Mercurial > hg
changeset 15813:3ae04eb5e38a
sslutil: handle setups without .getpeercert() early in the validator
This simplifies the code and makes the flow more obvious and reduces the
indentation level.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Mon, 09 Jan 2012 14:43:23 +0100 |
parents | 0cc4ad757c77 |
children | c3e958b50a22 |
files | mercurial/sslutil.py |
diffstat | 1 files changed, 25 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Mon Jan 09 14:43:15 2012 +0100 +++ b/mercurial/sslutil.py Mon Jan 09 14:43:23 2012 +0100 @@ -103,6 +103,13 @@ host = self.host cacerts = self.ui.config('web', 'cacerts') hostfingerprint = self.ui.config('hostfingerprints', host) + if not getattr(sock, 'getpeercert', False): # python 2.5 ? + if hostfingerprint: + raise util.Abort(_("host fingerprint for %s can't be " + "verified (Python too old)") % host) + self.ui.warn(_("warning: certificate for %s can't be verified " + "(Python too old)\n") % host) + return if cacerts and not hostfingerprint: msg = _verifycert(sock.getpeercert(), host) if msg: @@ -111,28 +118,21 @@ 'insecurely)') % (host, msg)) self.ui.debug('%s certificate successfully verified\n' % host) else: - if getattr(sock, 'getpeercert', False): - peercert = sock.getpeercert(True) - peerfingerprint = util.sha1(peercert).hexdigest() - nicefingerprint = ":".join([peerfingerprint[x:x + 2] - for x in xrange(0, len(peerfingerprint), 2)]) - if hostfingerprint: - if peerfingerprint.lower() != \ - hostfingerprint.replace(':', '').lower(): - raise util.Abort(_('invalid certificate for %s ' - 'with fingerprint %s') % - (host, nicefingerprint)) - self.ui.debug('%s certificate matched fingerprint %s\n' % - (host, nicefingerprint)) - else: - self.ui.warn(_('warning: %s certificate ' - 'with fingerprint %s not verified ' - '(check hostfingerprints or web.cacerts ' - 'config setting)\n') % - (host, nicefingerprint)) - else: # python 2.5 ? - if hostfingerprint: - raise util.Abort(_("host fingerprint for %s can't be " - "verified (Python too old)") % host) - self.ui.warn(_("warning: certificate for %s can't be " - "verified (Python too old)\n") % host) + peercert = sock.getpeercert(True) + peerfingerprint = util.sha1(peercert).hexdigest() + nicefingerprint = ":".join([peerfingerprint[x:x + 2] + for x in xrange(0, len(peerfingerprint), 2)]) + if hostfingerprint: + if peerfingerprint.lower() != \ + hostfingerprint.replace(':', '').lower(): + raise util.Abort(_('invalid certificate for %s ' + 'with fingerprint %s') % + (host, nicefingerprint)) + self.ui.debug('%s certificate matched fingerprint %s\n' % + (host, nicefingerprint)) + else: + self.ui.warn(_('warning: %s certificate ' + 'with fingerprint %s not verified ' + '(check hostfingerprints or web.cacerts ' + 'config setting)\n') % + (host, nicefingerprint))