##// END OF EJS Templates
url: add --insecure option to bypass verification of ssl certificates...
Yuya Nishihara -
r13328:a939f08f stable
parent child Browse files
Show More
@@ -1030,6 +1030,9 b' The full set of options is:'
1030 You can use OpenSSL's CA certificate file if your platform has one.
1030 You can use OpenSSL's CA certificate file if your platform has one.
1031 On most Linux systems this will be ``/etc/ssl/certs/ca-certificates.crt``.
1031 On most Linux systems this will be ``/etc/ssl/certs/ca-certificates.crt``.
1032 Otherwise you will have to generate this file manually.
1032 Otherwise you will have to generate this file manually.
1033
1034 To disable SSL verification temporarily, specify ``--insecure`` from
1035 command line.
1033 ``contact``
1036 ``contact``
1034 Name or email address of the person in charge of the repository.
1037 Name or email address of the person in charge of the repository.
1035 Defaults to ui.username or ``$EMAIL`` or "unknown" if unset or empty.
1038 Defaults to ui.username or ``$EMAIL`` or "unknown" if unset or empty.
@@ -3943,6 +3943,8 b' remoteopts = ['
3943 _('specify ssh command to use'), _('CMD')),
3943 _('specify ssh command to use'), _('CMD')),
3944 ('', 'remotecmd', '',
3944 ('', 'remotecmd', '',
3945 _('specify hg command to run on the remote side'), _('CMD')),
3945 _('specify hg command to run on the remote side'), _('CMD')),
3946 ('', 'insecure', None,
3947 _('do not verify server certificate (ignoring web.cacerts config)')),
3946 ]
3948 ]
3947
3949
3948 walkopts = [
3950 walkopts = [
@@ -552,6 +552,9 b' def _dispatch(ui, args):'
552 if options['noninteractive']:
552 if options['noninteractive']:
553 ui.setconfig('ui', 'interactive', 'off')
553 ui.setconfig('ui', 'interactive', 'off')
554
554
555 if cmdoptions.get('insecure', False):
556 ui.setconfig('web', 'cacerts', '')
557
555 if options['help']:
558 if options['help']:
556 return commands.help_(ui, cmd, options['version'])
559 return commands.help_(ui, cmd, options['version'])
557 elif options['version']:
560 elif options['version']:
@@ -541,8 +541,9 b' if has_https:'
541 ca_certs=cacerts)
541 ca_certs=cacerts)
542 msg = _verifycert(self.sock.getpeercert(), self.host)
542 msg = _verifycert(self.sock.getpeercert(), self.host)
543 if msg:
543 if msg:
544 raise util.Abort(_('%s certificate error: %s') %
544 raise util.Abort(_('%s certificate error: %s '
545 (self.host, msg))
545 '(use --insecure to connect '
546 'insecurely)') % (self.host, msg))
546 self.ui.debug('%s certificate successfully verified\n' %
547 self.ui.debug('%s certificate successfully verified\n' %
547 self.host)
548 self.host)
548 else:
549 else:
@@ -179,16 +179,16 b' Show all commands + options'
179 $ hg debugcommands
179 $ hg debugcommands
180 add: include, exclude, subrepos, dry-run
180 add: include, exclude, subrepos, dry-run
181 annotate: rev, follow, no-follow, text, user, file, date, number, changeset, line-number, include, exclude
181 annotate: rev, follow, no-follow, text, user, file, date, number, changeset, line-number, include, exclude
182 clone: noupdate, updaterev, rev, branch, pull, uncompressed, ssh, remotecmd
182 clone: noupdate, updaterev, rev, branch, pull, uncompressed, ssh, remotecmd, insecure
183 commit: addremove, close-branch, include, exclude, message, logfile, date, user
183 commit: addremove, close-branch, include, exclude, message, logfile, date, user
184 diff: rev, change, text, git, nodates, show-function, reverse, ignore-all-space, ignore-space-change, ignore-blank-lines, unified, stat, include, exclude, subrepos
184 diff: rev, change, text, git, nodates, show-function, reverse, ignore-all-space, ignore-space-change, ignore-blank-lines, unified, stat, include, exclude, subrepos
185 export: output, switch-parent, rev, text, git, nodates
185 export: output, switch-parent, rev, text, git, nodates
186 forget: include, exclude
186 forget: include, exclude
187 init: ssh, remotecmd
187 init: ssh, remotecmd, insecure
188 log: follow, follow-first, date, copies, keyword, rev, removed, only-merges, user, only-branch, branch, prune, patch, git, limit, no-merges, stat, style, template, include, exclude
188 log: follow, follow-first, date, copies, keyword, rev, removed, only-merges, user, only-branch, branch, prune, patch, git, limit, no-merges, stat, style, template, include, exclude
189 merge: force, tool, rev, preview
189 merge: force, tool, rev, preview
190 pull: update, force, rev, branch, ssh, remotecmd
