X-Recipient: archive-cygwin@delorie.com X-SWARE-Spam-Status: No, hits=-2.0 required=5.0 tests=BAYES_00,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPF_HELO_PASS,TW_YG X-Spam-Check-By: sourceware.org To: cygwin@cygwin.com From: Oleksandr Gavenko Subject: Suggestion to integrate Mercurial with ca-certificates package. Date: Tue, 27 Dec 2011 14:07:04 +0200 Lines: 53 Message-ID: <84fwg6md5j.fsf@bifit.com.ua> Mime-Version: 1.0 Content-Type: text/plain User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.91 (windows-nt) X-IsSubscribed: yes Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com cygwin# cygcheck -c mercurial Cygwin Package Information Package Version Status mercurial 1.9.3-1 OK When you try perform communication through HTTPS you get warning: cygwin# hg identify https://bitbucket.org/django/django warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting) warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting) warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting) warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting) 92c12b8fd96a When you provide certificate you can not see warning message: cygwin# hg --config web.cacerts=/usr/ssl/certs/ca-bundle.crt identify https://bitbucket.org/django/django 92c12b8fd96a I suggest to integrate Cygwin 'mercurial' package with Cygwin 'ca-certificates' like this done in Debian distro: debian# cat /etc/mercurial/hgrc.d/cacerts.rc [web] # user can disable this Debian default by overriding this option in ~/.hgrc # and/or using the --insecure command line switch cacerts = /etc/ssl/certs/ca-certificates.crt I was surprised that 'ca-certificates' have been uploaded to Cygwin distribution recently: http://www.cygwin.com/ml/cygwin-announce/2011-11/msg00000.html To fix issue I create: cygwin# mkdir /etc/mercurial cygwin# cat </etc/mercurial/hgrc [web] cacerts = /usr/ssl/certs/ca-bundle.crt EOF Note that if cacerts point to non-existing file you get error from Mercurial: cygwin# hg identify https://bitbucket.org/django/django || echo ERROR abort: could not find web.cacerts: /a/usr/ssl/certs/ca-bundle.crt ERROR May be Debian solution with '/etc/mercurial/hgrc.d' sufficient to avoid this problem. -- Best regards! -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple