How to entirely disable SSL certificate checks in Mercurial / TortoiseHg?
I'm looking for a way to make --insecure
option the default one for any hg
\ TortoiseHg command.
Please don't write this is a bad practice - I aware about possible risks and consider they're fully acceptable.
If your goal is to eliminate certificate fingerprint warnings during push/pull, there's a better way to do this. Use the [hostfingerprints] in .hg/hgrc (or ~/.hgrc -- see comments).
[hostfingerprints]
server.example.org = 38:76:52:7c:87:26:9a:8f:4a:f8:d3:de:08:45:3b:ea:d6:4b:ee:cc
This will eliminate the warnings without eliminating the security checks.
Note: I see from your comments to another answer that you've already found this solution. I'm posting this anyway in case someone else has the same problem.
Setting cacerts
in the [web]
section to the empty string looks to be the same thing. From the source:
if cmdoptions.get('insecure', False):
ui.setconfig('web', 'cacerts', '!', '--insecure')
which the wiki confirms:
Sometimes it may be expedient to disable security checks, for instance when dealing with hosts with self-signed certificates. This can be done by disabling the CA certificate configuration on the command line:
hg push --config web.cacerts= https://self-signed-host/repo
So putting cacerts=!
in the [web]
section of your global hgrc (/etc/mercurial/hgrc
on linux-likes) will get you there.
You can use aliases to achieve that. Add this to your .hgrc
:
[alias]
push = push --insecure
Problem is you wil have to do this for each command you want to use and I suggest you use different names for your aliases than the default one.
As far as I know, there's no way to enforce --insecure
for all commands "automatically".