File: //usr/lib/python2.7/dist-packages/mercurial/sslutil.pyc
�ó
x7�_c������������@@��s���d��d��l��m��Z���d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��m��Z���d��d��l �m
�Z
�m��Z���e��d��d��d��g��ƒ��Z
�e��e��d �e��ƒ��Z��e��d��g��ƒ��Z��e��j��e��d
�ƒ��rÊ�e��j��d��ƒ���n��e��j��e��d��ƒ��rì�e��j��d��ƒ���n��y%�e��j��Z��e��Z��e��j��e��d��ƒ��Z��Wn3��e��k
�rF����e��Z��e��Z��d
�e��f��d��„��ƒ��YZ��n��Xd��„��Z��d��„��Z��d��d��„��Z��d��d��d��e��d��„��Z��d��e��f��d��„��ƒ��YZ �d��d��„��Z!�d��„��Z"�d��„��Z#�d��d��g��Z$�d��„��Z%�d��„��Z&�d��S(����i����(����t����absolute_importNi����(����t����_(����t����errort����utils����tls1.0s����tls1.1s����tls1.2t����HAS_SNIt����PROTOCOL_TLSv1_1t����PROTOCOL_TLSv1_2t����load_default_certst
���SSLContextc������������B@��se���e��Z��e��j��d��k��Z��d��„��Z��d �d �d��„��Z��d �d��„��Z��d �d �d �d��„��Z �d��„��Z
�d �e��d��„��Z��RS(
���i����i����c������������C@��sX���|��|��_��t��|��_��d��|��_��t��j��|��_��d��|��_��d��|��_ �d��|��_
�d��|��_��d��|��_��d��S(����Ni����(
���t����protocolt����Falset����check_hostnamet����optionst����sslt ���CERT_NONEt����verify_modet����Nonet ���_certfilet����_keyfilet
���_certpasswordt����_cacertst����_ciphers(����t����selfR ���(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt����__init__?���s������ � � ��� � � � �c������������C@��s����|��|��_��|��|��_��|��|��_��d��S(����N(����R����R����R����(����R����t����certfilet����keyfilet����password(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt����load_cert_chainM���s������ � �c������������C@��s����d��S(����N(����(����R����t����purpose(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyR����R���s������c������������C@��sI���|��r��t��j��t��d��ƒ��ƒ��‚��n��|��r<�t��j��t��d��ƒ��ƒ��‚��n��|��|��_��d��S(����Ns����capath not supporteds����cadata not supported(����R����t����AbortR����R����(����R����t����cafilet����capatht����cadata(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt����load_verify_locationsU���s
�������������c������������C@��s:���|��j��s-�t��j��t��d��ƒ��d��t��d��ƒ��ƒ��‚��n��|��|��_��d��S(����NsL���setting ciphers in [hostsecurity] is not supported by this version of Pythont����hintsR���remove the config option or run Mercurial with a modern Python version (preferred)(����t����_supportsciphersR����R����R����R����(����R����t����ciphers(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt����set_ciphers]���s������ �����c������������C@��sh���i��|��j��d��6|��j��d��6|��d��6|��j��d��6|��j��d��6|��j��d��6}��|��j��rX�|��j��|��d��<n��t��j��|��|����S(����NR����R����t����server_sidet ���cert_reqst����ssl_versiont����ca_certsR$���( ���R����R����R����R ���R����R#���R����R
���t����wrap_socket(����R����t����sockett����server_hostnameR&���t����args(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyR*���g���s��������
�
���
�
�
� ���(����i����i����N(
���t����__name__t
���__module__t����syst����version_infoR#���R����R����R����R����R!���R%���R
���R*���(����(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyR����;���s�������� �������
c������������C@��s˜���i
�t��d��6g��d��6d,�d��6t��d��6t��d��6d,�d��6d,�d��6d,�d��6d,�d �6d,�d
�6}��d��„��}��d��t��k��rj�d��}��n2�|��j��d
�d��ƒ��s–�|��j��t��d��ƒ��|���ƒ���n��d��}��d��}��|��j��d
�|��|��ƒ��}��|��|��|��ƒ���d��|���}��|��j��d
�|��|��ƒ��}��|��|��|��ƒ���|��j��r��d��}��n��t �|��ƒ��\��|��d��<|��d �<|��d��<|��j��d
�d
�ƒ��}��|��j��d
�d��|���|��ƒ��}��|��|��d
