Mercurial vulnerability? CVE-2010-4237

Antoine Pitrou solipsis at pitrou.net
Thu Dec 9 09:32:25 CST 2010


Mads Kiilerich <mads <at> kiilerich.com> writes:
> 
> 2. encourage packagers to configure cacerts by default - for Fedora that 
> could be by creating a /etc/mercurial/hgrc.d/cacerts.rc with 
> '[web]\ncacerts=/etc/pki/tls/certs/ca-bundle.crt'.

How would this work under Windows? I'm not aware that this OS has certificates
in the appropriate format.
If you have a simple solution, Python would be interested :)

Note that OpenSSL offers a configuration facility for that, it's exposed in
Python 3.2 (*); but only works if OpenSSL itself could be configured properly by
the vendor (which won't be the case under Windows).

(*)
http://docs.python.org/dev/library/ssl.html#ssl.SSLContext.set_default_verify_paths

Regards

Antoine.




More information about the Mercurial-devel mailing list