[issue2811] ssl warning fingerprint or the documentation seems wrong
stackmagic
bugs at mercurial.selenic.com
Sun May 15 05:15:33 CDT 2011
New submission from stackmagic <stackmagic at gmail.com>:
With an upgrade I started to get these SSL warnings. Now I just wanted to
deal with those and after some
reading, the plan was to put the following into my ~/.hgrc:
----- start -----
[web]
cacerts = /etc/ssl/certs/ca-certificates.crt
[hostfingerprints]
myserver = {fingerprint}
----- end -----
So public servers are checked trough the cacerts and that one exception is
set explicitly. The Documentation
says, the fingerprint to use is the sha1 hash of the DER encoded server
certificate (as documented here:
http://www.selenic.com/mercurial/hgrc.5.html#hostfingerprints)
But, this does not work. Apparently Mercurial uses a different hash (and
reports that in the SSL warnings on
the commandline) and I can't seem to find a matching hash (tried different
md* and sha* algorithms) and I'd
rather not blindly copy/paste the hash from the console, what is going on
here?
Sometimes I'm behind a company proxy (using env variable $http_proxy) and
sometimes I'm not. Behind the
proxy, there is NO warning! Without proxy there is a warning... Another
thing that puzzles me at the moment.
The fingerprint is determined using the cert exported from firefox (I tried
DER and PEM), and then extracted
via openssl: openssl x509 -in myserver.cert -inform DER -fingerprint -sha1.
The cert is self-signed.
Mercurial: 1.7.5
Python: 2.7.1+
Openssl: 0.9.8o
KUbuntu natty
Is this a bug? What hashing algorithm is used by mercurial? Are the docs
wrong?
Thanks
----------
messages: 16286
nosy: stackmagic
priority: bug
status: unread
title: ssl warning fingerprint or the documentation seems wrong
____________________________________________________
Mercurial issue tracker <bugs at mercurial.selenic.com>
<http://mercurial.selenic.com/bts/issue2811>
____________________________________________________
More information about the Mercurial-devel
mailing list