Continue operation on failed certificate verification

All my operations with the remote depository fail because of the following error:

abort: error: _ssl.c:499: error:14090086:SSL
routines:SSl3_GET_SERVER_CERTIFICATE:certificate verify failed

We are using a self-generated certificate, and somehow cannot suppress that warning.

However, using terminal, my operations work fine after displaying the error. In SourceTree, all operations halt and I cannot find any option to ignore certificate verification failures.
Any workarounds would be much appreciated.

Thanks,

Lukas

3 answers

1 accepted

To set up your trust for the certificate, please take a look at this: http://mercurial.selenic.com/wiki/CACertificates#Mac_OS_X_10.6_and_higher

SourceTree already configures a dummy PEM to make Mercurial check your Keychain for trusted certificates (unless you set the option manually yourself), but some people who have encountered this in the past have found they also needed to add the [hostfingerprints] configuration as described in the above page.

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

What about for Git repositories? There's an environment variable for Git to deal with this

GIT_SSL_NO_VERIFY=1

But I can't get SourceTree to see it. I've tried setting it in my regular ~/.profile and also in .MacOSX/environment.plist

Hmm, SourceTree passes on its environment to git calls, only adding new entries where required. ~/.profile doesn't affect GUI apps so SourceTree wouldn't inherit that, but environment.plist should work. The only alternative is /etc/launchd.conf as described here: http://stackoverflow.com/questions/135688/setting-environment-variables-in-os-x

NOTE: Under Windows 7, the "Local System Account" home directory isn't where you'd expect. It's under C:\Windows\System32\config\systemprofile

Make sure to place mercurial.ini there!

Under windows Soucetree, there is an option to disable this: Tools>Options>Git>Disable SSL Cert validation

Suggest an answer

Log in or Join to answer
Community showcase
Brian Ganninger
Published Jan 23, 2018 in Sourcetree

Tip from the team: workflow and keyboard shortcuts

Supported Platforms macOS Sourcetree has a lot to offer and, like many developer tools, finding and using it all can be a challenge, especially for a new user. Everyone might not love ...

238 views 0 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot