The certificate has been flipped. New hashes are:
sha1:73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56 sha256:8e:ad:f7:6a:eb:44:06:15:ed:f3:e4:69:a6:64:60:37:2d:ff:98:88:37:bf:d7:b8:40:84:01:48:9c:26:ce:d9 You can pin these in your hgrc via: # Mercurial 3.9+ [hostsecurity] hg.mozilla.org:fingerprints = sha256:8e:ad:f7:6a:eb:44:06:15:ed:f3:e4:69:a6:64:60:37:2d:ff:98:88:37:bf:d7:b8:40:84:01:48:9c:26:ce:d9 # Mercurial <= 3.8 [hostfingerprints]hg.mozilla.org = 73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56 Please make noise in #vcs or #releng if you see breakage. On Thu, Sep 22, 2016 at 1:57 PM, Gregory Szorc <g...@mozilla.com> wrote: > hg.mozilla.org's x509 server certificate (AKA an "SSL certificate") > expires next week. > > A new certificate has already been issued and it is scheduled to be > swapped in around 2016-09-26T17:00Z (Monday September 26 10:00 PDT). The > transition may be delayed to avoid downtime in automation, which hasn't > fully prepared for the change yet. > > The only major change to the certificate is it is using SHA-256 for > signatures. This is known to not work with ancient software (such as > Windows XP SP2). We don't anticipate any major problems with this, however. > > If you pin the host fingerprint in your Mercurial config file, you'll need > to install a new fingerprint or Mercurial will refuse to connect once the > certificate is swapped. The fingerprint of the new certificate and > Mercurial config snippets for configuring it are available at > https://bugzilla.mozilla.org/show_bug.cgi?id=1147548#c12. > > It's worth noting that Mercurial 3.8+ supports pinning multiple > fingerprints per host. So, if you install the new fingerprint today, you > don't need to take action when the server certificate is swapped next week. > > If you notice any problems after the cert change, please make noise in > #vcs on IRC. > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
