Subject alternative names not supported?
Steve Borho
steve at borho.org
Thu Jan 13 14:55:09 CST 2011
On Thu, Jan 13, 2011 at 2:16 PM, Alexandros Karypidis <akarypid at yahoo.gr> wrote:
> Hello,
>
> I've upgraded to Mercurial 1.7.3 and found that Mercurial now validates
> certificates. I installed my CA certificate in .hg/hgrc and now I get:
>
> abort: host.vpn.mydomain.com certificate error: certificate is for
> host.internal.mydomain.com
>
> The problem is that hosts have a different name for their VPN interface than
> on the intranet. For that reason, certificates are issued with the VPN
> hostname as a subject alternative name (using X509v3). However, Mercurial
> seems to ignore this.
>
> Is there a way around this? Will subject alternative names be supproted in
> the next version?
This has been improved on the tip of stable. I recommend a nightly
build if one is available for your platform.
--
Steve Borho
More information about the Mercurial
mailing list