Cannot pull/push to https server with self-signed certificate
Yuya Nishihara
yuya at tcha.org
Sun Jan 9 13:09:36 CST 2011
timeless wrote:
> On Sun, Jan 9, 2011 at 8:11 PM, Yuya Nishihara <yuya at tcha.org> wrote:
> > If you have a list of trusted hosts, and have certificates,
> > you can use them in place of global root cacerts, maybe.
>
> global root management is a disaster.
Oops, I tried to mean if we have something like the following hgrc:
[auth]
foo.prefix = foo.example.org
foo.cacerts = path/to/cert.pem or inline certificate data
we can just use foo.cacerts instead of web.cacerts when connecting to
foo.example.org, instead of "disable any validation (cacerts=None)".
Or I completely misread the story?
> If i contribute to 5 products, i need to be able to get the roots for
> each of them.
>
> Downloading an hgrc for a single repo from an https server for that
> project isn't a big deal.
>
> dealing with merging unrelated things which i don't actually trust for
> unrelated projects is stupid.
>
> I trust <foopy-project> to sign <foopy-server>, I don't trust
> <foopy-project> to sign <goofy-server>.
>
> If I have related projects, I can easily copy the hgrc from the related project.
More information about the Mercurial-devel
mailing list