2 Feb 2013 asmodai   » (Journeyer)

TortoiseHG and wildcard certificates

Having resolved recent SSL certificate issues with Mercurial/TortoiseHG, I now encountered a similar issue with the wildcard certificate for *.google.com where getting a clone would result in a "SSL: Server certificate verify failed" error.

One way around this issue is to add the fingerprint for this certificate to your configuration. Currently for *.google.com this is 4b:b7:cc:81:2c:b9:00:3a:75:97:10:27:43:61:0b:93:d9:7c:3c:19 and one to get this from a Unix command line is with openssl s_client -connect code.google.com:443 | openssl x509 -in cert-code -fingerprint -noout | tr "[:upper:]" "[:lower:]". This corresponds with Chrome’s certificate view’s thumbprint field, you just need to add colons.

Right click in Explorer, select TortoiseHG » Global Settings and then click Edit File and add the following:

[hostfingerprints]
code.google.com = 4b:b7:cc:81:2c:b9:00:3a:75:97:10:27:43:61:0b:93:d9:7c:3c:19

This should make Mercurial/TortoiseHG work, at least until the certificate expires and you need to update it with the latest fingerprint.

Syndicated 2013-02-02 15:23:20 from In Nomine - The Lotus Land

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!