It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Continue operation on failed certificate verification

Lukas Brückner Nov 14, 2011

All my operations with the remote depository fail because of the following error:

abort: error: _ssl.c:499: error:14090086:SSL
routines:SSl3_GET_SERVER_CERTIFICATE:certificate verify failed

We are using a self-generated certificate, and somehow cannot suppress that warning.

However, using terminal, my operations work fine after displaying the error. In SourceTree, all operations halt and I cannot find any option to ignore certificate verification failures.
Any workarounds would be much appreciated.

Thanks,

Lukas

3 answers

1 accepted

0 votes
Answer accepted
Steve Streeting Nov 15, 2011

To set up your trust for the certificate, please take a look at this: http://mercurial.selenic.com/wiki/CACertificates#Mac_OS_X_10.6_and_higher

SourceTree already configures a dummy PEM to make Mercurial check your Keychain for trusted certificates (unless you set the option manually yourself), but some people who have encountered this in the past have found they also needed to add the [hostfingerprints] configuration as described in the above page.

Justin Holewinski Feb 06, 2012

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

Justin Holewinski Feb 06, 2012

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

Justin Holewinski Feb 06, 2012

This doesn't seem to work for me. Same setup, self-signed certificate for serving repositories over HTTPS. I've tried setting web.cacerts in both my ~/.hgrc and ~/Library/Application Support/SourceTree/hgrc_sourcetree files (SourceTree seems to pick up elements of both), as well as a hostfingerprints entry like so:

[hostfingerprints]
<host>=<id>

The command-line hg command does not even give any warnings with this setup, but SourceTree errors out with the same SSL error:

abort: error: _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://hpcrl-temp.cse.ohio-state.edu/hg/projects/ddg-analysis/info/refs
fatal: HTTP request failed

Kirk Stork May 08, 2012

What about for Git repositories? There's an environment variable for Git to deal with this

GIT_SSL_NO_VERIFY=1

But I can't get SourceTree to see it. I've tried setting it in my regular ~/.profile and also in .MacOSX/environment.plist

Steve Streeting May 09, 2012

Hmm, SourceTree passes on its environment to git calls, only adding new entries where required. ~/.profile doesn't affect GUI apps so SourceTree wouldn't inherit that, but environment.plist should work. The only alternative is /etc/launchd.conf as described here: http://stackoverflow.com/questions/135688/setting-environment-variables-in-os-x

0 votes
Gili Sep 15, 2012

NOTE: Under Windows 7, the "Local System Account" home directory isn't where you'd expect. It's under C:\Windows\System32\config\systemprofile

Make sure to place mercurial.ini there!

0 votes
Bronwen Stine Jul 24, 2013

Under windows Soucetree, there is an option to disable this: Tools>Options>Git>Disable SSL Cert validation

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Sourcetree

Sourcetree for Windows - CVE-2019-11582 - Remote Code Execution vulnerability

A vulnerability has been published today in regards to Sourcetree for Windows.  The goal of this article is to give you a summary of information we have gathered from Atlassian Community as a st...

469 views 0 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you