# HG changeset patch
# User Matt Mackall <mpm@selenic.com>
# Date 1327598595 21600
# Node ID a45516cb8d9f6a1443f13f5885d5590b372b30d8
# Parent  0455463655e0f289a2f19a8dd2f2fb8567c9e53c
sslutil: more helpful fingerprint mismatch message

This will aid debugging for users of sites that renew certs.

diff -r 0455463655e0 -r a45516cb8d9f mercurial/sslutil.py
--- a/mercurial/sslutil.py	Thu Jan 26 11:23:14 2012 -0600
+++ b/mercurial/sslutil.py	Thu Jan 26 11:23:15 2012 -0600
@@ -122,8 +122,9 @@
         if hostfingerprint:
             if peerfingerprint.lower() != \
                     hostfingerprint.replace(':', '').lower():
-                raise util.Abort(_('invalid certificate for %s with '
-                                   'fingerprint %s') % (host, nicefingerprint))
+                raise util.Abort(_('certificate for %s has unexpected '
+                                   'fingerprint %s') % (host, nicefingerprint),
+                                 hint=_('check hostfingerprint configuration'))
             self.ui.debug('%s certificate matched fingerprint %s\n' %
                           (host, nicefingerprint))
         elif cacerts:
diff -r 0455463655e0 -r a45516cb8d9f tests/test-https.t
--- a/tests/test-https.t	Thu Jan 26 11:23:14 2012 -0600
+++ b/tests/test-https.t	Thu Jan 26 11:23:15 2012 -0600
@@ -225,7 +225,8 @@
 
 - fails when cert doesn't match hostname (port is ignored)
   $ hg -R copy-pull id https://localhost:$HGPORT1/
-  abort: invalid certificate for localhost with fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
+  abort: certificate for localhost has unexpected fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
+  (check hostfingerprint configuration)
   [255]
 
 - ignores that certificate doesn't match hostname