在TortoiseHG中为内部自签名证书禁用HTTPS主机身份验证 [英] Disabling HTTPS host authentication in TortoiseHG for internal self-signed certificates

问题描述

如何在TortoiseHG中为内部自签名证书禁用HTTPS主机身份验证.对于内部服务器，HTTPS主要用于加密.

TortoiseHG文档说可以禁用主机验证(即针对证书颁发机构链的验证)此处，但我似乎找不到该选项.

它应该是克隆远程存储库时的一个选项.我正在使用最新的TortoiseHG 2.0.5

解决方案

在TortoiseHG Workbench中，在同步"选项卡(或在同步"屏幕中)中，如果选择了远程路径，则应该看到一个带锁的按钮图标:

这将打开安全性"窗口，您可以在其中选择选项No host validation, but still encrypted，以及其他设置.当您打开它时，它会在mercurial.ini中添加类似的内容:

[insecurehosts]
bitbucket.org = 1

这是TortoiseHg的机器级配置，但似乎并不影响克隆"窗口.

在命令行上，您可以使用--insecure跳过验证证书:

hg clone --insecure https://hostname.org/user/repository repository-clone

这会吐出许多关于不验证证书的警告，并且还会在每条消息中向您显示主机指纹，例如下面的示例警告(为便于阅读，从原始格式格式化):

warning: bitbucket.org certificate with fingerprint 
 24:9c:45:8b:9c:aa:ba:55:4e:01:6d:58:ff:e4:28:7d:2a:14:ae:3b not verified
 (check hostfingerprints or web.cacerts config setting)

但是，更好的选择是主机指纹，它们是由hg和TortoiseHg使用.在TortoiseHg的安全性"窗口中，No host validation上方是选项Verify with stored host fingerprint. 查询"按钮检索主机证书的指纹并将其存储在mercurial.ini:

中

[hostfingerprints]
bitbucket.org = 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe

这应该跳过对证书的实际验证，因为您声明您已经信任证书.

关于证书的本文档也会有所帮助.

How do you disable HTTPS host authentication in TortoiseHG for internal self-signed certificates. For internal servers HTTPS is primarily used for encryption.

The TortoiseHG documentation says that it is possible to disable host verification (i.e. verification against the Certificate Authority chain) here but I can't seem to find the option.

Its supposed to be an option when cloning a remote repository. I am using the latest TortoiseHG 2.0.5

解决方案

In the TortoiseHG Workbench, in the Sync tab (or in the Sync screen), if you have a remote path selected, you should see a button with a lock icon on it:

That will bring up the Security window, where you can select the option No host validation, but still encrypted, among other settings. When you turn that on, it adds something like this to your mercurial.ini:

[insecurehosts]
bitbucket.org = 1

That's machine-level config for TortoiseHg, but it doesn't seem to affect the Clone window.

On the command-line, you can use --insecure to skip verifying certificates:

hg clone --insecure https://hostname.org/user/repository repository-clone

This will spit out a number of warnings about not verifying the certificate, and will also show you the host fingerprint in each message, like the example warning below (formatted from the original for readability):

warning: bitbucket.org certificate with fingerprint 
 24:9c:45:8b:9c:aa:ba:55:4e:01:6d:58:ff:e4:28:7d:2a:14:ae:3b not verified
 (check hostfingerprints or web.cacerts config setting)

A better option, however, is host fingerprints, which are used by both hg and TortoiseHg. In TortoiseHg's Security window, above No host validation is the option Verify with stored host fingerprint. The Query button retrieves the fingerprint of the host's certificate and stores it in mercurial.ini:

[hostfingerprints]
bitbucket.org = 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe

This should skip actual verification of the certificate because you are declaring that you already trust the certificate.

This documentation on certificates may help, as well.

这篇关于在TortoiseHG中为内部自签名证书禁用HTTPS主机身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！