��c@s�ddlZddlmZddlmZy+ddlZejZejdd�Z Wn>e
k
r�dZddlZddlZedd�Z nXd�Z
d�Zd efd
��YZdS(i�N(tutil(t_cCsItj|||d|d|�}|j�sEtjtd���n|S(Nt cert_reqstca_certssssl connection failed(tssltwrap_sockettcipherRtAbortR(tsocktkeyfiletcertfileRRt sslsocket((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pytssl_wrap_sockets
icCsmtjtd�s*tjtd���n|rHtjtd���ntj|||�}tj||�S(NRsPython SSL support not founds(certificate checking requires Python 2.6(RtsafehasattrtsocketRRRthttplibt
FakeSocket(Rtkey_filet cert_fileRRR((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyRs c
sJ|std�S|j���fd�}|jdg�}|r�g|D]$\}}|dkrJ|j�^qJ}x|D]}||�r{d
Sq{W|r�td�dj|�Snx�|jdg�D]t}|d\}}|d kr�y|j�jd
�} Wntk
rtd�SX|| �r.d
Std�| Sq�Wtd�S(s�Verify that cert (in socket.getpeercert() format) matches hostname.
CRLs is not handled.
Returns error message if any problems are found and None on success.
sno certificate receivedcs6|�kp5d�ko5|d�jdd�dkS(Nt.s*.i(tsplit(tcertname(tdnsname(s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pytmatchdnsname3stsubjectAltNametDNSscertificate is for %ss, tsubjectit
commonNametasciis IDN in certificate not supporteds4no commonName or subjectAltName found in certificateN(RtlowertgettNonetjointencodetUnicodeEncodeError(
tcertthostnameRtsantkeytvaluet certnamestnametsR((Rs5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyt_verifycert*s.
1
cCs�|jdd�}|jd|�}|r�|r�tj|�}tjj|�sntjtd�|��ni|d6td6SiS(Ntwebtcacertsthostfingerprintsscould not find web.cacerts: %sRR( tconfigRt
expandpathtostpathtexistsRRt
CERT_REQUIRED(tuithostR-thostfingerprint((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyt sslkwargsUs
t validatorcBseZd�Zed�ZRS(cCs||_||_dS(N(R5R6(tselfR5R6((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyt__init__bs cCs�|j}|jjdd�}|jjd|�}t|dt�s�|rgtjtd�|��n|r�tjtd�|��n|jjddt �r�|jj
td �|�ndS|j�s�jtd
�|��ny|jt �}|j�}Wn*t
k
r5tjtd
�|��nX|sXtjtd�|��ntj|�j�}djgtd
t|�d�D]} || | d!^q��}
|r!|j�|jdd�j�krtjtd�||
fdtd���n|jjd||
f�n�|r�t||�}|rntjtd�||fdtd�|
��n|jjd|�nT|r�tjtd�||
fdtd���n |jj
td�||
f�dS(NR,R-R.tgetpeercerts:host fingerprint for %s can't be verified (Python too old)s5certificate for %s can't be verified (Python too old)R5treportoldssls?warning: certificate for %s can't be verified (Python too old)
s%s ssl connection errors-%s certificate error: no certificate receivedt:iits0certificate for %s has unexpected fingerprint %sthints#check hostfingerprint configurations&%s certificate matched fingerprint %s
s%s certificate error: %ssDconfigure hostfingerprint %s or use --insecure to connect insecurelys%%s certificate successfully verified
s/%s certificate with fingerprint %s not verifieds4check hostfingerprints or web.cacerts config settingspwarning: %s certificate with fingerprint %s not verified (check hostfingerprints or web.cacerts config setting)
(R6R5R/tgetattrtFalseRRRt
configbooltTruetwarnRR<tAttributeErrortsha1t hexdigestR txrangetlenRtreplacetdebugR+(R:RtstrictR6R-R7tpeercertt peercert2tpeerfingerprinttxtnicefingerprinttmsg((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyt__call__fs`
6
(t__name__t
__module__R;RBRT(((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyR9as (R1t mercurialRtmercurial.i18nRRR4t CERT_NONERRtImportErrorRRR+R8tobjectR9(((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyt<module> s
+
|