Patchwork [3,of,4,RFC] sslutil: abort if peer certificate is not verified for secure use

login
register
mail settings
Submitter Katsunori FUJIWARA
Date March 25, 2013, 5:32 p.m.
Message ID <6148e84c076b4b660408.1364232753@juju>
Download mbox | patch
Permalink /patch/1186/
State Accepted
Commit 2d7fac049d3a45054cc60a07aa8ce0a3f93b1cba
Delegated to: Bryan O'Sullivan
Headers show

Comments

Katsunori FUJIWARA - March 25, 2013, 5:32 p.m.
# HG changeset patch
# User FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
# Date 1364232490 -32400
# Node ID 6148e84c076b4b660408d76a519daedf06a5255a
# Parent  746995f6d779c452d940081053cc9e827b7cddaa
sslutil: abort if peer certificate is not verified for secure use

Before this patch, "sslutil.validator" may returns successfully, even
if peer certificate is not verified because there is no information in
"[hostfingerprints]" and "[web] cacerts".

To prevent from sending authentication credential to untrustable SMTP
server, validation should be aborted if peer certificate is not
verified.

This patch introduces "strict" optional argument, and
"sslutil.validator" will abort if it is True and peer certificate is
not verified.

Patch

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -99,7 +99,7 @@ 
         self.ui = ui
         self.host = host
 
-    def __call__(self, sock):
+    def __call__(self, sock, strict=False):
         host = self.host
         cacerts = self.ui.config('web', 'cacerts')
         hostfingerprint = self.ui.config('hostfingerprints', host)
@@ -107,6 +107,9 @@ 
             if hostfingerprint:
                 raise util.Abort(_("host fingerprint for %s can't be "
                                    "verified (Python too old)") % host)
+            if strict:
+                raise util.Abort(_("certificate for %s can't be verified "
+                                   "(Python too old)") % host)
             if self.ui.configbool('ui', 'reportoldssl', True):
                 self.ui.warn(_("warning: certificate for %s can't be verified "
                                "(Python too old)\n") % host)
@@ -136,6 +139,11 @@ 
                                         '--insecure to connect insecurely') %
                                       nicefingerprint)
             self.ui.debug('%s certificate successfully verified\n' % host)
+        elif strict:
+            raise util.Abort(_('%s certificate with fingerprint %s not '
+                               'verified') % (host, nicefingerprint),
+                             hint=_('check hostfingerprints or web.cacerts '
+                                     'config setting'))
         else:
             self.ui.warn(_('warning: %s certificate with fingerprint %s not '
                            'verified (check hostfingerprints or web.cacerts '