Commits

kiilerix committed 2fa2e64

https: warn when server certificate isn't verified

Mercurial will verify HTTPS server certificates if web.cacerts is configured,
but it will by default silently not verify any certificates.

We now warn the user that when the certificate isn't verified she won't get the
security she might expect from https:
warning: localhost certificate not verified (check web.cacerts config setting)

Self-signed certificates can be accepted silently by configuring web.cacerts to
point to a suitable certificate file.

  • Participants
  • Parent commits 1c1ca9d
  • Branches stable

Comments (0)

Files changed (2)

                 self.ui.debug('%s certificate successfully verified\n' %
                               self.host)
             else:
+                self.ui.warn(_("warning: %s certificate not verified "
+                               "(check web.cacerts config setting)\n") % 
+                             self.host)
                 httplib.HTTPSConnection.connect(self)
 
     class httpsconnection(BetterHTTPS):

tests/test-https.t

 clone via pull
 
   $ hg clone https://localhost:$HGPORT/ copy-pull
+  warning: localhost certificate not verified (check web.cacerts config setting)
   requesting all changes
   adding changesets
   adding manifests
   $ echo '[hooks]' >> .hg/hgrc
   $ echo "changegroup = python '$TESTDIR'/printenv.py changegroup" >> .hg/hgrc
   $ hg pull
+  warning: localhost certificate not verified (check web.cacerts config setting)
   changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_URL=https://localhost:$HGPORT/ 
   pulling from https://localhost:$HGPORT/
   searching for changes