web_services:hg_workaround
Mercurial Pushing to Server with Self Signed Certs
In recent versions of Mercurial SSL verification will fail for self signed SSL/HTTPS certs. There are two ways to fix the issue.
In the past the cacerts or web.cacerts would work around this problem, but it no longer works
Add the host fingerprint to hgrc
To find the host fingerprint run the following
openssl s_client -connect <FQDN>:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin
You should get something like SHA1 Fingerprint=9E:FD:0A:7B:C0:40:3D:A9:CF:BD:FE:DA:5E:D3:A8:EB:04:DB:2D:33 take the hexidecimal value and use it the next step
Add the following to your hgrc file
[hostfingerprints]
<FQDN from step 1> = <HEXVALUE from step 2>
Disable SSL verification
Add the following to your hgrc file:
[alias]
push = push --insecure
— Thad Schulz 2016/01/15 13:06
web_services/hg_workaround.txt · Last modified: 2016/01/15 13:06 by tschulz