Bug#769761: mercurial: does not support SNI on for https: URLs

Paul Wise Sun, 16 Nov 2014 01:09:55 -0800

Package: mercurial
Version: 3.1.2-1
Severity: important

I am unable to clone alioth hg repositories on https: URLs and it looks
to be due to hg not supporting SNI (checked with wireshark):


https://en.wikipedia.org/wiki/Server_Name_Indication

pabs@chianamo ~ $ openssl s_client -connect anonscm.debian.org:443 -servername 
anonscm.debian.org < /dev/null 2>&1 | grep subject
subject=/OU=Domain Control Validated/OU=PositiveSSL 
Multi-Domain/CN=git.debian.org
pabs@chianamo ~ $ openssl s_client -connect anonscm.debian.org:443 < /dev/null 
2>&1 | grep subject
subject=/OU=Domain Control Validated/OU=Gandi Standard Wildcard 
SSL/CN=*.alioth.debian.org
pabs@chianamo ~ $ hg clone https://anonscm.debian.org/hg/pkg-vim/vim
abort: anonscm.debian.org certificate error: certificate is for 
*.alioth.debian.org, alioth.debian.org
(configure hostfingerprint 
f3:0b:7e:89:59:15:57:65:19:a8:77:4b:fd:a3:71:44:0c:b5:e3:e2 or use --insecure 
to connect insecurely)
pabs@chianamo ~ $ wget -O /dev/null https://anonscm.debian.org/hg/pkg-vim/vim
--2014-11-16 17:00:02--  https://anonscm.debian.org/hg/pkg-vim/vim
Resolving anonscm.debian.org (anonscm.debian.org)... 5.153.231.21
Connecting to anonscm.debian.org (anonscm.debian.org)|5.153.231.21|:443... 
connected.
HTTP request sent, awaiting response... 200 Script output follows
Length: unspecified [text/html]
Saving to: ‘/dev/null’

/dev/null                                          [  <=>                       
                                                                        ]  
16.82K  37.2KB/s   in 0.5s   

2014-11-16 17:00:05 (37.2 KB/s) - ‘/dev/null’ saved [17223]

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable'), (700, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mercurial depends on:
ii  libc6             2.19-13
ii  mercurial-common  3.1.2-1
ii  python            2.7.8-2
ii  ucf               3.0030

Versions of packages mercurial recommends:
ii  openssh-client  1:6.7p1-3

Versions of packages mercurial suggests:
ii  meld  3.12.0-1
pn  qct   <none>

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

signature.asc
Description: This is a digitally signed message part

Bug#769761: mercurial: does not support SNI on for https: URLs

Reply via email to