Mercurial > hg

changeset 15997:a45516cb8d9f stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: more helpful fingerprint mismatch message This will aid debugging for users of sites that renew certs.
author Matt Mackall <mpm@selenic.com>
date Thu, 26 Jan 2012 11:23:15 -0600
parents 0455463655e0
children 916de764b4f6 384f7521c791 10c8110d114b
files mercurial/sslutil.py tests/test-https.t
diffstat 2 files changed, 5 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/sslutil.py	Thu Jan 26 11:23:14 2012 -0600
+++ b/mercurial/sslutil.py	Thu Jan 26 11:23:15 2012 -0600
@@ -122,8 +122,9 @@
         if hostfingerprint:
             if peerfingerprint.lower() != \
                     hostfingerprint.replace(':', '').lower():
-                raise util.Abort(_('invalid certificate for %s with '
-                                   'fingerprint %s') % (host, nicefingerprint))
+                raise util.Abort(_('certificate for %s has unexpected '
+                                   'fingerprint %s') % (host, nicefingerprint),
+                                 hint=_('check hostfingerprint configuration'))
             self.ui.debug('%s certificate matched fingerprint %s\n' %
                           (host, nicefingerprint))
         elif cacerts:
--- a/tests/test-https.t	Thu Jan 26 11:23:14 2012 -0600
+++ b/tests/test-https.t	Thu Jan 26 11:23:15 2012 -0600
@@ -225,7 +225,8 @@
 
 - fails when cert doesn't match hostname (port is ignored)
   $ hg -R copy-pull id https://localhost:$HGPORT1/
-  abort: invalid certificate for localhost with fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
+  abort: certificate for localhost has unexpected fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
+  (check hostfingerprint configuration)
   [255]
 
 - ignores that certificate doesn't match hostname