�<|��j
�d
�d��|���g��ƒ��}��x’�|��D]Š�} �| �j��d-�ƒ��s»�t��j
�t��d��ƒ��|��| �f���d��t��d��ƒ��ƒ��‚��n��| �j��d��d��ƒ��\��}
�} �| �j��d��d��ƒ��j��ƒ��} �|��d���j��|
�| �f��ƒ���qx�WxV�|��j
�d��|��g��ƒ��D]?�} �| �j��d��d��ƒ��j��ƒ��} �|��d���j��d��| �f��ƒ���t��|��d��<q��W|��d���rƒ�t��j��|��d��<t��|��d��<n-�|��j��r°�t��|��d��<t��j��|��d��<t��|��d��<n��|��j��d �d!�ƒ��rÏ�t��|��d��<n��|��j��d
�d"�|���ƒ��}��|��d���r��|��r��|��j��t��d#�ƒ��|���ƒ���n��|��d���d,�k��rR�|��ry�t��j��|��ƒ��}��t��j��j��|��ƒ��sl�t��j
�t��d$�ƒ��d%�|���|��f���ƒ��‚��n��|��|��d��<n£�|��j��d&�d'�ƒ��}��|��rß�t��j��|��ƒ��}��t��j��j��|��ƒ��s��t��j
�t��d(�ƒ��|���t��d)�ƒ��d*���ƒ��‚��q��n3�|��d���r��t��|��ƒ��}��|��r��|��j��d+�|���ƒ���q��n��|��|��d��<|��s2�t��rB�|��d���rB�t��j��|��d��<qR�t��j��|��d��<n��|��d���d,�k �sh�t��‚��|��d ��d,�k �s~�t��‚��|��d���d,�k �s”�t��‚��|��S(.���sh���Obtain security settings for a hostname.
Returns a dict of settings relevant to that hostname.
t����allowloaddefaultcertst����certfingerprintsR����t����disablecertverificationt����legacyfingerprintR ���t
���protocoluit
���verifymodet
���ctxoptionsR$���c������������S@��sQ���|��t��k��rM�t��j��t��d��ƒ��|��|��f���d��t��d��ƒ��d��j��t��t��ƒ��ƒ���ƒ��‚��n��d��S(����Ns-���unsupported protocol from hostsecurity.%s: %sR"���s����valid protocols: %st���� (����t����configprotocolsR����R����R����t����joint����sorted(����R ���t����key(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt����validateprotocolš���s���������� �
� �s����tls1.1t����hostsecurityt����disabletls10warnings‰���warning: connecting to %s using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
s����tls1.0t����minimumprotocols����%s:minimumprotocols
���%s:cipherss����%s:fingerprintss����sha1:s����sha256:s����sha512:s����invalid fingerprint for %s: %sR"���s0���must begin with "sha1:", "sha256:", or "sha512:"t����:i����t����t����hostfingerprintst����sha1t����develt����disableloaddefaultcertss����%s:verifycertsfiless���(hostsecurity.%s:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification)
s'���path specified by %s does not exist: %ss����hostsecurity.%s:verifycertsfilet����webt����cacertss����could not find web.cacerts: %ss ��� (try installing the %s package)s����ca-certificatess����using %s for CA file
N(����s����sha1:s����sha256:s����sha512:(����t����TrueR����R
���t����supportedprotocolst
���configboolt����warnR����t����configt����insecureconnectionst����protocolsettingst
���configlistt
���startswithR����R����t����splitt����replacet����lowert����appendR
���R����R����t
���expandpatht����ost����patht����existst����_defaultcacertst����debugt����_canloaddefaultcertst
���CERT_REQUIREDt����AssertionError(����t����uit����hostnamet����sR>���t����defaultprotocolR=���R ���R$���t����fingerprintst����fingerprintt����algR����(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt
���_hostsettingsz���sª�������������������������
� ��� �������������
�
���
� � �!�����
��� �
�����
�����������������
�
�
� �
�
�
���
�����������������������
������������� ���
�������
�������������c������������C@��s����|��t��k��r��t��d��|���ƒ��‚��n��t��t��d��g��ƒ��k��rx�|��d��k��rh�t��j��t��d��ƒ��|���d��t��d��ƒ��ƒ��‚��n��t��j��d��d��f��St��j �t��j
�B}��|��d��k��r—�nT�|��d��k��r³�|��t��j��O}��n8�|��d��k��rÖ�|��t��j��t��j��BO}��n��t��j��t��d �ƒ��ƒ��‚��|��t
�t��d
�d��ƒ��O}��t��j��|��|��f��S(����s÷���Resolve the protocol for a config value.
