Show More
@@ -1030,6 +1030,9 b' The full set of options is:' | |||||
1030 | You can use OpenSSL's CA certificate file if your platform has one. |
|
1030 | You can use OpenSSL's CA certificate file if your platform has one. | |
1031 | On most Linux systems this will be ``/etc/ssl/certs/ca-certificates.crt``. |
|
1031 | On most Linux systems this will be ``/etc/ssl/certs/ca-certificates.crt``. | |
1032 | Otherwise you will have to generate this file manually. |
|
1032 | Otherwise you will have to generate this file manually. | |
|
1033 | ||||
|
1034 | To disable SSL verification temporarily, specify ``--insecure`` from | |||
|
1035 | command line. | |||
1033 | ``contact`` |
|
1036 | ``contact`` | |
1034 | Name or email address of the person in charge of the repository. |
|
1037 | Name or email address of the person in charge of the repository. | |
1035 | Defaults to ui.username or ``$EMAIL`` or "unknown" if unset or empty. |
|
1038 | Defaults to ui.username or ``$EMAIL`` or "unknown" if unset or empty. |
@@ -3948,6 +3948,8 b' remoteopts = [' | |||||
3948 | _('specify ssh command to use'), _('CMD')), |
|
3948 | _('specify ssh command to use'), _('CMD')), | |
3949 | ('', 'remotecmd', '', |
|
3949 | ('', 'remotecmd', '', | |
3950 | _('specify hg command to run on the remote side'), _('CMD')), |
|
3950 | _('specify hg command to run on the remote side'), _('CMD')), | |
|
3951 | ('', 'insecure', None, | |||
|
3952 | _('do not verify server certificate (ignoring web.cacerts config)')), | |||
3951 | ] |
|
3953 | ] | |
3952 |
|
3954 | |||
3953 | walkopts = [ |
|
3955 | walkopts = [ |
@@ -552,6 +552,9 b' def _dispatch(ui, args):' | |||||
552 | if options['noninteractive']: |
|
552 | if options['noninteractive']: | |
553 | ui.setconfig('ui', 'interactive', 'off') |
|
553 | ui.setconfig('ui', 'interactive', 'off') | |
554 |
|
554 | |||
|
555 | if cmdoptions.get('insecure', False): | |||
|
556 | ui.setconfig('web', 'cacerts', '') | |||
|
557 | ||||
555 | if options['help']: |
|
558 | if options['help']: | |
556 | return commands.help_(ui, cmd, options['version']) |
|
559 | return commands.help_(ui, cmd, options['version']) | |
557 | elif options['version']: |
|
560 | elif options['version']: |
@@ -559,8 +559,9 b' if has_https:' | |||||
559 | ca_certs=cacerts) |
|
559 | ca_certs=cacerts) | |
560 | msg = _verifycert(self.sock.getpeercert(), self.host) |
|
560 | msg = _verifycert(self.sock.getpeercert(), self.host) | |
561 | if msg: |
|
561 | if msg: | |
562 |
raise util.Abort(_('%s certificate error: %s' |
|
562 | raise util.Abort(_('%s certificate error: %s ' | |
563 |
|
|
563 | '(use --insecure to connect ' | |
|
564 | 'insecurely)') % (self.host, msg)) | |||
564 | self.ui.debug('%s certificate successfully verified\n' % |
|
565 | self.ui.debug('%s certificate successfully verified\n' % | |
565 | self.host) |
|
566 | self.host) | |
566 | else: |
|
567 | else: |
@@ -179,16 +179,16 b' Show all commands + options' | |||||
179 | $ hg debugcommands |
|
179 | $ hg debugcommands | |
180 | add: include, exclude, subrepos, dry-run |
|
180 | add: include, exclude, subrepos, dry-run | |
181 | annotate: rev, follow, no-follow, text, user, file, date, number, changeset, line-number, include, exclude |
|
181 | annotate: rev, follow, no-follow, text, user, file, date, number, changeset, line-number, include, exclude | |
182 | clone: noupdate, updaterev, rev, branch, pull, uncompressed, ssh, remotecmd |
|
182 | clone: noupdate, updaterev, rev, branch, pull, uncompressed, ssh, remotecmd, insecure | |
183 | commit: addremove, close-branch, include, exclude, message, logfile, date, user |
|
183 | commit: addremove, close-branch, include, exclude, message, logfile, date, user | |
184 | diff: rev, change, text, git, nodates, show-function, reverse, ignore-all-space, ignore-space-change, ignore-blank-lines, unified, stat, include, exclude, subrepos |
|
184 | diff: rev, change, text, git, nodates, show-function, reverse, ignore-all-space, ignore-space-change, ignore-blank-lines, unified, stat, include, exclude, subrepos | |
185 | export: output, switch-parent, rev, text, git, nodates |
|
185 | export: output, switch-parent, rev, text, git, nodates | |
186 | forget: include, exclude |
|
186 | forget: include, exclude | |
187 | init: ssh, remotecmd |
|
187 | init: ssh, remotecmd, insecure | |
188 | log: follow, follow-first, date, copies, keyword, rev, removed, only-merges, user, only-branch, branch, prune, patch, git, limit, no-merges, stat, style, template, include, exclude |
|
188 | log: follow, follow-first, date, copies, keyword, rev, removed, only-merges, user, only-branch, branch, prune, patch, git, limit, no-merges, stat, style, template, include, exclude | |
189 | merge: force, tool, rev, preview |
|
189 | merge: force, tool, rev, preview | |
190 | pull: update, force, rev, branch, ssh, remotecmd |
