[PATCH 1 of 1 stable RFC] url: add --insecure option to bypass verification of ssl certificates

Matt Mackall mpm at selenic.com
Fri Jan 28 13:15:05 CST 2011


On Fri, 2011-01-28 at 17:35 +0100, Mads Kiilerich wrote:
> Yuya Nishihara wrote, On 01/28/2011 04:27 PM:
> > # HG changeset patch
> > # User Yuya Nishihara<yuya at tcha.org>
> > # Date 1296228357 -32400
> > # Node ID 8b5ed606e7628e895d7125a4a7d92f2ba82f5e1c
> > # Parent  0d1dca7d2a041cb1cb6c6bd90608aa87068bde02
> > url: add --insecure option to bypass verification of ssl certificates
> >
> > If --insecure specified, it behaves in the same way as no web.cacerts
> > configured.
> >
> > Also shows hint for --insecure option when verification failed.
> 
> I think the biggest question is if this is what Matt and others want, 
> and if it should be included in 1.7.4.

This is more or less what I'm looking for, yes. And I would like it for
stable, which we're cutting a release from Tuesday.

> > TODO: hint for --insecure on SSLError raised
> 
> Yes, that is hard and perhaps not feasible. But it should be a separate 
> patch anyway.
> 
> > TODO: doc/hgrc.5.txt
> 
> > +    To disable SSL verification temporarily, specify ``--insecure`` from
> > +    command line.
> 
> Yes, I think that would be a nice hint.

Agreed.

-- 
Mathematics is the supreme nostalgia of our time.




More information about the Mercurial-devel mailing list