Cannot pull/push to https server with self-signed certificate

Laurens Holst laurens.nospam at grauw.nl
Sat Jan 8 11:03:39 CST 2011


Op 8-1-2011 11:19, Gilles Moris schreef:
> On Friday 07 January 2011 09:18:40 pm Matt Mackall wrote:
>> Let's make a table.
>>
>>                old    new             new
>>                       without certs   with certs
>> normal        I        I W             S
>> self-signed   I        I W             F
>>
>> I = works, insecure (vulnerable to MITM)
>> W = warning
>> S = works, secure
>> F = fail
>>
>> The only problem point with the new behavior is the F in the lower
>> right. We don't have a good story for what to do with this fairly common
>> situation (more common because we've made self-signed HTTPS the easy
>> route in the past!). Thus, we're going to have lots of users in need of
>> a work-around.
>>
>> Both wget and curl have command-line switches to bypass this headache
>> (curl uses --insecure). We should probably have one too.
> Not knowing the implementation details, could we replace the F with a P for
> prompt that would detect self-signed certificate and ask to the user if we
> should continue. Much like what we have in WEB browsers.

This seems like a much preferred solution.

I updated and was unable to push to my repository — I paid several tens 
of euros for a certificate now, which I still have to receive, but as of 
yet this means that for a week orso I have not been able to push my 
changes. Now this is just my personal repository, but still, not nice.

~Laurens

-- 
~~ Ushiko-san! Kimi wa doushite, Ushiko-san nan da!! ~~
Laurens Holst, developer, Utrecht, the Netherlands
Website: www.grauw.nl. Backbase employee; www.backbase.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5278 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://selenic.com/pipermail/mercurial-devel/attachments/20110108/e2a382f4/attachment.bin>


More information about the Mercurial-devel mailing list