Cannot pull/push to https server with self-signed certificate
Mads Kiilerich
mads at kiilerich.com
Thu Jan 6 20:18:36 CST 2011
Adrian Buehlmann wrote, On 01/07/2011 03:15 AM:
> On 2011-01-07 02:53, Mads Kiilerich wrote:
>> Brian Sullivan wrote, On 01/06/2011 07:31 PM:
>>> This discussion actually started as a bug reported about TortoiseHG
>>> here:
>>> https://bitbucket.org/tortoisehg/thg/issue/63/cannot-pull-push-to-https-server-with-self
>>>
>>>
>>> I installed the latest version of TortoiseHg (1.1.8) on a new Windows
>>> machine with no previous TortoiseHg or Mercurial installation. We're
>>> running our shared Mercurial server on Windows Server 2008 R2 under
>>> IIS 7.5 with SSL using a self-signed certificate. Things have been
>>> running just fine for other users at our company on previous versions
>>> of TortoiseHg.
>>>
>>> When I try to push or pull from this new THg 1.1.8 machine, I get the
>>> following error:
>>> abort: error: _ssl.c:490: error:14090086:SSL
>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>> Yes. The windows installers started shipping with a cacerts file
>> configured. That could be considered a convenient security improvement
>> for some users, but it is a regression for those with self-signed
>> certificates.
> I'm far from being an expert in that area, but I do find this a very
> strange view.
>
> Given that Mercurial as installed by these installers now finally checks
> the certificates *at all* and *by default* -- which benefits the vast
> majority of the users -- is probably the lesser evil than simply
> throwing a warning at everyone downloading and installing this stuff.
Perhaps. But it is a regression for those with self-signed certificates.
/Mads
More information about the Mercurial
mailing list