Mercurial > hg
comparison doc/hgrc.5.txt @ 13314:8dc488dfcdb4 stable
url: 'ssh known host'-like checking of fingerprints of HTTPS certificates
Known fingerprints of HTTPS servers can now be configured in the
hostfingerprints section. That makes it possible to verify the identify of web
servers without configuring and trusting the CA chain.
Limitations:
* Portnumbers are ignored, just like with ordinary certificates.
* Host name matching is case sensitive.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Fri, 28 Jan 2011 02:57:59 +0100 |
parents | b25b5ad0cca8 |
children | 0d1dca7d2a04 a939f08fae9c |
comparison
equal
deleted
inserted
replaced
13312:9f188734dbb0 | 13314:8dc488dfcdb4 |
---|---|
419 [extensions] | 419 [extensions] |
420 # (the mq extension will get loaded from Mercurial's path) | 420 # (the mq extension will get loaded from Mercurial's path) |
421 hgext.mq = | 421 hgext.mq = |
422 # (this extension will get loaded from the file specified) | 422 # (this extension will get loaded from the file specified) |
423 myfeature = ~/.hgext/myfeature.py | 423 myfeature = ~/.hgext/myfeature.py |
424 | |
425 | |
426 ``hostfingerprints`` | |
427 """""""""""""""""""" | |
428 | |
429 Fingerprints of the certificates of known HTTPS servers. | |
430 A HTTPS connection to a server with a fingerprint configured here will | |
431 only succeed if the servers certificate matches the fingerprint. | |
432 This is very similar to how ssh known hosts works. | |
433 The fingerprint is the SHA-1 hash value of the DER encoded certificate. | |
434 The CA chain and web.cacerts is not used for servers with a fingerprint. | |
435 | |
436 For example:: | |
437 | |
438 [hostfingerprints] | |
439 hg.intevation.org = 38:76:52:7c:87:26:9a:8f:4a:f8:d3:de:08:45:3b:ea:d6:4b:ee:cc | |
440 | |
441 This feature is only supported when using Python 2.6 or later. | |
424 | 442 |
425 | 443 |
426 ``format`` | 444 ``format`` |
427 """""""""" | 445 """""""""" |
428 | 446 |