From owner-freebsd-python@FreeBSD.ORG Thu Aug 30 19:36:17 2012 Return-Path: Delivered-To: python@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80651106564A for ; Thu, 30 Aug 2012 19:36:17 +0000 (UTC) (envelope-from alexander.kapshuk@gmail.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id EFF7D8FC08 for ; Thu, 30 Aug 2012 19:36:16 +0000 (UTC) Received: by lbbgg13 with SMTP id gg13so918069lbb.13 for ; Thu, 30 Aug 2012 12:36:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=bQfbp9UgsHXJQRGYymaXuLXqQfqTQg1UJTIUzXJaCo8=; b=u3jGRsXvZICDcEUzyJHydimnaRKk6OrSD6utgKmIu/oKbNb/KX9uDTjyviLY/VaTlx KgQJ5nFT77e3vYHMJkU6kyIPSsFXR9XfF1PRSVUwc+LWy1MqQv1xiH5SQ9HpuUgYu8ow 6roPmS3I3lliUymQESkjIxJkSQc/OH7LcJH3f1fJMmCPe97T8SzV4LW8WtF7kstb12JP 6EFAKWFHuV0oTIWrGgGXIH8/WEOvoj5aEzMsAYXcWtL+cdX/0/rbLexisLmXv8oCVO3q nJX5fESyHhkWxavQQPBgjGXOYD1ozq02pUZpwZi8NQAumhbE5GIW2KqLL7eTdA6eryim DBtw== Received: by 10.112.103.71 with SMTP id fu7mr1702807lbb.21.1346355374919; Thu, 30 Aug 2012 12:36:14 -0700 (PDT) Received: from [192.168.1.2] (93-127-96-97.static.vega-ua.net. [93.127.96.97]) by mx.google.com with ESMTPS id lq10sm2543746lab.15.2012.08.30.12.36.13 (version=SSLv3 cipher=OTHER); Thu, 30 Aug 2012 12:36:14 -0700 (PDT) Message-ID: <503FC0AC.3090704@gmail.com> Date: Thu, 30 Aug 2012 22:36:12 +0300 From: Alexander Kapshuk User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120726 Icedove/3.0.11 MIME-Version: 1.0 To: Ruslan Mahmatkhanov References: <50312651.7020202@gmail.com> <503E66B5.2020809@yandex.ru> <503E7CF0.3040802@gmail.com> <503FBB43.2050507@yandex.ru> In-Reply-To: <503FBB43.2050507@yandex.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: python@FreeBSD.org Subject: Re: Mercurial CA Certificates X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Aug 2012 19:36:17 -0000 On 08/30/2012 10:13 PM, Ruslan Mahmatkhanov wrote: >>> As far I understand, FreeBSD doesn't come prepackaged with root CA >>> certificates like other systems do (it's not 146%, but seems so). So, >>> I'd follow recommendation from [1] in part "2.7. Other platforms". >>> >>> - download CA list from [2] >>> - put this lines into your ~/.hgrc: >>> >>> [web] >>> cacerts = /place/where/you/put/cacert.pem >>> >>> Hope this helps. >>> >>> [1] http://mercurial.selenic.com/wiki/CACertificates >>> [2] http://curl.haxx.se/docs/caextract.html >>> >> OK. Thanks. I'll give that a try. > > Just realized that there is security/ca_root_nss that installs the > certs into /usr/local/share/certs and the port itself asks if you want > to create symlink to it in /etc/ssl/cert.pem. You may add any of them > into your ~/.hgrc. Please let me know if it works for you, and if it > is, it should be added into mercurial's wiki, and maybe to our > mercurial port as pkg-message or so. I haven't had a chance to try your initial suggestion yet. I'm willing to give the security/ca_root_nss port a try first over the next couple of days. I'll let you and the mailing list know how I go. Thanks.