Patchwork [7,of,9,V2] sslutil: refactor code for fingerprint matching

login
register
mail settings
Submitter Gregory Szorc
Date June 1, 2016, 2:22 a.m.
Message ID <61161d0f3ac8d837e6e6.1464747723@ubuntu-vm-main>
Download mbox | patch
Permalink /patch/15313/
State Superseded
Headers show

Comments

Gregory Szorc - June 1, 2016, 2:22 a.m.
# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1464648183 25200
#      Mon May 30 15:43:03 2016 -0700
# Node ID 61161d0f3ac8d837e6e60c843f67a1bd13178131
# Parent  f6c550ace32b95b83ed4f05786327815f008335a
sslutil: refactor code for fingerprint matching

We didn't need to use a temporary variable to indicate success because
we just return anyway.

This refactor makes the code simpler. While we're here, we also call
into formatfingerprint() to ensure the fingerprint from the proper
hashing algorithm is logged.

Patch

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -384,28 +384,25 @@  def validatesocket(sock):
     nicefingerprint = 'sha256:%s' % fmtfingerprint(peerfingerprints['sha256'])
 
     if settings['legacyfingerprint']:
         section = 'hostfingerprint'
     else:
         section = 'hostsecurity'
 
     if settings['certfingerprints']:
-        fingerprintmatch = False
         for hash, fingerprint in settings['certfingerprints']:
             if peerfingerprints[hash].lower() == fingerprint:
-                fingerprintmatch = True
-                break
-        if not fingerprintmatch:
-            raise error.Abort(_('certificate for %s has unexpected '
-                               'fingerprint %s') % (host, legacyfingerprint),
-                              hint=_('check %s configuration') % section)
-        ui.debug('%s certificate matched fingerprint %s\n' %
-                 (host, legacyfingerprint))
-        return
+                ui.debug('%s certificate matched fingerprint %s:%s\n' %
+                         (host, hash, fmtfingerprint(fingerprint)))
+                return
+
+        raise error.Abort(_('certificate for %s has unexpected '
+                           'fingerprint %s') % (host, legacyfingerprint),
+                          hint=_('check %s configuration') % section)
 
     if not sock._hgstate['caloaded']:
         ui.warn(_('warning: %s certificate with fingerprint %s '
                   'not verified (check %s or web.cacerts config '
                   'setting)\n') %
                 (host, nicefingerprint, section))
         return