AV-98-fork

A fork of https://tildegit.org/solderpunk/AV-98
Log (Feed) | Files | Refs (Tags) | README | LICENSE

commit 94e796ee5e6717454636245d330c7431e9e8040b
parent e0552df853bbcf4a439e013c12f060d2e96a8790
Author: Solderpunk <solderpunk@sdf.org>
Date:   Sun, 10 May 2020 18:46:16 +0200

Opt out of transient certs for now, better messaging about certificates.

Diffstat:
Mav98.py | 17+++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/av98.py b/av98.py @@ -364,8 +364,21 @@ Slow internet connection? Use 'set timeout' to be more patient.""") return # Client cert elif status.startswith("6"): - print("The site {} is requesting a client certificate.".format(gi.host)) - print("This will allow the site to recognise you across requests.") + # We don't do transient certs yet + if status == "61": + print("Transient client certificates not yet supported.") + return + + # Present different messages for different 6x statuses, but + # handle them the same. + if status in ("64", "65"): + print("The server rejected your certificate because it is either expired or not yet valid.") + elif status == "63": + print("The server did not accept your certificate.") + print("You may need to e.g. coordinate with the admin to get your certificate fingerprint whitelisted.") + else: + print("The site {} is requesting a client certificate.".format(gi.host)) + print("This will allow the site to recognise you across requests.") print("What do you want to do?") print("1. Give up.") print("2. Load client certificate from file and retry the request.")