[issue2617] --insecure not working

Jason Harris bugs at mercurial.selenic.com
Thu Feb 3 04:11:41 UTC 2011 

New submission from Jason Harris <jason at jasonfharris.com>:

I thought I would let the dust settle a bit on the --insecure until it was
available publicly.

In testing integrating Mercurial 1.7.5 into MacHg I have found several issues
using --insecure.

Basically using the --insecure doesn't actually silence any
warnings.

[Bolt:~/test] ⌘ hg clone --insecure https://fudbar@bitbucket.org/paulitex/cedit
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe 
not verified (check hostfingerprints or web.cacerts config setting)
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe 
not verified (check hostfingerprints or web.cacerts config setting)
destination directory: cedit
requesting all changes
adding changesets
adding manifests
adding file changes
added 33 changesets with 84 changes to 32 files
updating to branch default
13 files updated, 0 files merged, 0 files removed, 0 files unresolved

Second even after using --quiet those pesky warnings are still there.

[Bolt:~/test] ⌘ hg clone --insecure --quiet https://fudbar@bitbucket.org/paulitex/cedit
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe 
not verified (check hostfingerprints or web.cacerts config setting)
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe 
not verified (check hostfingerprints or web.cacerts config setting)

Even if I fall back to http, I still get warnings.

[Bolt:~/test] ⌘ hg clone --insecure --quiet http://fudbar@bitbucket.org/paulitex/cedit
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe 
not verified (check hostfingerprints or web.cacerts config setting)
warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe 
not verified (check hostfingerprints or web.cacerts config setting)

Its really important for GUI clients that we can get "clean" output. That means if we specify --insecure then we 
shouldn't get these warnings.

In addition to this there is no --insecure for identify and its a critical command for discovery and 
identification of a server.

In MacHg there will be a preference option if the user wants to forgo the issues with certificates they should 
be able to...

I'll mark it urgent since it has a fairly high user visibility... Feel free to change this...

Thanks,
  Jason

----------
messages: 15077
nosy: Jason Harris
priority: urgent
status: unread
title: --insecure not working

____________________________________________________
Mercurial issue tracker <bugs at mercurial.selenic.com>
<http://mercurial.selenic.com/bts/issue2617>
____________________________________________________

More information about the Mercurial-devel mailing list