upstream/mercurial-mirror Commit - r33494:30f2715b

sslutil: inform the user about how to fix an incomplete certificate chain...

Matt Harbison -

r33494:30f2715b default

parent child

mercurial/sslutil.py

0 +6 0

                                  ui.warn(_(
                                      '(see https://mercurial-scm.org/wiki/SecureConnections '
                                      'for more info)\n'))
+                         elif (e.reason == 'CERTIFICATE_VERIFY_FAILED' and
+                             pycompat.osname == 'nt'):
+                             ui.warn(_('(the full certificate chain may not be available '
+                                       'locally; see "hg help debugssl")\n'))
                      raise
                  # check if wrap_socket failed silently because socket had been

tests/test-https.t

0 +8 0

                $ hg clone https://localhost:$HGPORT/ copy-pull
                warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
                (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
+               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
                abort: error: *certificate verify failed* (glob)
                [255]
              #endif
                $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
                warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
                (an attempt was made to load CA certificates but none were loaded; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
+               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
                abort: error: *certificate verify failed* (glob)
                [255]
              #else
                $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
                pulling from https://localhost:$HGPORT/
                warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
+               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
                abort: error: *certificate verify failed* (glob)
                [255]
                $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
                > https://localhost:$HGPORT1/
                pulling from https://localhost:$HGPORT1/
                warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
+               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
                abort: error: *certificate verify failed* (glob)
                [255]
                > https://localhost:$HGPORT2/
                pulling from https://localhost:$HGPORT2/
                warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
+               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
                abort: error: *certificate verify failed* (glob)
                [255]
                > --config web.cacerts="$CERTSDIR/pub-other.pem"
                pulling from https://localhost:$HGPORT/
                warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
+               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
                abort: error: *certificate verify failed* (glob)
                [255]
                $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
                > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
                pulling from https://localhost:$HGPORT2/
                warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
+               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
                abort: error: *certificate verify failed* (glob)
                [255]
                $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
                warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
+               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
                abort: error: *handshake failure* (glob)
                [255]

tests/test-patchbomb-tls.t

0 +2 0

                warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
                (using CA certificates from *; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message) (glob) (?)
+               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
-               (?i)abort: .*?certificate.verify.failed.* (re)
                [255]
                warning: connecting to localhost using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info (?)
+               (the full certificate chain may not be available locally; see "hg help debugssl") (windows !)
-               (?i)abort: .*?certificate.verify.failed.* (re)
                [255]

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages