Submitter | phabricator |
---|---|
Date | Jan. 13, 2020, 10:48 p.m. |
Message ID | <differential-rev-PHID-DREV-bcgqm3unfcbsrik6biso-req@mercurial-scm.org> |
Download | mbox | patch |
Permalink | /patch/44295/ |
State | Superseded |
Headers | show |
Comments
This revision is now accepted and ready to land. indygreg added a comment. indygreg accepted this revision. Yeah, the new SHA-1 routine probably doesn't matter in this context. And we should probably drop support for SHA-1 certificate fingerprint verification. But consistency in using our SHA-1 wrapper is worth it, IMO. REPOSITORY rHG Mercurial BRANCH default CHANGES SINCE LAST ACTION https://phab.mercurial-scm.org/D7850/new/ REVISION DETAIL https://phab.mercurial-scm.org/D7850 To: durin42, #hg-reviewers, indygreg Cc: indygreg, mercurial-devel
Patch
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py --- a/mercurial/sslutil.py +++ b/mercurial/sslutil.py @@ -24,6 +24,7 @@ util, ) from .utils import ( + hashutil, resourceutil, stringutil, ) @@ -949,7 +950,7 @@ # If a certificate fingerprint is pinned, use it and only it to # validate the remote cert. peerfingerprints = { - b'sha1': node.hex(hashlib.sha1(peercert).digest()), + b'sha1': node.hex(hashutil.sha1(peercert).digest()), b'sha256': node.hex(hashlib.sha256(peercert).digest()), b'sha512': node.hex(hashlib.sha512(peercert).digest()), }