Returns a 3-tuple of (protocol, options, ui value) where the first
2 items are values used by SSLContext and the last is a string value
of the ``minimumprotocol`` config option equivalent.
s ���protocol value not supported: %ss����tls1.0s3���current Python does not support protocol setting %sR"���sA���upgrade Python or disable setting since only TLS 1.0 is supportedi����s����tls1.1s����tls1.2s����this should not happent����OP_NO_COMPRESSION(����R:���t
���ValueErrorRK���t����setR����R����R����R
���t����PROTOCOL_TLSv1t����OP_NO_SSLv2t����OP_NO_SSLv3t����OP_NO_TLSv1t
���OP_NO_TLSv1_1t����getattrt����PROTOCOL_SSLv23(����R ���R����(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyRP���$���s$��������
������������������������������c�������������@��s���|��s��t��j��t��d��ƒ��ƒ��‚��n��t��ˆ��|��ƒ��}��t��|��d���ƒ��}��|���j��|��d���O�_��|��d���|��_��|��d���rÌ�y��|��j��|��d���ƒ���WqÌ��t��j �k
�rÈ��}���t��j��t��d��ƒ��|��j
�d����d��t��d �ƒ��|��d����ƒ��‚��qÌ�Xn��ˆ��d!�k �r��‡��‡��‡��f��d
�†��}��|��j��ˆ��ˆ��|��ƒ���n��|��d���d!�k �r®�y��|��j
�d��|��d���ƒ���Wnw��t��j �k
�r¤��}���t��|��j
�ƒ��d��k��re�|��j
�d���} �n
�|��j
�d���} �t��j��t��d
�ƒ��|��d���| �f���d��t��d��ƒ��ƒ��‚��n��Xt��}
�n#�|��d���rË�|��j��ƒ���t��}
�n��t��}
�y��|��j��|��d��|��ƒ��}��WnV��t��j �k
�rB��}���yF�|
�rD�|��d���t��j��k��rD�t��rD�|��j��ƒ���rD�ˆ��j��t��d��ƒ��ƒ���n��Wn���t��j �k
�r[����n��Xt��j��|��d��ƒ��r<�|��j��d��k��r<�|��d���d��k��rë�t��t��d��g��ƒ��k��rÑ�ˆ��j��t��d��ƒ��|��d��j��t��t��ƒ��ƒ��f���ƒ���q6�ˆ��j��t��d��ƒ��|���ƒ���q9�ˆ��j��t��d��ƒ��|��d���|��f���ƒ���ˆ��j��t��d��ƒ��|���ƒ���ˆ��j��t��d��ƒ��ƒ���q<�n��‚��n��X|��j��ƒ��sg�t��j��t��d��ƒ��ƒ��‚��n��i��|
�d��6|��d��6|��d��6ˆ��d �6|��_��|��S("���s¾���Add SSL/TLS to a socket.
This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane
choices based on what security options are available.
In addition to the arguments supported by ``ssl.wrap_socket``, we allow
the following additional arguments:
* serverhostname - The expected hostname of the remote server. If the
server (and client) support SNI, this tells the server which certificate
to use.
