X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-2.0 required=5.0	tests=BAYES_00,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPF_HELO_PASS,TW_YG
X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Oleksandr Gavenko <gavenko AT bifit DOT com DOT ua>
Subject: Suggestion to integrate Mercurial with ca-certificates package.
Date: Tue, 27 Dec 2011 14:07:04 +0200
Lines: 53
Message-ID: <84fwg6md5j.fsf@bifit.com.ua>
Mime-Version: 1.0
Content-Type: text/plain
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.91 (windows-nt)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com


  cygwin# cygcheck -c mercurial
  Cygwin Package Information
  Package              Version        Status
  mercurial            1.9.3-1        OK

When you try perform communication through HTTPS you get warning:

  cygwin#  hg identify https://bitbucket.org/django/django
  warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting)
  warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting)
  warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting)
  warning: bitbucket.org certificate with fingerprint 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe not verified (check hostfingerprints or web.cacerts config setting)
  92c12b8fd96a

When you provide certificate you can not see warning message:

  cygwin# hg --config web.cacerts=/usr/ssl/certs/ca-bundle.crt identify https://bitbucket.org/django/django
  92c12b8fd96a

I suggest to integrate Cygwin 'mercurial' package with Cygwin
'ca-certificates' like this done in Debian distro:

  debian# cat /etc/mercurial/hgrc.d/cacerts.rc
  [web]
  # user can disable this Debian default by overriding this option in ~/.hgrc
  # and/or using the --insecure command line switch
  cacerts = /etc/ssl/certs/ca-certificates.crt

I was surprised that 'ca-certificates' have been uploaded to Cygwin
distribution recently:

  http://www.cygwin.com/ml/cygwin-announce/2011-11/msg00000.html

To fix issue I create:

  cygwin# mkdir /etc/mercurial
  cygwin# cat <<EOF >/etc/mercurial/hgrc
  [web]
  cacerts = /usr/ssl/certs/ca-bundle.crt
  EOF

Note that if cacerts point to non-existing file you get error from Mercurial:

  cygwin# hg identify https://bitbucket.org/django/django || echo ERROR
  abort: could not find web.cacerts: /a/usr/ssl/certs/ca-bundle.crt
  ERROR

May be Debian solution with '/etc/mercurial/hgrc.d' sufficient to avoid this
problem.

-- 
Best regards!


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple