Cannot pull/push to https server with self-signed certificate
Gilles Moris
gilles.moris at free.fr
Sat Jan 8 04:19:39 CST 2011
On Friday 07 January 2011 09:18:40 pm Matt Mackall wrote:
> Let's make a table.
>
> old new new
> without certs with certs
> normal I I W S
> self-signed I I W F
>
> I = works, insecure (vulnerable to MITM)
> W = warning
> S = works, secure
> F = fail
>
> The only problem point with the new behavior is the F in the lower
> right. We don't have a good story for what to do with this fairly common
> situation (more common because we've made self-signed HTTPS the easy
> route in the past!). Thus, we're going to have lots of users in need of
> a work-around.
>
> Both wget and curl have command-line switches to bypass this headache
> (curl uses --insecure). We should probably have one too.
Not knowing the implementation details, could we replace the F with a P for
prompt that would detect self-signed certificate and ask to the user if we
should continue. Much like what we have in WEB browsers.
Regards.
Gilles.
More information about the Mercurial-devel
mailing list