Hi, A quick note for future reference:
Older 'hg' clients do not support SNI (Server Name Indication, https://en.wikipedia.org/wiki/Server_Name_Indication ). Savannah uses SNI to serve hg repositories over https (together with cvs/svn/bzr and soon git). The symptom is: $ hg clone https://hg.sv.gnu.org/hgweb/test-project/ abort: hg.sv.gnu.org certificate error: certificate is for \ bzr.savannah.gnu.org, bzr.savannah.nongnu.org, bzr.sv.gnu.org, \ bzr.sv.nongnu.org (configure hostfingerprint \ c0:50:9b:12:09:6c:d7:f4:7e:3e:7d:d8:eb:17:a3:8b:17:ad:36:77 or \ use --insecure to connect insecurely) Easily reproduced with: $ openssl s_client -connect hg.sv.gnu.org:443 < /dev/null 2>&1 \ | grep ^subject subject=/CN=bzr.savannah.gnu.org $ openssl s_client -servername hg.sv.gnu.org \ -connect hg.sv.gnu.org:443 < /dev/null 2>&1 \ | grep ^subject subject=/CN=hg.savannah.gnu.org Also discussed here: https://www.mercurial-scm.org/wiki/SecureConnections Possible workarounds include: 1. Use 'http' instead of 'https' 2. Use '--insecure' : hg clone --insecure https://hg.sv.gnu.org/hgweb/test-project/ 3. Add the fingerprint to your '.hgrc' file: $ FP=c0:50:9b:12:09:6c:d7:f4:7e:3e:7d:d8:eb:17:a3:8b:17:ad:36:77 $ cat<<EOF>>.hgrc [hostfingerprints] hg.sv.gnu.org = $FP hg.sv.nongnu.org = $FP hg.savannah.gnu.org = $FP hg.savannah.nongnu.org = $FP EOF (though note that this is fingerprint might change in the future, and it's rather arbitrary that 'bzr' certificate is used instead of another). 4. Upgrade 'hg' (and/or the underlying python setup). comments welcomed, - assaf
