# HG changeset patch # User Mads Kiilerich # Date 1326116604 -3600 # Node ID edc3a901a63d23e8bcd9b15e52f64ac6be6bb91b # Parent c3e958b50a223f54c8b10d912334f988b01b1533 sslutil: reorder validator code to make it more readable diff -r c3e958b50a22 -r edc3a901a63d mercurial/sslutil.py --- a/mercurial/sslutil.py Mon Jan 09 14:43:24 2012 +0100 +++ b/mercurial/sslutil.py Mon Jan 09 14:43:24 2012 +0100 @@ -114,7 +114,14 @@ peerfingerprint = util.sha1(peercert).hexdigest() nicefingerprint = ":".join([peerfingerprint[x:x + 2] for x in xrange(0, len(peerfingerprint), 2)]) - if cacerts and not hostfingerprint: + if hostfingerprint: + if peerfingerprint.lower() != \ + hostfingerprint.replace(':', '').lower(): + raise util.Abort(_('invalid certificate for %s with ' + 'fingerprint %s') % (host, nicefingerprint)) + self.ui.debug('%s certificate matched fingerprint %s\n' % + (host, nicefingerprint)) + elif cacerts: msg = _verifycert(sock.getpeercert(), host) if msg: raise util.Abort(_('%s certificate error: %s') % (host, msg), @@ -123,17 +130,7 @@ nicefingerprint) self.ui.debug('%s certificate successfully verified\n' % host) else: - if hostfingerprint: - if peerfingerprint.lower() != \ - hostfingerprint.replace(':', '').lower(): - raise util.Abort(_('invalid certificate for %s ' - 'with fingerprint %s') % - (host, nicefingerprint)) - self.ui.debug('%s certificate matched fingerprint %s\n' % - (host, nicefingerprint)) - else: - self.ui.warn(_('warning: %s certificate ' - 'with fingerprint %s not verified ' - '(check hostfingerprints or web.cacerts ' - 'config setting)\n') % - (host, nicefingerprint)) + self.ui.warn(_('warning: %s certificate with fingerprint %s not ' + 'verified (check hostfingerprints or web.cacerts ' + 'config setting)\n') % + (host, nicefingerprint))