Suggestion to integrate Mercurial with ca-certificates package.

Oleksandr Gavenko gavenko@bifit.com.ua
Tue Dec 27 12:07:00 GMT 2011 

  cygwin# cygcheck -c mercurial
  Cygwin Package Information
  Package              Version        Status
  mercurial            1.9.3-1        OK

When you try perform communication through HTTPS you get warning:

  cygwin#  hg identify https://bitbucket.org/django/django
  warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting)
  warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting)
  warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting)
  warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting)
  92c12b8fd96a

When you provide certificate you can not see warning message:

  cygwin# hg --config web.cacerts=/usr/ssl/certs/ca-bundle.crt identify https://bitbucket.org/django/django
  92c12b8fd96a

I suggest to integrate Cygwin 'mercurial' package with Cygwin
'ca-certificates' like this done in Debian distro:

  debian# cat /etc/mercurial/hgrc.d/cacerts.rc
  [web]
  # user can disable this Debian default by overriding this option in ~/.hgrc
  # and/or using the --insecure command line switch
  cacerts = /etc/ssl/certs/ca-certificates.crt

I was surprised that 'ca-certificates' have been uploaded to Cygwin
distribution recently:

  http://www.cygwin.com/ml/cygwin-announce/2011-11/msg00000.html

To fix issue I create:

  cygwin# mkdir /etc/mercurial
  cygwin# cat <<EOF >/etc/mercurial/hgrc
  [web]
  cacerts = /usr/ssl/certs/ca-bundle.crt
  EOF

Note that if cacerts point to non-existing file you get error from Mercurial:

  cygwin# hg identify https://bitbucket.org/django/django || echo ERROR
  abort: could not find web.cacerts: /a/usr/ssl/certs/ca-bundle.crt
  ERROR

May be Debian solution with '/etc/mercurial/hgrc.d' sufficient to avoid this
problem.

-- 
Best regards!


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list