Mercurial > hg
view mercurial/help/urls.txt @ 29561:1a782fabf80d
sslutil: print a warning when using TLS 1.0 on legacy Python
Mercurial now requires TLS 1.1+ when TLS 1.1+ is supported by the
client. Since we made the decision to require TLS 1.1+ when running
with modern Python versions, it makes sense to do something for
legacy Python versions that only support TLS 1.0.
Feature parity would be to prevent TLS 1.0 connections out of the
box and require a config option to enable them. However, this is
extremely user hostile since Mercurial wouldn't talk to https://
by default in these installations! I can easily see how someone
would do something foolish like use "--insecure" instead - and
that would be worse than allowing TLS 1.0!
This patch takes the compromise position of printing a warning when
performing TLS 1.0 connections when running on old Python
versions. While this warning is no more annoying than the
CA certificate / fingerprint warnings in Mercurial 3.8, we provide
a config option to disable the warning because to many people
upgrading Python to make the warning go away is not an available
recourse (unlike pinning fingerprints is for the CA warning).
The warning appears as optional output in a lot of tests.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Wed, 13 Jul 2016 21:49:17 -0700 |
parents | 01d68fb07915 |
children | 5da7b8cb6f75 |
line wrap: on
line source
Valid URLs are of the form:: local/filesystem/path[#revision] file://local/filesystem/path[#revision] http://[user[:pass]@]host[:port]/[path][#revision] https://[user[:pass]@]host[:port]/[path][#revision] ssh://[user@]host[:port]/[path][#revision] Paths in the local filesystem can either point to Mercurial repositories or to bundle files (as created by :hg:`bundle` or :hg:`incoming --bundle`). See also :hg:`help paths`. An optional identifier after # indicates a particular branch, tag, or changeset to use from the remote repository. See also :hg:`help revisions`. Some features, such as pushing to http:// and https:// URLs are only possible if the feature is explicitly enabled on the remote Mercurial server. Note that the security of HTTPS URLs depends on proper configuration of web.cacerts. Some notes about using SSH with Mercurial: - SSH requires an accessible shell account on the destination machine and a copy of hg in the remote path or specified with as remotecmd. - path is relative to the remote user's home directory by default. Use an extra slash at the start of a path to specify an absolute path:: ssh://example.com//tmp/repository - Mercurial doesn't use its own compression via SSH; the right thing to do is to configure it in your ~/.ssh/config, e.g.:: Host *.mylocalnetwork.example.com Compression no Host * Compression yes Alternatively specify "ssh -C" as your ssh command in your configuration file or with the --ssh command line option. These URLs can all be stored in your configuration file with path aliases under the [paths] section like so:: [paths] alias1 = URL1 alias2 = URL2 ... You can then use the alias for any command that uses a URL (for example :hg:`pull alias1` will be treated as :hg:`pull URL1`). Two path aliases are special because they are used as defaults when you do not provide the URL to a command: default: When you create a repository with hg clone, the clone command saves the location of the source repository as the new repository's 'default' path. This is then used when you omit path from push- and pull-like commands (including incoming and outgoing). default-push: The push command will look for a path named 'default-push', and prefer it over 'default' if both are defined.