ó ŸçƒQc@sÄddlZddlmZddlmZy+ddlZejZejdd„Z Wn>e k r—dZddl Z ddl Z edd„Z nXd„Z d„Zd efd „ƒYZdS( iÿÿÿÿN(tutil(t_cCsItj|||d|d|ƒ}|jƒsEtjtdƒƒ‚n|S(Nt cert_reqstca_certssssl connection failed(tsslt wrap_sockettcipherRtAbortR(tsocktkeyfiletcertfileRRt sslsocket((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pytssl_wrap_sockets  icCsmtjtdƒs*tjtdƒƒ‚n|rHtjtdƒƒ‚ntj|||ƒ}tj||ƒS(NRsPython SSL support not founds(certificate checking requires Python 2.6(Rt safehasattrtsocketRRRthttplibt FakeSocket(Rtkey_filet cert_fileRRR((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyR s c sJ|stdƒS|jƒ‰‡fd†}|jdgƒ}|rµg|D]$\}}|dkrJ|jƒ^qJ}x|D]}||ƒr{d Sq{W|rµtdƒdj|ƒSnxˆ|jdgƒD]t}|d\}}|d krÈy|jƒjd ƒ} Wntk rtd ƒSX|| ƒr.d Stdƒ| SqÈWtd ƒS(s«Verify that cert (in socket.getpeercert() format) matches hostname. CRLs is not handled. Returns error message if any problems are found and None on success. sno certificate receivedcs6|ˆkp5dˆko5|dˆjddƒdkS(Nt.s*.i(tsplit(tcertname(tdnsname(s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyt matchdnsname3s tsubjectAltNametDNSscertificate is for %ss, tsubjectit commonNametasciis IDN in certificate not supporteds4no commonName or subjectAltName found in certificateN(RtlowertgettNonetjointencodetUnicodeEncodeError( tcertthostnameRtsantkeytvaluet certnamestnametsR((Rs5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyt _verifycert*s.  1      cCs„|jddƒ}|jd|ƒ}|r€| r€tj|ƒ}tjj|ƒsntjtdƒ|ƒ‚ni|d6td6SiS(Ntwebtcacertsthostfingerprintsscould not find web.cacerts: %sRR( tconfigRt expandpathtostpathtexistsRRt CERT_REQUIRED(tuithostR-thostfingerprint((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyt sslkwargsUs  t validatorcBseZd„Zed„ZRS(cCs||_||_dS(N(R5R6(tselfR5R6((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyt__init__bs c CsÝ|j}|jjddƒ}|jjd|ƒ}t|dtƒsÂ|rgtjtdƒ|ƒ‚n|r‰tjtdƒ|ƒ‚n|jjddt ƒr¾|jj td ƒ|ƒndS|j ƒsêtjtd ƒ|ƒ‚ny|j t ƒ}|j ƒ}Wn*t k r5tjtd ƒ|ƒ‚nX|sXtjtd ƒ|ƒ‚ntj|ƒjƒ}d jgtd t|ƒdƒD]} || | d!^qŒƒ} |r!|jƒ|jd dƒjƒkrtjtdƒ|| fdtdƒƒ‚n|jjd|| fƒn¸|r…t||ƒ} | rntjtdƒ|| fdtdƒ| ƒ‚n|jjd|ƒnT|r¹tjtdƒ|| fdtdƒƒ‚n |jj tdƒ|| fƒdS(NR,R-R.t getpeercerts:host fingerprint for %s can't be verified (Python too old)s5certificate for %s can't be verified (Python too old)R5t reportoldssls?warning: certificate for %s can't be verified (Python too old) s%s ssl connection errors-%s certificate error: no certificate receivedt:iits0certificate for %s has unexpected fingerprint %sthints#check hostfingerprint configurations&%s certificate matched fingerprint %s s%s certificate error: %ssDconfigure hostfingerprint %s or use --insecure to connect insecurelys%%s certificate successfully verified s/%s certificate with fingerprint %s not verifieds4check hostfingerprints or web.cacerts config settingspwarning: %s certificate with fingerprint %s not verified (check hostfingerprints or web.cacerts config setting) (R6R5R/tgetattrtFalseRRRt configbooltTruetwarnRR<tAttributeErrortsha1t hexdigestR txrangetlenRtreplacetdebugR+( R:RtstrictR6R-R7tpeercertt peercert2tpeerfingerprinttxtnicefingerprinttmsg((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyt__call__fs`        6      (t__name__t __module__R;RBRT(((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyR9as (R1t mercurialRtmercurial.i18nRRR4t CERT_NONERR t ImportErrorRRR+R8tobjectR9(((s5/sys/lib/python2.7/site-packages/mercurial/sslutil.pyt s     +