web.cacerts warnings with 1.7.3, how to fix and/or disable check?

Mon Jan 3 07:01:29 CST 2011

Sorry, I picked the wrong name on the webpage when I went to find the name
for this email, I installed TortoiseHg of course, not the Mercurial-only
installation, but I did pick the MSI one, and the 64-bit version.

However, I tried uninstalling now and I found that I had Mercurial 1.7.2
installed as well, and I uninstalled that too, before only installing the
TortoiseHg program, and now the warnings are gone.

So that was it I expect then.

-- 
Lasse Vågsæther Karlsen

2011/1/3 Lasse Vågsæther Karlsen <lasse at vkarlsen.no>

> I used the one named "Mercurial 1.7.3 MSI installer - x64 Windows -
> requires admin rights", I don't know who built it.
>
> When checking the TortoiseHg installation directory, I notice the hgrc.d
> directory, that I didn't know existed before now. It has a file called
> Paths.rc containing a direct link to that file, yet this configuration gives
> me those warnings.
>
> I tried adding the line in there with (cacerts=....\cacert.perm) to my own
> mercurial.ini file (I'm on Windows 7 64-bit), and the warnings are gone.
>
> Have I managed to remove those configuration files from consideration
> somehow?
>
> --
> Lasse Vågsæther Karlsen
>
>
> 2011/1/3 Adrian Buehlmann <adrian at cadifra.com>
>
> On 2011-01-03 13:05, Martin Geisler wrote:
>> > Lasse Vågsæther Karlsen <lasse at vkarlsen.no> writes:
>> >
>> >> I updated to 1.7.3 today and I'm getting warnings about certificate
>> >> checks on the following sites:
>> >>
>> >> * bitbucket
>> >> * kiln
>> >> * codeplex
>> >>
>> >> I assume I would get it on all sites that use https://
>> >>
>> >> So, I wonder if there's any documentation/tutorials telling me how to
>> >> go about getting rid of those warnings. I'm a programmer, and I've
>> >> been taught (by experience) that getting rid of warnings is a good
>> >> thing. If Mercurial 1.7.3 is going to teach me to just ignore that it
>> >> gives me a warning, the one time it is going to warn me about
>> >> something useful, I will miss it. So I'd like to get rid of the
>> >> warning.
>> >
>> > Fully agreed...
>> >
>> >> Now, let's take CodePlex. I have a repository here:
>> >> https://hg01.codeplex.com/difflib
>> >>
>> >> Pulling from this, gives me:
>> >>
>> >> C:\Dev\VS.NET\DiffLib] :hg pull
>> >> warning: hg01.codeplex.com certificate not verified (check web.cacerts
>> >> config setting)
>> >> pulling from https://lassevk:***@hg01.codeplex.com/difflib
>> >> searching for changes
>> >> no changes found
>> >>
>> >>
>> >> Let's assume I can't really verify that the certificate they use is
>> >> really owned by them, I would assume my "right choice" would be to
>> >> disable the check.
>> >>
>> >> My questions are thus:
>> >>
>> >> * How can I disable the check completely for this case?
>> >> * How could I save a certificate I could use for this case, even
>> >> though I don't necessarily know that it will be valid, let's assume I
>> >> assume it is valid now, so that I can at least catch
>> >> man-in-the-middle-attacks in the future?
>> >>
>> >> I tried just saving the certificate Google Chrome uses for my DiffLib
>> >> repository on CodePlex, but no file format I used worked, I just got
>> >> other error messages instead.
>> >
>> > The file format should be PEM:
>> >
>> >   http://en.wikipedia.org/wiki/X.509#Certificate_filename_extensions
>> >
>> > Adrian posted a CA file here:
>> >
>> >
>> http://groups.google.com/group/thg-dev/browse_thread/thread/d47b2c626b66dbb7/
>>
>> Which shouldn't be used. I posted it as an example for a TortoiseHg
>> developer discussion.
>>
>> Steve Borho includes curl's ca cert file in the binary installers for
>> Windows he built.
>>
>> If you don't use Steve's binary installer for Windows, then you could
>> get the curl cert file 'cacert.pem' from
>>
>>   http://curl.haxx.se/ca/
>>
>> store it on your computer and configure using it with
>>
>>  [web]
>>  cacerts=C:\path\to\cacert.pem
>>
>> > and I wrote how one can use the system cerficates on Debian-based
>> > systems.
>> >
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://selenic.com/pipermail/mercurial-devel/attachments/20110103/abb0ca4e/attachment.htm>