ae627019b473224eaa60
# Parent  edc3a901a63d23e8bcd9b15e52f64ac6be6bb91b
sslutil: work around validator crash getting certificate on failed sockets

The previous workaround for correct handling of wrapping of failing connections
might be enough to prevent this from happening, but the check here makes this
function more robust.

diff -r edc3a901a63d -r 4bb59919c905 mercurial/sslutil.py
--- a/mercurial/sslutil.py	Mon Jan 09 14:43:24 2012 +0100
+++ b/mercurial/sslutil.py	Mon Jan 09 14:43:25 2012 +0100
@@ -110,6 +110,8 @@
             self.ui.warn(_("warning: certificate for %s can't be verified "
                            "(Python too old)\n") % host)
             return
+        if not sock.cipher(): # work around http://bugs.python.org/issue13721
+            raise util.Abort(_('%s ssl connection error') % host)
         peercert = sock.getpeercert(True)
         peerfingerprint = util.sha1(peercert).hexdigest()
         nicefingerprint = ":".join([peerfingerprint[x:x + 2]