User Tools

Site Tools


web_services:hg_workaround

Mercurial Pushing to Server with Self Signed Certs

  • In recent versions of Mercurial SSL verification will fail for self signed SSL/HTTPS certs. There are two ways to fix the issue.
  • In the past the cacerts or web.cacerts would work around this problem, but it no longer works

Add the host fingerprint to hgrc

  1. To find the host fingerprint run the following
     openssl s_client -connect <FQDN>:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin
  2. You should get something like SHA1 Fingerprint=9E:FD:0A:7B:C0:40:3D:A9:CF:BD:FE:DA:5E:D3:A8:EB:04:DB:2D:33 take the hexidecimal value and use it the next step
  3. Add the following to your hgrc file
    [hostfingerprints]
    <FQDN from step 1> = <HEXVALUE from step 2>

Disable SSL verification

  • It goes without saying the this is not a very good idea, but if all else fails this will get mercrial to talk to a self signed https server
  1. Add the following to your hgrc file:
    [alias]
    push = push --insecure

Thad Schulz 2016/01/15 13:06

web_services/hg_workaround.txt · Last modified: 2016/01/15 13:06 by tschulz