Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Continue operation on failed certificate verification

Lukas Brückner1
Lukas Brückner November 14, 2011

All my operations with the remote depository fail because of the following error:

abort: error: _ssl.c:499: error:14090086:SSL
routines:SSl3_GET_SERVER_CERTIFICATE:certificate verify failed

We are using a self-generated certificate, and somehow cannot suppress that warning.

However, using terminal, my operations work fine after displaying the error. In SourceTree, all operations halt and I cannot find any option to ignore certificate verification failures.
Any workarounds would be much appreciated.

Thanks,

Lukas

Answer
Watch
Like baerrach likes this
2706 views

3 answers

1 accepted

0 votes
Answer accepted
stevestreeting
stevestreeting
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 15, 2011

To set up your trust for the certificate, please take a look at this: http://mercurial.selenic.com/wiki/CACertificates#Mac_OS_X_10.6_and_higher

SourceTree already configures a dummy PEM to make Mercurial check your Keychain for trusted certificates (unless you set the option manually yourself), but some people who have encountered this in the past have found they also needed to add the [hostfingerprints] configuration as described in the above page.

View More Comments
jholewinski
jholewinski February 6, 2012

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

Like
jholewinski
jholewinski February 6, 2012

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

Like
jholewinski
jholewinski February 6, 2012

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

Like
Kirk Stork
Kirk Stork
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 8, 2012

What about for Git repositories? There's an environment variable for Git to deal with this

GIT_SSL_NO_VERIFY=1

But I can't get SourceTree to see it. I've tried setting it in my regular ~/.profile and also in .MacOSX/environment.plist

Like
stevestreeting
stevestreeting
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 9, 2012

Hmm, SourceTree passes on its environment to git calls, only adding new entries where required. ~/.profile doesn't affect GUI apps so SourceTree wouldn't inherit that, but environment.plist should work. The only alternative is /etc/launchd.conf as described here: http://stackoverflow.com/questions/135688/setting-environment-variables-in-os-x

Like
Reply
0 votes
Bronwen Stine1
Bronwen Stine July 24, 2013

Under windows Soucetree, there is an option to disable this: Tools>Options>Git>Disable SSL Cert validation

Reply
0 votes
Gili
Gili September 15, 2012

NOTE: Under Windows 7, the "Local System Account" home directory isn't where you'd expect. It's under C:\Windows\System32\config\systemprofile

Make sure to place mercurial.ini there!

Reply

Suggest an answer

Log in or Sign up to answer
Sourcetree
Sourcetree
TAGS
AUG Leaders

Atlassian Community Events

    See all events