Disabling HTTPS host authentication in TortoiseHG for internal self-signed certificates
How do you disable HTTPS host authentication in TortoiseHG for internal self-signed certificates. For internal servers HTTPS is primarily used for encryption.
The TortoiseHG documentation says that it is possible to disable host verification (i.e. verification against the Certificate Authority chain) here but I can't seem to find the option.
Its supposed to be an option when cloning a remote repository. I am using the latest TortoiseHG 2.0.5
In the TortoiseHG Workbench, in the Sync tab (or in the Sync screen), if you have a remote path selected, you should see a button with a lock icon on it:
That will bring up the Security window, where you can select the option No host validation, but still encrypted, among other settings. When you turn that on, it adds something like this to your mercurial.ini:
[insecurehosts]
bitbucket.org = 1
That's machine-level config for TortoiseHg, but it doesn't seem to affect the Clone window.
On the command-line, you can use --insecure to skip verifying certificates:
hg clone --insecure https://hostname.org/user/repository repository-clone
This will spit out a number of warnings about not verifying the certificate, and will also show you the host fingerprint in each message, like the example warning below (formatted from the original for readability):
warning: bitbucket.org certificate with fingerprint
24:9c:45:8b:9c:aa:ba:55:4e:01:6d:58:ff:e4:28:7d:2a:14:ae:3b not verified
(check hostfingerprints or web.cacerts config setting)
A better option, however, is host fingerprints, which are used by both hg and TortoiseHg. In TortoiseHg's Security window, above No host validation is the option Verify with stored host fingerprint. The Query button retrieves the fingerprint of the host's certificate and stores it in mercurial.ini:
[hostfingerprints]
bitbucket.org = 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe
This should skip actual verification of the certificate because you are declaring that you already trust the certificate.
This documentation on certificates may help, as well.
- Finding the author of a line of code in Mercurial
- Mercurial: annotate / blame current line number
- Mercurial/TortoiseHg: Can multiple repositories share the exact same file(s)?
- How to properly use hg share extension?
- Cannot push into Mercurial, End of script output before headers: hgweb.cgi, TortoiseHg command returned code 255
- Mercurial in WSL: HGEDITOR $PATH is different from my $PATH
- how to run hg recover command on a remote repository
- Is possible to change the default diff tool in Mercurial?
- Is it safe to remove bundles in strip-backup folders?
- How to manipulate Bitbucket repository with token?
- Git equivalents of most common Mercurial commands?
- "ERROR:root:code for hash md5 was not found" when using any hg mercurial commands
- Examining a single changeset in Mercurial
- How to abandon an uncommitted hg merge?
- Placing recent commits in a separate (named) branch in Mercurial (Hg)
- Monotone-increasing Version Number based on Mercurial Commits
- Splitting a patch in two (ideally in Vim)
- What are the implications of ISO 9001/CMMI for source control in general, and Git/Mercurial/DVCS in particular?
- How can I find parent file of one single file after copying?
- How do I tell (locally) mercurial that a server is non-publishing?
- Mercurial: how to amend the last commit?
- Reliably run Mercurial's "hg status" from a C# program
- No changes are pushed when using hg-git
- How can I force mercurial to accept an empty commit during SVN conversion?
- How to search through all Git and Mercurial commits in the repository for a certain string?
- TortoiseHg: Push Branch
- at least one unnamed head error when converting mercurial repo to git using fast-export
- Finding changes to a block of text with mercurial
- "hg purge" deleted tracked file
- Importing Subversion repository which is well formed now, but was not well formed before