Mercurial vulnerability? CVE-2010-4237

Antoine Pitrou solipsis at
Thu Dec 9 09:32:25 CST 2010

Mads Kiilerich <mads <at>> writes:
> 2. encourage packagers to configure cacerts by default - for Fedora that 
> could be by creating a /etc/mercurial/hgrc.d/cacerts.rc with 
> '[web]\ncacerts=/etc/pki/tls/certs/ca-bundle.crt'.

How would this work under Windows? I'm not aware that this OS has certificates
in the appropriate format.
If you have a simple solution, Python would be interested :)

Note that OpenSSL offers a configuration facility for that, it's exposed in
Python 3.2 (*); but only works if OpenSSL itself could be configured properly by
the vendor (which won't be the case under Windows).




More information about the Mercurial-devel mailing list