[issue2617] --insecure not working
Jason Harris
bugs at mercurial.selenic.com
Thu Feb 3 04:11:41 UTC 2011
New submission from Jason Harris <jason at jasonfharris.com>:
I thought I would let the dust settle a bit on the --insecure until it was
available publicly.
In testing integrating Mercurial 1.7.5 into MacHg I have found several issues
using --insecure.
Basically using the --insecure doesn't actually silence any
warnings.
[Bolt:~/test] ⌘ hg clone --insecure https://fudbar@bitbucket.org/paulitex/cedit
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe
not verified (check hostfingerprints or web.cacerts config setting)
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe
not verified (check hostfingerprints or web.cacerts config setting)
destination directory: cedit
requesting all changes
adding changesets
adding manifests
adding file changes
added 33 changesets with 84 changes to 32 files
updating to branch default
13 files updated, 0 files merged, 0 files removed, 0 files unresolved
Second even after using --quiet those pesky warnings are still there.
[Bolt:~/test] ⌘ hg clone --insecure --quiet https://fudbar@bitbucket.org/paulitex/cedit
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe
not verified (check hostfingerprints or web.cacerts config setting)
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe
not verified (check hostfingerprints or web.cacerts config setting)
Even if I fall back to http, I still get warnings.
[Bolt:~/test] ⌘ hg clone --insecure --quiet http://fudbar@bitbucket.org/paulitex/cedit
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe
not verified (check hostfingerprints or web.cacerts config setting)
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe
not verified (check hostfingerprints or web.cacerts config setting)
Its really important for GUI clients that we can get "clean" output. That means if we specify --insecure then we
shouldn't get these warnings.
In addition to this there is no --insecure for identify and its a critical command for discovery and
identification of a server.
In MacHg there will be a preference option if the user wants to forgo the issues with certificates they should
be able to...
I'll mark it urgent since it has a fairly high user visibility... Feel free to change this...
Thanks,
Jason
----------
messages: 15077
nosy: Jason Harris
priority: urgent
status: unread
title: --insecure not working
____________________________________________________
Mercurial issue tracker <bugs at mercurial.selenic.com>
<http://mercurial.selenic.com/bts/issue2617>
____________________________________________________
More information about the Mercurial-devel
mailing list