Mercurial > hg
changeset 15815:edc3a901a63d
sslutil: reorder validator code to make it more readable
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Mon, 09 Jan 2012 14:43:24 +0100 |
| parents | c3e958b50a22 |
| children | 4bb59919c905 |
| files | mercurial/sslutil.py |
| diffstat | 1 files changed, 12 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Mon Jan 09 14:43:24 2012 +0100 +++ b/mercurial/sslutil.py Mon Jan 09 14:43:24 2012 +0100 @@ -114,7 +114,14 @@ peerfingerprint = util.sha1(peercert).hexdigest() nicefingerprint = ":".join([peerfingerprint[x:x + 2] for x in xrange(0, len(peerfingerprint), 2)]) - if cacerts and not hostfingerprint: + if hostfingerprint: + if peerfingerprint.lower() != \ + hostfingerprint.replace(':', '').lower(): + raise util.Abort(_('invalid certificate for %s with ' + 'fingerprint %s') % (host, nicefingerprint)) + self.ui.debug('%s certificate matched fingerprint %s\n' % + (host, nicefingerprint)) + elif cacerts: msg = _verifycert(sock.getpeercert(), host) if msg: raise util.Abort(_('%s certificate error: %s') % (host, msg), @@ -123,17 +130,7 @@ nicefingerprint) self.ui.debug('%s certificate successfully verified\n' % host) else: - if hostfingerprint: - if peerfingerprint.lower() != \ - hostfingerprint.replace(':', '').lower(): - raise util.Abort(_('invalid certificate for %s ' - 'with fingerprint %s') % - (host, nicefingerprint)) - self.ui.debug('%s certificate matched fingerprint %s\n' % - (host, nicefingerprint)) - else: - self.ui.warn(_('warning: %s certificate ' - 'with fingerprint %s not verified ' - '(check hostfingerprints or web.cacerts ' - 'config setting)\n') % - (host, nicefingerprint)) + self.ui.warn(_('warning: %s certificate with fingerprint %s not ' + 'verified (check hostfingerprints or web.cacerts ' + 'config setting)\n') % + (host, nicefingerprint))