Mercurial > public > mercurial-scm > hg
comparison mercurial/url.py @ 13163:2fa2e6444645 stable
https: warn when server certificate isn't verified
Mercurial will verify HTTPS server certificates if web.cacerts is configured,
but it will by default silently not verify any certificates.
We now warn the user that when the certificate isn't verified she won't get the
security she might expect from https:
warning: localhost certificate not verified (check web.cacerts config setting)
Self-signed certificates can be accepted silently by configuring web.cacerts to
point to a suitable certificate file.
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Sat, 18 Dec 2010 21:58:52 +0100 |
| parents | ae163a0a3cd0 |
| children | b75fc70f0a9f f9d29777b4eb |
comparison
equal
deleted
inserted
replaced
| 13135:1c1ca9d393f4 | 13163:2fa2e6444645 |
|---|---|
| 525 raise util.Abort(_('%s certificate error: %s') % | 525 raise util.Abort(_('%s certificate error: %s') % |
| 526 (self.host, msg)) | 526 (self.host, msg)) |
| 527 self.ui.debug('%s certificate successfully verified\n' % | 527 self.ui.debug('%s certificate successfully verified\n' % |
| 528 self.host) | 528 self.host) |
| 529 else: | 529 else: |
| 530 self.ui.warn(_("warning: %s certificate not verified " | |
| 531 "(check web.cacerts config setting)\n") % | |
| 532 self.host) | |
| 530 httplib.HTTPSConnection.connect(self) | 533 httplib.HTTPSConnection.connect(self) |
| 531 | 534 |
| 532 class httpsconnection(BetterHTTPS): | 535 class httpsconnection(BetterHTTPS): |
| 533 response_class = keepalive.HTTPResponse | 536 response_class = keepalive.HTTPResponse |
| 534 # must be able to send big bundle as stream. | 537 # must be able to send big bundle as stream. |