190 pull: update, force, rev, branch, ssh, remotecmd, insecure
191 push: force, rev, branch, new-branch, ssh, remotecmd
191 push: force, rev, branch, new-branch, ssh, remotecmd, insecure
192 remove: after, force, include, exclude
192 remove: after, force, include, exclude
193 serve: accesslog, daemon, daemon-pipefds, errorlog, port, address, prefix, name, web-conf, webdir-conf, pid-file, stdio, templates, style, ipv6, certificate
193 serve: accesslog, daemon, daemon-pipefds, errorlog, port, address, prefix, name, web-conf, webdir-conf, pid-file, stdio, templates, style, ipv6, certificate
194 status: all, modified, added, removed, deleted, clean, unknown, ignored, no-status, copies, print0, rev, change, include, exclude, subrepos
194 status: all, modified, added, removed, deleted, clean, unknown, ignored, no-status, copies, print0, rev, change, include, exclude, subrepos
@@ -200,7 +200,7 b' Show all commands + options'
200 bisect: reset, good, bad, skip, command, noupdate
200 bisect: reset, good, bad, skip, command, noupdate
201 branch: force, clean
201 branch: force, clean
202 branches: active, closed
202 branches: active, closed
203 bundle: force, rev, branch, base, all, type, ssh, remotecmd
203 bundle: force, rev, branch, base, all, type, ssh, remotecmd, insecure
204 cat: output, rev, decode, include, exclude
204 cat: output, rev, decode, include, exclude
205 copy: after, force, include, exclude, dry-run
205 copy: after, force, include, exclude, dry-run
206 debugancestor:
206 debugancestor:
@@ -228,10 +228,10 b' Show all commands + options'
228 help:
228 help:
229 identify: rev, num, id, branch, tags
229 identify: rev, num, id, branch, tags
230 import: strip, base, force, no-commit, exact, import-branch, message, logfile, date, user, similarity
230 import: strip, base, force, no-commit, exact, import-branch, message, logfile, date, user, similarity
231 incoming: force, newest-first, bundle, rev, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, subrepos
231 incoming: force, newest-first, bundle, rev, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, insecure, subrepos
232 locate: rev, print0, fullpath, include, exclude
232 locate: rev, print0, fullpath, include, exclude
233 manifest: rev
233 manifest: rev
234 outgoing: force, rev, newest-first, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, subrepos
234 outgoing: force, rev, newest-first, branch, patch, git, limit, no-merges, stat, style, template, ssh, remotecmd, insecure, subrepos
235 parents: rev, style, template
235 parents: rev, style, template
236 paths:
236 paths:
237 recover:
237 recover:
@@ -163,15 +163,30 b' variables in the filename'
163 pulling from https://localhost:$HGPORT/
163 pulling from https://localhost:$HGPORT/
164 searching for changes
164 searching for changes
165 no changes found
165 no changes found
166 $ P=`pwd` hg -R copy-pull pull --insecure
167 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
168 pulling from https://localhost:$HGPORT/
169 searching for changes
170 no changes found
166
171
167 cacert mismatch
172 cacert mismatch
168
173
169 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/
174 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/
170 abort: 127.0.0.1 certificate error: certificate is for localhost
175 abort: 127.0.0.1 certificate error: certificate is for localhost (use --insecure to connect insecurely)
171 [255]
176 [255]
177 $ hg -R copy-pull pull --config web.cacerts=pub.pem https://127.0.0.1:$HGPORT/ --insecure
178 warning: 127.0.0.1 certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
179 pulling from https://127.0.0.1:$HGPORT/
180 searching for changes
181 no changes found
172 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem
182 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem
173 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob)
183 abort: error: *:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (glob)
174 [255]
184 [255]
185 $ hg -R copy-pull pull --config web.cacerts=pub-other.pem --insecure
186 warning: localhost certificate with fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca not verified (check hostfingerprints or web.cacerts config setting)
187 pulling from https://localhost:$HGPORT/
188 searching for changes
189 no changes found
175
190
176 Test server cert which isn't valid yet
191 Test server cert which isn't valid yet
177
192
General Comments 0
You need to be logged in to leave comments. Login now