Commit cbc5755df6b by Augie Fackler

sslutil: migrate to hashutil.sha1 instead of hashlib.sha1

This is a straight-line replacement like the others, but I split it
out since it's used in a network context and I'm not sure this is
appropriate (we should probably drop support for sha1
fingerprints over TLS) and wanted this to be easily dropped.

Differential Revision: https://phab.mercurial-scm.org/D7850
parent a61287a95dc
......@@ -24,6 +24,7 @@ from . import (
util,
)
from .utils import (
hashutil,
resourceutil,
stringutil,
)
......@@ -949,7 +950,7 @@ def validatesocket(sock):
# If a certificate fingerprint is pinned, use it and only it to
# validate the remote cert.
peerfingerprints = {
b'sha1': node.hex(hashlib.sha1(peercert).digest()),
b'sha1': node.hex(hashutil.sha1(peercert).digest()),
b'sha256': node.hex(hashlib.sha256(peercert).digest()),
b'sha512': node.hex(hashlib.sha512(peercert).digest()),
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment