changeset 18879:93b03a222c3e

sslutil: try harder to avoid getpeercert problems We wrap both calls to getpeercert in a try/except to make sure we catch its bogus AttributeError.
author Matt Mackall <mpm@selenic.com>
date Fri, 05 Apr 2013 12:20:14 -0500
parents f63035b9b38a
children 565482e2ac6b
files mercurial/sslutil.py
diffstat 1 files changed, 8 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/sslutil.py	Thu Apr 04 16:37:37 2013 -0500
+++ b/mercurial/sslutil.py	Fri Apr 05 12:20:14 2013 -0500
@@ -111,9 +111,15 @@
                 self.ui.warn(_("warning: certificate for %s can't be verified "
                                "(Python too old)\n") % host)
             return
+
         if not sock.cipher(): # work around http://bugs.python.org/issue13721
             raise util.Abort(_('%s ssl connection error') % host)
-        peercert = sock.getpeercert(True)
+        try:
+            peercert = sock.getpeercert(True)
+            peercert2 = sock.getpeercert()
+        except AttributeError:
+            raise util.Abort(_('%s ssl connection error') % host)
+
         if not peercert:
             raise util.Abort(_('%s certificate error: '
                                'no certificate received') % host)
@@ -129,7 +135,7 @@
             self.ui.debug('%s certificate matched fingerprint %s\n' %
                           (host, nicefingerprint))
         elif cacerts:
-            msg = _verifycert(sock.getpeercert(), host)
+            msg = _verifycert(peercert2, host)
             if msg:
                 raise util.Abort(_('%s certificate error: %s') % (host, msg),
                                  hint=_('configure hostfingerprint %s or use '