Continue operation on failed certificate verification

All my operations with the remote depository fail because of the following error:

abort: error: _ssl.c:499: error:14090086:SSL
routines:SSl3_GET_SERVER_CERTIFICATE:certificate verify failed

We are using a self-generated certificate, and somehow cannot suppress that warning.

However, using terminal, my operations work fine after displaying the error. In SourceTree, all operations halt and I cannot find any option to ignore certificate verification failures.
Any workarounds would be much appreciated.

Thanks,

Lukas

3 answers

1 accepted

To set up your trust for the certificate, please take a look at this: http://mercurial.selenic.com/wiki/CACertificates#Mac_OS_X_10.6_and_higher

SourceTree already configures a dummy PEM to make Mercurial check your Keychain for trusted certificates (unless you set the option manually yourself), but some people who have encountered this in the past have found they also needed to add the [hostfingerprints] configuration as described in the above page.

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

What about for Git repositories? There's an environment variable for Git to deal with this

GIT_SSL_NO_VERIFY=1

But I can't get SourceTree to see it. I've tried setting it in my regular ~/.profile and also in .MacOSX/environment.plist

Hmm, SourceTree passes on its environment to git calls, only adding new entries where required. ~/.profile doesn't affect GUI apps so SourceTree wouldn't inherit that, but environment.plist should work. The only alternative is /etc/launchd.conf as described here: http://stackoverflow.com/questions/135688/setting-environment-variables-in-os-x

NOTE: Under Windows 7, the "Local System Account" home directory isn't where you'd expect. It's under C:\Windows\System32\config\systemprofile

Make sure to place mercurial.ini there!

Under windows Soucetree, there is an option to disable this: Tools>Options>Git>Disable SSL Cert validation

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published May 30, 2018 in Sourcetree

Tip from the team: configuring Git or Mercurial in Sourcetree

Supported Platforms macOS Windows To make using Sourcetree as simple yet powerful as possible we embed (bundle) dependencies such as Git, Git LFS, and Mercurial. We strive to keep these...

563 views 1 2
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you