Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Disabling HTTPS host authentication in TortoiseHG for internal self-signed certificates

Tags:

How do you disable HTTPS host authentication in TortoiseHG for internal self-signed certificates. For internal servers HTTPS is primarily used for encryption.

The TortoiseHG documentation says that it is possible to disable host verification (i.e. verification against the Certificate Authority chain) here but I can't seem to find the option.

Its supposed to be an option when cloning a remote repository. I am using the latest TortoiseHG 2.0.5

like image 799
jbx Avatar asked Jun 09 '11 13:06

jbx

2 Answers

In the TortoiseHG Workbench, in the Sync tab (or in the Sync screen), if you have a remote path selected, you should see a button with a lock icon on it:

enter image description here

That will bring up the Security window, where you can select the option No host validation, but still encrypted, among other settings. When you turn that on, it adds something like this to your mercurial.ini:

[insecurehosts]
bitbucket.org = 1

That's machine-level config for TortoiseHg, but it doesn't seem to affect the Clone window.

On the command-line, you can use --insecure to skip verifying certificates:

hg clone --insecure https://hostname.org/user/repository repository-clone

This will spit out a number of warnings about not verifying the certificate, and will also show you the host fingerprint in each message, like the example warning below (formatted from the original for readability):

warning: bitbucket.org certificate with fingerprint 
 24:9c:45:8b:9c:aa:ba:55:4e:01:6d:58:ff:e4:28:7d:2a:14:ae:3b not verified
 (check hostfingerprints or web.cacerts config setting)

A better option, however, is host fingerprints, which are used by both hg and TortoiseHg. In TortoiseHg's Security window, above No host validation is the option Verify with stored host fingerprint. The Query button retrieves the fingerprint of the host's certificate and stores it in mercurial.ini:

[hostfingerprints]
bitbucket.org = 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe

This should skip actual verification of the certificate because you are declaring that you already trust the certificate.

This documentation on certificates may help, as well.

like image 200
Joel B Fant Avatar answered Sep 19 '22 05:09

Joel B Fant

In the Clone Repository window expand options and check "Do not verify host certificate" check box.

like image 29
johnb Avatar answered Sep 19 '22 05:09

johnb
Sign in to Comment

Related questions

Can we use or integrate WordPress with ASP.NET?
Average 2 hex colors together in javascript
A few extra pixels of height - where could they be coming from?
Handle undeclared dict key in Python
Generics can't infer second parameter? [duplicate]
AsyncTask with a ProgressDialog and Progress Bar
MD5 hash with different results
Ruby on Rails MYSQL error Access denied for user 'root@localhost'
Create an enum from a group of related constants in Go
IIS 7 Not Serving Default Document
Python interpreted code optimisation
Justify divs with CSS to fill width of parent container [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!