sslutil: more helpful fingerprint mismatch message
This will aid debugging for users of sites that renew certs.
--- a/mercurial/sslutil.py Thu Jan 26 11:23:14 2012 -0600
+++ b/mercurial/sslutil.py Thu Jan 26 11:23:15 2012 -0600
@@ -122,8 +122,9 @@
if hostfingerprint:
if peerfingerprint.lower() != \
hostfingerprint.replace(':', '').lower():
- raise util.Abort(_('invalid certificate for %s with '
- 'fingerprint %s') % (host, nicefingerprint))
+ raise util.Abort(_('certificate for %s has unexpected '
+ 'fingerprint %s') % (host, nicefingerprint),
+ hint=_('check hostfingerprint configuration'))
self.ui.debug('%s certificate matched fingerprint %s\n' %
(host, nicefingerprint))
elif cacerts:
--- a/tests/test-https.t Thu Jan 26 11:23:14 2012 -0600
+++ b/tests/test-https.t Thu Jan 26 11:23:15 2012 -0600
@@ -225,7 +225,8 @@
- fails when cert doesn't match hostname (port is ignored)
$ hg -R copy-pull id https://localhost:$HGPORT1/
- abort: invalid certificate for localhost with fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
+ abort: certificate for localhost has unexpected fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
+ (check hostfingerprint configuration)
[255]
- ignores that certificate doesn't match hostname