Cannot pull/push to https server with self-signed certificate
Adrian Buehlmann
adrian at cadifra.com
Sat Jan 8 08:58:58 CST 2011
On 2011-01-07 21:18, Matt Mackall wrote:
> Let's make a table.
>
> old new new
> without certs with certs
> normal I I W S
> self-signed I I W F
>
> I = works, insecure (vulnerable to MITM)
> W = warning
> S = works, secure
> F = fail
>
> The only problem point with the new behavior is the F in the lower
> right. We don't have a good story for what to do with this fairly common
> situation (more common because we've made self-signed HTTPS the easy
> route in the past!). Thus, we're going to have lots of users in need of
> a work-around.
>
> Both wget and curl have command-line switches to bypass this headache
> (curl uses --insecure). We should probably have one too.
>
Latest "accident":
As it happens, (near as I can tell contrary to Steve's intentions) the
current official mercurial 1.7.3 msi installers for Windows fail to
install a cert file (the inno setup exe installer now does):
http://mercurial.selenic.com/bts/issue2581
Only the TortoiseHg msi installers do (I've tested
tortoisehg-1.1.8-hg-1.7.3-x64.msi. I admit I didn't test the mercurial
msi installers before the release).
More information about the Mercurial-devel
mailing list