Mercurial > hg
diff doc/hgrc.5.txt @ 13314:8dc488dfcdb4 stable
url: 'ssh known host'-like checking of fingerprints of HTTPS certificates
Known fingerprints of HTTPS servers can now be configured in the
hostfingerprints section. That makes it possible to verify the identify of web
servers without configuring and trusting the CA chain.
Limitations:
* Portnumbers are ignored, just like with ordinary certificates.
* Host name matching is case sensitive.
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Fri, 28 Jan 2011 02:57:59 +0100 |
| parents | b25b5ad0cca8 |
| children | 0d1dca7d2a04 a939f08fae9c |
line wrap: on
line diff
--- a/doc/hgrc.5.txt Thu Jan 27 17:21:23 2011 -0600 +++ b/doc/hgrc.5.txt Fri Jan 28 02:57:59 2011 +0100 @@ -423,6 +423,24 @@ myfeature = ~/.hgext/myfeature.py +``hostfingerprints`` +"""""""""""""""""""" + +Fingerprints of the certificates of known HTTPS servers. +A HTTPS connection to a server with a fingerprint configured here will +only succeed if the servers certificate matches the fingerprint. +This is very similar to how ssh known hosts works. +The fingerprint is the SHA-1 hash value of the DER encoded certificate. +The CA chain and web.cacerts is not used for servers with a fingerprint. + +For example:: + + [hostfingerprints] + hg.intevation.org = 38:76:52:7c:87:26:9a:8f:4a:f8:d3:de:08:45:3b:ea:d6:4b:ee:cc + +This feature is only supported when using Python 2.6 or later. + + ``format`` """"""""""