sslutil: migrate to hashutil.sha1 instead of hashlib.sha1
authorAugie Fackler <augie@google.com>
Mon, 13 Jan 2020 17:16:54 -0500
changeset 44061 cbc5755df6bf
parent 44060 a61287a95dc3
child 44062 2d49482d0dd4
sslutil: migrate to hashutil.sha1 instead of hashlib.sha1 This is a straight-line replacement like the others, but I split it out since it's used in a network context and I'm not sure this is appropriate (we should probably drop support for sha1 fingerprints over TLS) and wanted this to be easily dropped. Differential Revision: https://phab.mercurial-scm.org/D7850
mercurial/sslutil.py
--- a/mercurial/sslutil.py	Mon Jan 13 17:15:14 2020 -0500
+++ b/mercurial/sslutil.py	Mon Jan 13 17:16:54 2020 -0500
@@ -24,6 +24,7 @@
     util,
 )
 from .utils import (
+    hashutil,
     resourceutil,
     stringutil,
 )
@@ -949,7 +950,7 @@
     # If a certificate fingerprint is pinned, use it and only it to
     # validate the remote cert.
     peerfingerprints = {
-        b'sha1': node.hex(hashlib.sha1(peercert).digest()),
+        b'sha1': node.hex(hashutil.sha1(peercert).digest()),
         b'sha256': node.hex(hashlib.sha256(peercert).digest()),
         b'sha512': node.hex(hashlib.sha512(peercert).digest()),
     }