how to set-up HTTPS authentication with client certificate and passwords

J.S. van Bethlehem j.s.van.bethlehem at astro.rug.nl
Wed Oct 28 09:09:28 CDT 2009 

I have a working repo over https. All I need to do is to put in the
[paths] section and it works. But to be honest, the certificate part is
not dealt with by myself, so maybe that makes a difference.

Looking at the traceback I suspect the problem is not in the [auth]
section, but in a wrong path. You wrote a http-url there. I think you
need to write a directory on the server there, eg I have:

  repo = /data/users/<username>/<path to repository>

Greetsz, Jakob


Igor Lautar wrote:
> Hi All,
> 
> We are setting up a repo served by hgwebdir over https. Apache
> requires client to have certificate issued by this server.
> 
> I have .pam file that I've imported into firefox and are able to access repo.
> 
> Now I want to clone repo using hg (or use existing repo and
> authenticate to this repo).
> 
>>From docs, I've seen that [auth] section should be used:
> 
> [paths]
> default = https://<server>/<repo>
> 
> [auth]
> rc.prefix = <server>
> rc.username = <username>
> rc.password = <password>
> rc.key = <key>
> rc.cert = <cert>
> rc.schemes = https
> 
> where <key> is .pam file I've also imported to FF and <cert> is
> authority cerfiticate I've accepted in FF and exported for HG to use.
> 
> However, it seams [auth] section is ignored (or at least not working
> with this configuration):
> 
> $ hg --traceback pull
> Traceback (most recent call last):
>   File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 43,
> in _runcatch
>     return _dispatch(ui, args)
>   File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 449,
> in _dispatch
>     return runcommand(lui, repo, cmd, fullargs, ui, options, d)
>   File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 317,
> in runcommand
>     ret = _runcommand(ui, options, cmd, d)
>   File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 501,
> in _runcommand
>     return checkargs()
>   File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 454,
> in checkargs
>     return cmdfunc()
>   File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 448,
> in <lambda>
>     d = lambda: util.checksignature(func)(ui, *args, **cmdoptions)
>   File "/usr/lib/pymodules/python2.6/mercurial/util.py", line 402, in check
>     return func(*args, **kwargs)
>   File "/usr/lib/pymodules/python2.6/mercurial/commands.py", line 2287, in pull
>     other = hg.repository(cmdutil.remoteui(repo, opts), source)
>   File "/usr/lib/pymodules/python2.6/mercurial/hg.py", line 63, in repository
>     repo = _lookup(path).instance(ui, path, create)
>   File "/usr/lib/pymodules/python2.6/mercurial/httprepo.py", line 254,
> in instance
>     inst.between([(nullid, nullid)])
>   File "/usr/lib/pymodules/python2.6/mercurial/httprepo.py", line 175,
> in between
>     d = self.do_read("between", pairs=n)
>   File "/usr/lib/pymodules/python2.6/mercurial/httprepo.py", line 126,
> in do_read
>     fp = self.do_cmd(cmd, **args)
>   File "/usr/lib/pymodules/python2.6/mercurial/httprepo.py", line 79, in do_cmd
>     resp = self.urlopener.open(urllib2.Request(cu, data, headers))
>   File "/usr/lib/python2.6/urllib2.py", line 389, in open
>     response = self._open(req, data)
>   File "/usr/lib/python2.6/urllib2.py", line 407, in _open
>     '_open', req)
>   File "/usr/lib/python2.6/urllib2.py", line 367, in _call_chain
>     result = func(*args)
>   File "/usr/lib/pymodules/python2.6/mercurial/url.py", line 425, in https_open
>     return self.do_open(self._makeconnection, req)
>   File "/usr/lib/pymodules/python2.6/mercurial/keepalive.py", line
> 248, in do_open
>     raise urllib2.URLError(err)
> URLError: <urlopen error [Errno 1] _ssl.c:480: error:14094410:SSL
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure>
> abort: error: _ssl.c:480: error:14094410:SSL
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
> 
> 
> 
> Running 1.3.1 on kubuntu karmic:
> 
> $ hg --version
> Mercurial Distributed SCM (version 1.3.1)
> 
> Copyright (C) 2005-2009 Matt Mackall <mpm at selenic.com> and others
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> 
> $ uname -a
> Linux arrow 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:05:01 UTC
> 2009 x86_64 GNU/Linux
> 
> Any ideas?
> 
> Regards,
> Igor
> _______________________________________________
> Mercurial mailing list
> Mercurial at selenic.com
> http://selenic.com/mailman/listinfo/mercurial

More information about the Mercurial mailing list