[Bug 4410] New: d7f7f1860f00 regressed SSL on OS X: abort: error: _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Thu Oct 16 19:49:04 CDT 2014

http://bz.selenic.com/show_bug.cgi?id=4410

          Priority: normal
            Bug ID: 4410
                CC: mercurial-devel at selenic.com
          Assignee: bugzilla at selenic.com
           Summary: d7f7f1860f00 regressed SSL on OS X: abort: error:
                    _ssl.c:510: error:14090086:SSL
                    routines:SSL3_GET_SERVER_CERTIFICATE:certificate
                    verify failed
          Severity: bug
    Classification: Unclassified
                OS: Mac OS
          Reporter: gregory.szorc at gmail.com
          Hardware: PC
            Status: UNCONFIRMED
           Version: unspecified
         Component: Mercurial
           Product: Mercurial

The following changeset regressed SSL on my OS X machine:

changeset:   30362:d7f7f1860f00
user:        Mads Kiilerich <madski at unity3d.com>
date:        Fri Sep 26 02:19:48 2014 +0200
summary:     ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use
system CA certs

STR:

HGRCPATH=/dev/null ./hg clone https://bitbucket.org/marmoute/mutable-history

Strangely, not unsetting HRCPATH makes it work.

Perhaps this is just a regression in the fingerprint verification code path and
only impacts remotes that don't have fingerprints in your hgrc?

On the parent (a00a7951b20c):

HGRCPATH=/dev/null ./hg clone https://bitbucket.org/marmoute/mutable-history
warning: bitbucket.org certificate with fingerprint
45:ad:ae:1a:cf:0e:73:47:06:07:e0:88:f5:cc:10:e5:fa:1c:f7:99 not verified (check
hostfingerprints or web.cacerts config setting)
destination directory: mutable-history
requesting all changes
adding changesets

-- 
You are receiving this mail because:
You are on the CC list for the bug.