web.cacerts warnings with 1.7.3, how to fix and/or disable check?
Lasse Vågsæther Karlsen
lasse at vkarlsen.no
Mon Jan 3 06:53:02 CST 2011
I used the one named "Mercurial 1.7.3 MSI installer - x64 Windows - requires
admin rights", I don't know who built it.
When checking the TortoiseHg installation directory, I notice the hgrc.d
directory, that I didn't know existed before now. It has a file called
Paths.rc containing a direct link to that file, yet this configuration gives
me those warnings.
I tried adding the line in there with (cacerts=....\cacert.perm) to my own
mercurial.ini file (I'm on Windows 7 64-bit), and the warnings are gone.
Have I managed to remove those configuration files from consideration
somehow?
--
Lasse Vågsæther Karlsen
2011/1/3 Adrian Buehlmann <adrian at cadifra.com>
> On 2011-01-03 13:05, Martin Geisler wrote:
> > Lasse Vågsæther Karlsen <lasse at vkarlsen.no> writes:
> >
> >> I updated to 1.7.3 today and I'm getting warnings about certificate
> >> checks on the following sites:
> >>
> >> * bitbucket
> >> * kiln
> >> * codeplex
> >>
> >> I assume I would get it on all sites that use https://
> >>
> >> So, I wonder if there's any documentation/tutorials telling me how to
> >> go about getting rid of those warnings. I'm a programmer, and I've
> >> been taught (by experience) that getting rid of warnings is a good
> >> thing. If Mercurial 1.7.3 is going to teach me to just ignore that it
> >> gives me a warning, the one time it is going to warn me about
> >> something useful, I will miss it. So I'd like to get rid of the
> >> warning.
> >
> > Fully agreed...
> >
> >> Now, let's take CodePlex. I have a repository here:
> >> https://hg01.codeplex.com/difflib
> >>
> >> Pulling from this, gives me:
> >>
> >> C:\Dev\VS.NET\DiffLib] :hg pull
> >> warning: hg01.codeplex.com certificate not verified (check web.cacerts
> >> config setting)
> >> pulling from https://lassevk:***@hg01.codeplex.com/difflib
> >> searching for changes
> >> no changes found
> >>
> >>
> >> Let's assume I can't really verify that the certificate they use is
> >> really owned by them, I would assume my "right choice" would be to
> >> disable the check.
> >>
> >> My questions are thus:
> >>
> >> * How can I disable the check completely for this case?
> >> * How could I save a certificate I could use for this case, even
> >> though I don't necessarily know that it will be valid, let's assume I
> >> assume it is valid now, so that I can at least catch
> >> man-in-the-middle-attacks in the future?
> >>
> >> I tried just saving the certificate Google Chrome uses for my DiffLib
> >> repository on CodePlex, but no file format I used worked, I just got
> >> other error messages instead.
> >
> > The file format should be PEM:
> >
> > http://en.wikipedia.org/wiki/X.509#Certificate_filename_extensions
> >
> > Adrian posted a CA file here:
> >
> >
> http://groups.google.com/group/thg-dev/browse_thread/thread/d47b2c626b66dbb7/
>
> Which shouldn't be used. I posted it as an example for a TortoiseHg
> developer discussion.
>
> Steve Borho includes curl's ca cert file in the binary installers for
> Windows he built.
>
> If you don't use Steve's binary installer for Windows, then you could
> get the curl cert file 'cacert.pem' from
>
> http://curl.haxx.se/ca/
>
> store it on your computer and configure using it with
>
> [web]
> cacerts=C:\path\to\cacert.pem
>
> > and I wrote how one can use the system cerficates on Debian-based
> > systems.
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://selenic.com/pipermail/mercurial-devel/attachments/20110103/c7084641/attachment.htm>
More information about the Mercurial-devel
mailing list