s#���serverhostname argument is requiredR ���R8���R7���R$���s����could not set ciphers: %si����R"���s#���change cipher string (%s) in configc�������������@��s&���ˆ��p �ˆ��}��ˆ��j��t��d��ƒ��|���d��ƒ��S(����Ns����passphrase for %s: RC���(����t����getpassR����(����t����f(����R����R����R`���(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyR����‚���s��������R����i����s����error loading CA file %s: %ss����file is empty or malformed?R2���R,���s¬���(an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
t����reasont����UNSUPPORTED_PROTOCOLR6���s����tls1.0s���(could not communicate with %s using security protocols %s; if you are using a modern Mercurial version, consider contacting the operator of this server; see https://mercurial-scm.org/wiki/SecureConnections for more info)
s����, s��(could not communicate with %s using TLS 1.0; the likely cause of this is the server no longer supports TLS 1.0 because it has known security vulnerabilities; see https://mercurial-scm.org/wiki/SecureConnections for more info)
sš���(could not negotiate a common security protocol (%s+) with %s; the likely cause is Mercurial is configured to be more secure than the server can support)
s��(consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.%s:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
sE���(see https://mercurial-scm.org/wiki/SecureConnections for more info)
s����ssl connection failedt����caloadedRa���t����settingsR`���N( ���R����R����R����Rg���R����R����R����R%���R
���t����SSLErrorR-���R����R����R!���t����lenRJ���R����R
���R*���R^���t ���modernsslt����get_ca_certsRM���R����t����safehasattrRt���RK���Rj���R;���R<���t����ciphert����_hgstate(����t����sockR����R����R`���t����serverhostnameRw���t
���sslcontextt����eR����t����msgRv���t ���sslsocket(����(����R����R����R`���s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt
���wrapsocketX���s†����
����� ����
�
��������� ���������������������
������� �
�
� ����������������������������� ������� ����� ��������� �����������������
�c������������C@��sô���t��d��ƒ��\��}��}��}��|��j��d��d��ƒ��} �| �d��k��r?�t��j��}��nš�| �d��k��r{�d��t��k��ro�t��j��t��d��ƒ��ƒ��‚��n��t��j��}��n^�| �d��k��r·�d��t��k��r«�t��j��t��d��ƒ��ƒ��‚��n��t��j �}��n"�| �rÙ�t��j��t��d��ƒ��| ��ƒ��‚��n��t
�rs�t��|��ƒ��}
�|
��j��|��O�_��|
��j��t
�t��d �d
�ƒ��O�_��|
��j��t
�t��d��d
�ƒ��O�_��t��j��t��d��ƒ��r‚�|
��j��t
�t��d
�d
�ƒ��O�_��|
�j��t��j��ƒ���q‚�n��t��t��j��ƒ��}
�|��r—�t��j��|
�_��n��t��j��|
�_��|��s¯�|��rÈ�|
�j��d��|��d��|��ƒ���n��|��rá�|
�j��d��|��ƒ���n��|
�j��|��d��t��ƒ��S(����sæ���Wrap a socket for use by servers.
``certfile`` and ``keyfile`` specify the files containing the certificate's
public and private keys, respectively. Both keys can be defined in the same
file via ``certfile`` (the private key must come first in the file).
``cafile`` defines the path to certificate authorities.
``requireclientcert`` specifies whether to require client certificates.
Typically ``cafile`` is only defined if ``requireclientcert`` is true.
s����tls1.0RF���t����serverexactprotocols����tls1.1s$���TLS 1.1 not supported by this Pythons����tls1.2s$���TLS 1.2 not supported by this Pythons)���invalid value for serverexactprotocol: %st����OP_SINGLE_DH_USEi����t����OP_SINGLE_ECDH_USEt����_RESTRICTED_SERVER_CIPHERSt����OP_CIPHER_SERVER_PREFERENCER����R����R����R&���(����RP���RN���R
���Rk���RK���R����R����R����R����R����Rz���R����R����Rp���R����R|���R%���R‰���R^���R����R����R����R!���R*���RJ���(����R���R`���R����R����R����t����requireclientcertR ���R����t����_protocoluit
���exactprotocolR���(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt����wrapserversocket�s@���������������������������������
���������������������������������t
���wildcarderrorc������������B@��s����e��Z��d��Z��RS(����s2���Represents an error parsing wildcards in DNS name.(����R.���R/���t����__doc__(����(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyR���4���s������c����
�������C@��sX���g��}��|��s��t��S|��j��d��ƒ��}��|��d���}��|��d���}��|��j��d��ƒ��}��|��|��k��rg�t��t��d��ƒ��|���ƒ��‚��n��|��sƒ�|��j��ƒ��|��j��ƒ��k��S|��d��k��rŸ�|��j��d��ƒ���nY�|��j��d��ƒ��s½�|��j��d��ƒ��rÖ�|��j��t��j �|��ƒ��ƒ���n"�|��j��t��j �|��ƒ��j
�d��d �ƒ��ƒ���x$�|��D]��}��|��j��t��j �|��ƒ��ƒ���qÿ�Wt��j��d
�d��j��|��ƒ���d���t��j
�ƒ��} �| �j��|��ƒ��d
�k �S(����s���Match DNS names according RFC 6125 section 6.4.3.
