Differences

This shows you the differences between two versions of the page.

--- web_services:hg_gateway [2013/03/15 10:32]
127.0.0.1 external edit
+++ web_services:hg_gateway [2015/12/07 13:13]
tschulz [Using Self Signed Certs]
@@ Line 11: / Line 11: @@
 allow_push = *</code>
 ===== <REP-WWW>/index.cgi =====
-<code>#!/usr/bin/env python
+<code python index.cgi>#!/usr/bin/env python
 #
 # An example CGI script to use hgweb, edit as necessary
@@ Line 43: / Line 43: @@
 wsgicgi.launch(wsgiapplication(make_web_app))</code>
 ===== <REP-WWW>/.htaccess =====
-<code>AuthType Basic
+<code apache .htaccess>AuthType Basic
 AuthName "Repository"
 AuthUserFile /etc/apache2/hg.passwd
 Require user some-user
 </code>
+===== Mercurial Pushing to Server with Self Signed Certs =====
+  * In recent versions of Mercurial SSL verification will fail for self signed SSL/HTTPS certs.  There are two ways to fix the issue.
+  * In the past the cacerts or web.cacerts would work around this problem, but it no longer works
+==== Add the host fingerprint to hgrc ====
+  - To find the host fingerprint run the following<file bash> openssl s_client -connect <FQDN>:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin</file>
+  - You should get something like **SHA1 Fingerprint=9E:FD:0A:7B:C0:40:3D:A9:CF:BD:FE:DA:5E:D3:A8:EB:04:DB:2D:33** take the hexidecimal value and use it the next step
+  - Add the following to your hgrc file<file>
+[hostfingerprints]
+<FQDN from step 1> = <HEXVALUE from step 2>
+</file>
+==== Disable SSL verification ====
+  * It goes without saying the this is not a very good idea, but if all else fails this will get mercrial to talk to a self signed https server
+  - Add the following to your hgrc file:<file>
+[alias]
+push = push --insecure
+</file>

ISD 820 Knowledge Base

User Tools

Site Tools

Differences

Page Tools