[Bug 5912] New: Pin the server's host key, not the certificate in .hgrc

Fri Jun 8 09:03:41 UTC 2018

https://bz.mercurial-scm.org/show_bug.cgi?id=5912

            Bug ID: 5912
           Summary: Pin the server's host key, not the certificate in
                    .hgrc
           Product: Mercurial
           Version: 4.6
          Hardware: PC
                OS: Mac OS
            Status: UNCONFIRMED
          Severity: feature
          Priority: wish
         Component: Mercurial
          Assignee: bugzilla at mercurial-scm.org
          Reporter: roker at pep-project.org
                CC: mercurial-devel at mercurial-scm.org

We use LetsEncrypt certificates for our mercurial servers.
These certificates have (by intention) a quite short livetime, so they change
every 2 months or the like. Unfortunately mercurial is unable to validate these
certificates via the TLS trust chain (as every webbrowser does) so we have to
"pin" the certificate's fingerprints in the [hostsecurity] section of our .hgrc
and have to change them quite often on all of our clients.

That is annoying. :-(

As far as I understand TLS certificates, they are used to provide a trust chain
from a few well-known and trustworthy "root certificates" (that are fix or
seldom changing and known to the client) to the server's TLS key, so clients
don't have to trust (and pin that trust) to every single TLS server.

But it seems that mercurial can't do that. Am I right?

Or as alternative: Why can't mercurial just pin the server's TLS key (or its
fingerprint) directly without any "certificate voodoo" in between?

Greetings,

Lars R.

-- 
You are receiving this mail because:
You are on the CC list for the bug.