This code is effectively copied from CPython's ssl._dnsname_match.
Returns a bool indicating whether the expected hostname matches
the value in ``dn``.
t����.i����i����t����*s.���too many wildcards in certificate DNS name: %ss����[^.]+s����xn--s����\*s����[^.]*s����\As����\.s����\ZN(����R
���RS���t����countR���R����RU���RV���RR���t����ret����escapeRT���t����compileR;���t
���IGNORECASEt����matchR����(
���t����dnRa���t����maxwildcardst����patst����piecest����leftmostt ���remaindert ���wildcardst����fragt����pat(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt
���_dnsnamematch7���s*�������������
�
���������������������"�
���&�c������������C@��s§���|��s��t��d��ƒ��Sg��}��|��j��d��g��ƒ��}��xe�|��D]]�\��}��}��|��d��k��r/�y��t��|��|��ƒ��r]�d��SWn���t��k
�r{��}���|��j��d���SX|��j��|��ƒ���q/�q/�W|��sL�x³�|��j��d��g��ƒ��D]œ�}��x“�|��D]‹�\��}��}��|��d��k��r¶�y��|��j��d��ƒ��}��Wn���t��k
�rû����t��d �ƒ��SXy��t��|��|��ƒ��r��d��SWn���t��k
�r0��}���|��j��d���SX|��j��|��ƒ���q¶�q¶�Wq©�Wn��t��|��ƒ��d
�k��ru�t��d��ƒ��d��j �|��ƒ���St��|��ƒ��d
�k��r™�t��d��ƒ��|��d����St��d
�ƒ��Sd��S(����s«���Verify that cert (in socket.getpeercert() format) matches hostname.
CRLs is not handled.
Returns error message if any problems are found and None on success.
s����no certificate receivedt����subjectAltNamet����DNSNi����t����subjectt
���commonNamet����asciis ���IDN in certificate not supportedi����s����certificate is for %ss����, s4���no commonName or subjectAltName found in certificate(
���R����t����getR¢���R���R-���RV���t����encodet����UnicodeEncodeErrorRy���R;���(����t����certRa���t����dnsnamest����sanR=���t����valueR‚���t����sub(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt����_verifycertg���s>�������
���������������������������������
�����������������������c������������C@��s`���t��j��d��k��s%�t��j��ƒ��s%�t��j���r)�t��St��j��j��t��j��ƒ��j �ƒ��}��|��j
�d��ƒ��p_�|��j
�d��ƒ��S(����s@���return true if this seems to be a pure Apple Python that
* is unfrozen and presumably has the whole mercurial module in the file
system
* presumably is an Apple Python that uses Apple OpenSSL which has patches
for using system certificate store CAs in addition to the provided
cacerts file
t����darwins����/usr/bin/pythons,���/system/library/frameworks/python.framework/(����R0���t����platformR����t
���mainfrozent
���executableR
���RX���RY���t����realpathRU���RR���(����t����exe(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt����_plainapplepython˜���s
�����%�������s&���/etc/pki/tls/certs/ca-bundle.trust.crts"���/etc/ssl/certs/ca-certificates.crtc������������C@��sm���y?�d��d��l��}��|��j��ƒ��}��t��j��j��|��ƒ��r>�|��j��d��ƒ���|��SWn���t��t��f��k
�rX����n��Xt��j��d��k��rˆ�t �s„�|��j
�t��d��ƒ��ƒ���n��d��St
�ƒ��rË�t��j��j��t��j��j��t��ƒ��d��ƒ��}��t��j��j��|��ƒ��rË�|��Sn��t��j��d��k��rú�t �sö�|��j
�t��d��ƒ��ƒ���n��d��St��j��d��k��s��t��‚��t �si�x;�t��D]3�}��t��j��j��|��ƒ��r��|��j
�t��d �ƒ��|���ƒ���|��Sq��W|��j
�t��d��ƒ��ƒ���n��d��S(
���s™���return path to default CA certificates or None.
