[issue2407] mercurial fails to verify ssl validity in https connections
bugs at mercurial.selenic.com
Wed Sep 29 10:03:37 CDT 2010
New submission from dave b <db.pub.mail at gmail.com>:
This is bad because the https implementation you are using (even wrapped
using ssl) is broken as per bug http://bugs.python.org/issue1589
as mercurial seems not to verify the common name.
So your application is vulnerable, as long as I have a certificate signed by
ca in the ca store, I can MITM it.
title: mercurial fails to verify ssl validity in https connections
Mercurial issue tracker <bugs at mercurial.selenic.com>
More information about the Mercurial-devel