[PATCH stable rfc] https: warn when server certificate isn't verified
Matt Mackall
mpm at selenic.com
Fri Dec 10 14:52:04 CST 2010
On Fri, 2010-12-10 at 01:35 +0100, Mads Kiilerich wrote:
> # HG changeset patch
> # User Mads Kiilerich <mads at kiilerich.com>
> # Date 1291941206 -3600
> # Branch stable
> # Node ID 166179471a12e3ba16209e996a8b7234dfca9966
> # Parent 572db64f26c624e1bf8c6b7517808a418a0ab747
> https: warn when server certificate isn't verified
>
> Mercurial will verify HTTPS server certificates if web.cacerts is configured,
> but it will by default silently not verify any certificates. We now inform the
> user that she won't get the security she might expect from https without
> verification:
> warning: f.o.o certificate not verified - configure web.cacerts
We should be aiming to meet a message style like this:
<severity>: <message> (<optional hint>)
Otherwise, looks good.
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial-devel
mailing list