|
190 | pull: update, force, rev, branch, ssh, remotecmd, insecure | |
191 | push: force, rev, branch, new-branch, ssh, remotecmd |
|
191 | push: force, rev, branch, new-branch, ssh, remotecmd, insecure | |
192 | remove: after, force, include, exclude |
|
192 | remove: after, force, include, exclude | |
193 | serve: accesslog, daemon, daemon-pipefds, errorlog, port, address, prefix, name, web-conf, webdir-conf, pid-file, stdio, templates, style, ipv6, certificate |
|
193 | serve: accesslog, daemon, daemon-pipefds, errorlog, port, address, prefix, name, web-conf, webdir-conf, pid-file, stdio, templates, style, ipv6, certificate | |
194 | status: all, modified, added, removed, deleted, clean, unknown, ignored, no-status, copies, print0, rev, change, include, exclude, subrepos |
|
194 | status: all, modified, added, removed, deleted, clean, unknown, ignored, no-status, copies, print0, rev, change, include, exclude, subrepos | |
@@ -200,7 +200,7 b' Show all commands + options' | |||||
200 | bisect: reset, good, bad, skip, command, noupdate |
|
200 | bisect: reset, good, bad, skip, command, noupdate | |
201 | branch: force, clean |
|
201 | branch: force, clean | |
202 | branches: active, closed |
|
202 | branches: active, closed | |
203 | bundle: force, rev, branch, base, all, type, ssh, remotecmd |
|
203 | bundle: force, rev, branch, base, all, type, ssh, remotecmd, insecure | |
204 | cat: output, rev, decode, include, exclude |
|
204 | cat: output, rev, decode, include, exclude | |
205 | copy: after, force, include, exclude, dry-run |
|
205 | copy: after, force, include, exclude, dry-run | |
206 | debugancestor: |
|
206 | debugancestor: | |
@@ -228,10 +228,10 b' Show all commands + options' | |||||
228 | help: |
|
228 | help: | |
229 | identify: rev, num, id, branch, tags |
|
229 | identify: rev, num, id, branch, tags | |
230 | import: strip, base, force, no-commit, exact, import-branch, message, logfile, date, user, similarity |
|
230 | import: strip, base, force, no-commit, exact, import-branch, message, logfile, date, user, similarity | |
231 | incoming: force, newest-first, bundle, rev, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, subrepos |
|
231 | incoming: force, newest-first, bundle, rev, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, insecure, subrepos | |
232 | locate: rev, print0, fullpath, include, exclude |
|
232 | locate: rev, print0, fullpath, include, exclude | |
233 | manifest: rev |
|
233 | manifest: rev | |
234 | outgoing: force, rev, newest-first, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, subrepos |
|
234 | outgoing: force, rev, newest-first, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, insecure, subrepos | |
235 | parents: rev, style, template |
|
235 | parents: rev, style, template | |
236 | paths: |
|
236 | paths: | |
237 | recover: |
|
237 | recover: |
@@ -163,15 +163,30 b' variables in the filename' | |||||
163 | pulling from https://localhost:$HGPORT/ |
|
163 | pulling from https://localhost:$HGPORT/ | |
164 | searching for changes |
|
164 | searching for changes | |
165 | no changes found |
|
165 | no changes found | |
|
166 | $ P=`pwd` hg -R copy-pull pull --insecure | |||
|
167 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |||
|
168 | pulling from https://localhost:$HGPORT/ | |||
|
169 | searching for changes | |||
|
170 | no changes found | |||
166 |
|
171 | |||
167 | cacert mismatch |
|
172 | cacert mismatch | |
168 |
|
173 | |||
169 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ |
|
174 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ | |
170 | abort: 127.0.0.1 certificate error: certificate is for localhost |
|
175 | abort: 127.0.0.1 certificate error: certificate is for localhost (use --insecure to connect insecurely) | |
171 | [255] |
|
176 | [255] | |
|
177 | $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure | |||
|
178 | warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |||
|
179 | pulling from https://127.0.0.1:$HGPORT/ | |||
|
180 | searching for changes | |||
|
181 | no changes found | |||
172 | $ hg -R copy-pull pull --config web.cacerts=pub-other.pem |
|
182 | $ hg -R copy-pull pull --config web.cacerts=pub-other.pem | |
173 | abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) |
|
183 | abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob) | |
174 | [255] |
|
184 | [255] | |
|
185 | $ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure | |||
|
186 | warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting) | |||
|
187 | pulling from https://localhost:$HGPORT/ | |||
|
188 | searching for changes | |||
|
189 | no changes found | |||
175 |
|
190 | |||
176 | Test server cert which isn't valid yet |
|
191 | Test server cert which isn't valid yet | |
177 |
|
192 |
General Comments 0
You need to be logged in to leave comments.
Login now