changeset 12593:01c373762b76 stable

doc: clarify that https cert verification requires web.cacerts
author Mads Kiilerich <mads@kiilerich.com>
date Fri, 01 Oct 2010 00:48:50 +0200
parents f2937d6492c5
children bb324910e40a
files doc/hgrc.5.txt mercurial/help/urls.txt
diffstat 2 files changed, 8 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/doc/hgrc.5.txt	Fri Oct 01 00:46:59 2010 +0200
+++ b/doc/hgrc.5.txt	Fri Oct 01 00:48:50 2010 +0200
@@ -951,8 +951,9 @@
     third-party tools like email notification hooks can construct
     URLs. Example: ``http://hgserver/repos/``.
 ``cacerts``
-    Path to file containing a list of PEM encoded certificate authorities
-    that may be used to verify an SSL server's identity. The form must be
+    Path to file containing a list of PEM encoded certificate authority
+    certificates. If specified on the client, then it will verify the identity
+    of remote HTTPS servers with these certificates. The form must be
     as follows::
 
         -----BEGIN CERTIFICATE-----
@@ -962,8 +963,8 @@
         ... (certificate in base64 PEM encoding) ...
         -----END CERTIFICATE-----
 
-    This feature is only supported when using Python 2.6. If you wish to
-    use it with earlier versions of Python, install the backported
+    This feature is only supported when using Python 2.6 or later. If you wish
+    to use it with earlier versions of Python, install the backported
     version of the ssl library that is available from
     ``http://pypi.python.org``.
 
--- a/mercurial/help/urls.txt	Fri Oct 01 00:46:59 2010 +0200
+++ b/mercurial/help/urls.txt	Fri Oct 01 00:48:50 2010 +0200
@@ -18,6 +18,9 @@
 possible if the feature is explicitly enabled on the remote Mercurial
 server.
 
+Note that the security of HTTPS URLs depends on proper configuration of
+web.cacerts.
+
 Some notes about using SSH with Mercurial:
 
 - SSH requires an accessible shell account on the destination machine