It is assumed this function is called when the returned certificates
file will actually be used to validate connections. Therefore this
function may print warnings or debug messages assuming this usage.
We don't print a message when the Python is able to load default
CA certs because this scenario is detected at socket connect time.
i����Ns#���using ca certificates from certifi
t����nts”���(unable to load Windows CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
s
���dummycert.pemR±���sŒ���(unable to load CA certificates; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
s���(using CA certificates from %s; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
(����t����certifit����whereRX���RY���RZ���R\���t����ImportErrort����AttributeErrort����nameR]���RM���R����R����R·���R;���t����dirnamet����__file__R0���R²���R_���t����_systemcacertpathst����isfile(����R`���R¹���t����certst ���dummycertRY���(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyR[������s:�������������
��������������� �!�������������� ��
�����������c������������C@��sƒ���|��j��d���}��|��j��d���}��|��j��d���}��y��|��j��t��ƒ��}��|��j��ƒ��}��Wn*��t��k
�rr����t��j��t��d��ƒ��|���ƒ��‚��n��X|��s•�t��j��t��d��ƒ��|���ƒ��‚��n��|��d���rº�|��j��t��d��ƒ��|���ƒ���d��Si��t��j �|��ƒ��j
�ƒ��d �6t��j��|��ƒ��j
�ƒ��d
�6t��j��|��ƒ��j
�ƒ��d��6}��d��„��}��d
�|��|��d
��ƒ���}��|��d���ró�xR�|��d���D]F�\��} �}
�|��| ��j
�ƒ��|
�k��r4�|��j��d��|��| �|��|
�ƒ��f���ƒ���d��Sq4�W|��d���r¡�d��}��|��|��d ��ƒ��}��n �d��}��d��| �|��|��| ��ƒ��f���}��t��j��t��d��ƒ��|��|��f���d��t��d��ƒ��|���ƒ��‚��n��|��j��d���s2�t��j��t��d��ƒ��|���d��t��d��ƒ��|��|��f���ƒ��‚��n��t��|��|��ƒ��}
�|
�r�t��j��t��d��ƒ��|��|
�f���d��t��d��ƒ��|��|��f���ƒ��‚��n��d��S(����sx���Validate a socket meets security requiremnets.
The passed socket must have been created with ``wrapsocket()``.
Ra���R`���Rw���s����%s ssl connection errors-���%s certificate error: no certificate receivedR4���s���warning: connection security to %s is disabled per current settings; communication is susceptible to eavesdropping and tampering
NRE���t����sha256t����sha512c������������S@��s=���d��j��g��t��d��t��|��ƒ��d��ƒ��D]��}��|��|��|��d���!^��q��ƒ��S(����NRB���i����i����(����R;���t����rangeRy���(����Rb���t����x(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt����fmtfingerprint'���s������s ���sha256:%sR3���s)���%s certificate matched fingerprint %s:%s
R5���t����hostfingerprintR?���s����%s:%ss0���certificate for %s has unexpected fingerprint %sR"���s����check %s configurationRv���sP���unable to verify security of %s (no loaded CA certificates); refusing to connects£���see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.%s:fingerprints=%s to trust this servers����%s certificate error: %ss^���set hostsecurity.%s:certfingerprints=%s config setting or use --insecure to connect insecurely(����R~���t����getpeercertRJ���R¼���R����R����R����RM���t����hashlibRE���t ���hexdigestRÄ���RÅ���RU���R\���R°���(����R���t����hostR`���Rw���t����peercertt ���peercert2t����peerfingerprintsRÈ���t����nicefingerprintt����hashRe���t����sectiont����niceRƒ���(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt����validatesocket����s\�����
�
�
�������
�������
�
��������������� ���
����� �����
�����������
���
��� ��� ��������� �('���t
���__future__R����RË���RX���R”���R
���R0���t����i18nR����RC���R����R����Rj���R:���Rp���R
���t����hassniRK���R|���t����addR����RJ���Rz���R]���R¼���t����objectRg���RP���R����R…���RŽ���t ���ExceptionR���R¢���R°���R·���RÀ���R[���RÕ���(����(����(����s5���/usr/lib/python2.7/dist-packages/mercurial/sslutil.pyt����<module>
���sL������������������
���������������������� �����
������? ª 4�œ ��?���0 1 ��� � S