[Bug 5466] New: Mercurial 4.0.1 on Windows 7. Doesn't accept sha256 certificate finger print.

Fri, 13 Jan 2017 07:29:53 -0800 

https://bz.mercurial-scm.org/show_bug.cgi?id=5466

            Bug ID: 5466
           Summary: Mercurial 4.0.1 on Windows 7. Doesn't accept sha256
                    certificate finger print.
           Product: Mercurial
           Version: earlier
          Hardware: PC
                OS: Windows
            Status: UNCONFIRMED
          Severity: feature
          Priority: wish
         Component: Mercurial
          Assignee: bugzi...@mercurial-scm.org
          Reporter: russellp...@foxhat.net
                CC: mercurial-de...@selenic.com

I have just installed TortoiseHg 4.0.1 x86 for Windows on a Windows 7 dev box.
I entered the sha256 fingerprint for Bitbucket.org into my mercurial.ini file:
----snip--------snip--------snip----
# Generated by TortoiseHg settings dialog
[hostfingerprints]
bitbucket.org =
4E:65:3E:76:0F:81:59:85:5B:50:06:0C:C2:4D:3C:56:53:8B:83:3E:9B:FA:55:26:98:9A:CA:E2:25:03:92:47
----snip--------snip--------snip----

When I try to clone a repository on Bitbucket, this is the result:
----snip--------snip--------snip----
D:\repos>hg clone https://unixw...@bitbucket.org/Unixwolf/pdfview
abort: certificate for bitbucket.org has unexpected fingerprint
3f:d3:c5:17:23:3
c:cd:f5:2d:17:76:06:93:7e:ee:97:42:21:14:aa
(check hostfingerprint configuration)

D:\repos>
----snip--------snip--------snip----

If you look carefully, it seems that Mercurial is only examining the first
fingerprint in the certificate. Perhaps a solution might be to allow the user
to specify the hash algorithm:
----snip--------snip--------snip----
bitbucket.org sha256 4E:65:3E:76 ...03:92:47
----snip--------snip--------snip----

When I enter the certificate's sha 1 fingerprint the problem goes away.

Please note that as of 1 January 2017 sha1 SSL certificates are deprecated.
CA's are no longer issuing them.

Perhaps I'm the first person to encounter this. We New Zealanders are used to
being the first in the world to experience timekeeping bugs! I suppose it
serves us right for living next to the International Date Line.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Reply via email to