https: warn when server certificate isn't verified
Mercurial will verify HTTPS server certificates if web.cacerts is configured,
but it will by default silently not verify any certificates.
We now warn the user that when the certificate isn't verified she won't get the
security she might expect from https:
warning: localhost certificate not verified (check web.cacerts config setting)
Self-signed certificates can be accepted silently by configuring web.cacerts to
point to a suitable certificate file.
--- a/mercurial/url.py Mon Dec 06 22:04:10 2010 -0600
+++ b/mercurial/url.py Sat Dec 18 21:58:52 2010 +0100
@@ -527,6 +527,9 @@
self.ui.debug('%s certificate successfully verified\n' %
self.host)
else:
+ self.ui.warn(_("warning: %s certificate not verified "
+ "(check web.cacerts config setting)\n") %
+ self.host)
httplib.HTTPSConnection.connect(self)
class httpsconnection(BetterHTTPS):
--- a/tests/test-https.t Mon Dec 06 22:04:10 2010 -0600
+++ b/tests/test-https.t Sat Dec 18 21:58:52 2010 +0100
@@ -106,6 +106,7 @@
clone via pull
$ hg clone https://localhost:$HGPORT/ copy-pull
+ warning: localhost certificate not verified (check web.cacerts config setting)
requesting all changes
adding changesets
adding manifests
@@ -131,6 +132,7 @@
$ echo '[hooks]' >> .hg/hgrc
$ echo "changegroup = python '$TESTDIR'/printenv.py changegroup" >> .hg/hgrc
$ hg pull
+ warning: localhost certificate not verified (check web.cacerts config setting)
changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_URL=https://localhost:$HGPORT/
pulling from https://localhost:$HGPORT/
searching for changes