�
o��
@s�dd�kZdd�k�l�Z��dd�k�l�Z��y+dd�k�Z�e�i�Z�e�i�d�d��Z Wn@�e
j
o4����d�Z�dd�k�Z�dd�k�Z�e�d�d��Z n��Xd��Z
d��Z�d e�f�d
��YZ�d�S(�i�N(�t�util(�t�_c���CsKti�||�|�d�|�d�|���}�|�i��p��t�i�t�d����n��|�S(�Nt cert_reqst�ca_certss�ssl connection failed(�t�sslt�wrap_sockett�cipherRt�AbortR�(�t�sockt�keyfilet�certfileR�R�t sslsocket((s@/sys/lib/python/lib/python2.5/site-packages/mercurial/sslutil.pyt�ssl_wrap_socket�s
�����
���i�c���Csqti�t�d��p��ti�t�d����n��|�o��ti�t�d����n��t�i�||�|��}�t�i�||��S(�NR�s�Python SSL support not founds(certificate checking requires Python 2.6(�Rt�safehasattrt�socketR�R�R�t�httplibt
FakeSocket(�R�t�key_filet cert_fileR�R�R�((s@/sys/lib/python/lib/python2.5/site-packages/mercurial/sslutil.pyR��s�������� �����c����sw�|p��td��Sn��|�i����f�d��}�|i�d�g�}�|�o��g�}�|�D]*\�}�}�|�d�j�o��|�|�i���qT�qT~�}�x#|�D]�}�|�|��o��d
Sq��q�W|�o��td��d�i�|���Sq��n��x�|i�d�g�D]�} | d��\�}�}�|�d j�o`�y�|�i��i�d
�}
Wn��t�j
o�����td��Sn��X|�|
�o��d
Sn��td��|
�Sq�q�td��S(�s�Verify that cert (in socket.getpeercert() format) matches hostname.
CRLs is not handled.
Returns error message if any problems are found and None on success.
s�no certificate receivedc����s8|�j�p+�d��j�o��|d��id�d��d���j�S(�Nt�.s�*.i�(�t�split(�t�certname(�t�dnsname(s@/sys/lib/python/lib/python2.5/site-packages/mercurial/sslutil.pyt�matchdnsname3s��
�t�subjectAltNamet�DNSs�certificate is for %ss�, t�subjectit
commonNamet�asciis IDN in certificate not supporteds4no commonName or subjectAltName found in certificateN(�R�t�lowert�gett�Nonet�joint�encodet�UnicodeEncodeError(�t�certt�hostnameR�t�sant�_[1]t�keyt�valuet certnamest�namet�sR�((�R�s@/sys/lib/python/lib/python2.5/site-packages/mercurial/sslutil.pyt�_verifycert*s2�������������>����
������������
���������
�����c���Cs�|id�d��}�|id�|��}�|�oa�|��oY�t�i�|��}�t�i�i�|��p��t�i�t�d��|����n��h�|��d�<�t��d�<Sn��hS(�Nt�webt�cacertst�hostfingerprintss�could not find web.cacerts: %sR�R�( t�configRt
expandpatht�ost�patht�existsR�R�t
CERT_REQUIRED(�t�uit�hostR.t�hostfingerprint((s@/sys/lib/python/lib/python2.5/site-packages/mercurial/sslutil.pyt sslkwargsUs��������������
�
�t validatorc�Bs�eZ�d�Z�d��Z�RS(�c���Cs�|�|_|�|_�dS(�N(�R6R7(�t�selfR6R7((s@/sys/lib/python/lib/python2.5/site-packages/mercurial/sslutil.pyt�__init__bs�� �c���Csm�|i}�|i�i�d�d��}�|i�i�d�|��}�t�|�d�t��pc�|�o��t�i�t�d��|����n��|i�i�d�d�t �o��|i�i
t�d��|����n��dSn��|�i��p��t�i�t�d �|����n��|�i�t �}�|�p��t�i�t�d
�|����n��t�i
|��i��}�d�i�g�}�t�d�t�|��d
�D]�}�|�|�|�|�d
�!�q>�~��} |�or�|�i��|�i�d�d��i��j�o/�t�i�t�d��|�| f��d�t�d�����n��|i�i�d�|�| f����n��|�og�t�|�i��|��}
|
o3�t�i�t�d��|�|
f��d�t�d��| ����n��|i�i�d�|����n!�|i�i
t�d��|�| f����dS(�NR-R.R/t�getpeercerts:host fingerprint for %s can't be verified (Python too old)R6t�reportoldssls?warning: certificate for %s can't be verified (Python too old)
s�%s ssl connection errors-%s certificate error: no certificate receivedt�:ii�ts0certificate for %s has unexpected fingerprint %st�hints#check hostfingerprint configurations&%s certificate matched fingerprint %s
s�%s certificate error: %ssDconfigure hostfingerprint %s or use --insecure to connect insecurelys%%s certificate successfully verified
spwarning: %s certificate with fingerprint %s not verified (check hostfingerprints or web.cacerts config setting)
(�R7R6R0t�getattrt�FalseRR�R�t
configboolt�Truet�warnR�R=t�sha1t hexdigestR t�xranget�lenR�t�replacet�debugR,(�R;R�R7R.R8t�peercertt�peerfingerprintR&t�xt�nicefingerprintt�msg((s@/sys/lib/python/lib/python2.5/site-packages/mercurial/sslutil.pyt�__call__fsJ� ���������������������
�������������
�:��� �����
��������������� �������(�t�__name__t
__module__R<RR(((s@/sys/lib/python/lib/python2.5/site-packages/mercurial/sslutil.pyR:as��� �(�R2t mercurialRt�mercurial.i18nR�R�R5t CERT_NONER�R�t�ImportErrorR�R�R,R9t�objectR:(((s@/sys/lib/python/lib/python2.5/site-packages/mercurial/sslutil.pys�<module> s����������� ����������
+ �
|
