How to entirely disable SSL certificate checks in Mercurial / TortoiseHg?

Question

I'm looking for a way to make --insecure option the default one for any hg \ TortoiseHg command.

Please don't write this is a bad practice - I aware about possible risks and consider they're fully acceptable.

Answer 1

If your goal is to eliminate certificate fingerprint warnings during push/pull, there's a better way to do this. Use the [hostfingerprints] in .hg/hgrc (or ~/.hgrc -- see comments).

[hostfingerprints] server.example.org = 38:76:52:7c:87:26:9a:8f:4a:f8:d3:de:08:45:3b:ea:d6:4b:ee:cc 

This will eliminate the warnings without eliminating the security checks.

Note: I see from your comments to another answer that you've already found this solution. I'm posting this anyway in case someone else has the same problem.

Answer 2

Setting cacerts in the [web] section to the empty string looks to be the same thing. From the source:

if cmdoptions.get('insecure', False):     ui.setconfig('web', 'cacerts', '!', '--insecure') 

which the wiki confirms:

Sometimes it may be expedient to disable security checks, for instance when dealing with hosts with self-signed certificates. This can be done by disabling the CA certificate configuration on the command line:

hg push --config web.cacerts= https://self-signed-host/repo

So putting cacerts=! in the [web] section of your global hgrc (/etc/mercurial/hgrc on linux-likes) will get you there.