1022 of the fingerprints specified. This means if the server updates its |
1022 of the fingerprints specified. This means if the server updates its |
1023 certificate, Mercurial will abort until a new fingerprint is defined. |
1023 certificate, Mercurial will abort until a new fingerprint is defined. |
1024 This can provide stronger security than traditional CA-based validation |
1024 This can provide stronger security than traditional CA-based validation |
1025 at the expense of convenience. |
1025 at the expense of convenience. |
1026 |
1026 |
|
1027 This option takes precedence over ``verifycertsfile``. |
|
1028 |
|
1029 ``verifycertsfile`` |
|
1030 Path to file a containing a list of PEM encoded certificates used to |
|
1031 verify the server certificate. Environment variables and ``~user`` |
|
1032 constructs are expanded in the filename. |
|
1033 |
|
1034 The server certificate or the certificate's certificate authority (CA) |
|
1035 must match a certificate from this file or certificate verification |
|
1036 will fail and connections to the server will be refused. |
|
1037 |
|
1038 If defined, only certificates provided by this file will be used: |
|
1039 ``web.cacerts`` and any system/default certificates will not be |
|
1040 used. |
|
1041 |
|
1042 This option has no effect if the per-host ``fingerprints`` option |
|
1043 is set. |
|
1044 |
|
1045 The format of the file is as follows: |
|
1046 |
|
1047 -----BEGIN CERTIFICATE----- |
|
1048 ... (certificate in base64 PEM encoding) ... |
|
1049 -----END CERTIFICATE----- |
|
1050 -----BEGIN CERTIFICATE----- |
|
1051 ... (certificate in base64 PEM encoding) ... |
|
1052 -----END CERTIFICATE----- |
|
1053 |
1027 For example:: |
1054 For example:: |
1028 |
1055 |
1029 [hostsecurity] |
1056 [hostsecurity] |
1030 hg.example.com:fingerprints = sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2 |
1057 hg.example.com:fingerprints = sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2 |
1031 hg2.example.com:fingerprints = sha1:914f1aff87249c09b6859b88b1906d30756491ca, sha1:fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33 |
1058 hg2.example.com:fingerprints = sha1:914f1aff87249c09b6859b88b1906d30756491ca, sha1:fc:e2:8d:d9:51:cd:cb:c1:4d:18:6b:b7:44:8d:49:72:57:e6:cd:33 |
|
1059 foo.example.com:verifycertsfile = /etc/ssl/trusted-ca-certs.pem |
1032 |
1060 |
1033 ``http_proxy`` |
1061 ``http_proxy`` |
1034 -------------- |
1062 -------------- |
1035 |
1063 |
1036 Used to access web-based Mercurial repositories through a HTTP |
1064 Used to access web-based Mercurial repositories through a HTTP |