yeah updated mercurial works
https://forum.nginx.org/read.php?2,283686,283694#msg-283694 though centos 7
still will use non-SNI supported mercurial 2.6.2 so folks doing hg clone for
njs repo will always have this issue.
Posted at Nginx Forum:
okay part of the problem is centos 7 uses mercurial 2.6.2 and fix is to
update to mercurial >2.7.9 for SNI support
hg --version
Mercurial Distributed SCM (version 2.6.2)
(see http://mercurial.selenic.com for more information)
Copyright (C) 2005-2012 Matt Mackall and others
This is free software;
Hello!
On Tue, Apr 09, 2019 at 10:32:14AM -0400, George wrote:
> for that i get
>
> echo -n | openssl s_client -connect hg.nginx.org:443 -servername
> hg.nginx.org
> CONNECTED(0003)
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's
looks like hg clone is a non-SNI request so looked up pubserv.nginx.com's
SSL cert *.nginx.com common name so maybe best to add *.nginx.org as well to
pubserv.nginx.com server's SSL cert ?
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,283686,283692#msg-283692
testssl 3.0rc4 output for
testssl hg.nginx.org:443
Testing server defaults (Server Hello)
TLS extensions (standard)"server name/#0" "renegotiation info/#65281"
"EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next
protocol/#13172" "application layer protocol negotiation/#16"
Hello!
On Tue, Apr 09, 2019 at 09:17:47AM -0400, George wrote:
> Hi when I try to clone njs repo I am getting the error below
>
> hg clone https://hg.nginx.org/njs/
> abort: hg.nginx.org certificate error: certificate is for *.nginx.com,
> nginx.com
> (configure hostfingerprint
>
