info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Help Needed : check hostfingerprints or web.cacerts config setting
152 views
Skip to first unread message
harshad wadkar
May 4, 2017, 9:21:55 AM5/4/17
to dev-versi...@lists.mozilla.org
Respected Madam / Sir,
I would like to use Marionette harness for testing.
For that I have installed marionette harness using
pip install marionette_harness (https://pypi.org/project/marionette-harness/
)
The python scripts in the downloaded harness looked outdated.
Tried to pull and update your local copy of mozilla-central using
hg clone http://hg.mozilla.org/mozilla-central/
But getting (check hostfingerprints or web.cacerts config setting) warning
& there is abort operation after sometime. The details given below :
root@ubuntu:/home/harshad# hg clone http://hg.mozilla.org/mozilla-central/
warning: hg.mozilla.org certificate with fingerprint
73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56 not verified
(check hostfingerprints or web.cacerts config setting)
real URL is https://hg.mozilla.org/mozilla-central/
destination directory: mozilla-central
applying clone bundle from
https://s3-us-west-2.amazonaws.com/moz-hg-bundles-us-west-2/mozilla-central/4a6a71f4aa22e4dc3961884ce505ce34bdd799a2.gzip-v2.hg
warning: s3-us-west-2.amazonaws.com certificate with fingerprint
9d:35:10:89:3f:58:cb:5b:7a:89:54:d2:25:9c:67:84:c4:a9:8e:01 not verified
(check hostfingerprints or web.cacerts config setting)
adding changesets
adding
manifests
adding file
changes
transaction
abort!
rollback
completed
abort: stream ended unexpectedly (got 237434 bytes, expected 359992937)
root@ubuntu:/home/harshad#
I have 02 queries :
1. How to solve the above problem?
2. When I tried clone process without superuser credentials, I got the
process abort immediately.
harshad@ubuntu:~$ hg clone http://hg.mozilla.org/mozilla-central/
abort: certificate for hg.mozilla.org has unexpected fingerprint
73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56
(check hostfingerprint configuration)
harshad@ubuntu:~$
My query here is then why the clone process (under superuser credentials),
added changesets, manifests and downloaded 237434 bytes, ideally it should
have aborted immediately?
Initially, I have asked Henrik Skupin sir (Senior Software Engineer,
Mozilla Corporation) about query 1, he suggested me to ask in the
mozilla.dev.version-controls mailing list for help.
Requesting you to help me in solving the problem.
Waiting for your reply.
Thanks & Regards
Harshad
I would like to use Marionette harness for testing.
For that I have installed marionette harness using
pip install marionette_harness (https://pypi.org/project/marionette-harness/
)
The python scripts in the downloaded harness looked outdated.
Tried to pull and update your local copy of mozilla-central using
hg clone http://hg.mozilla.org/mozilla-central/
But getting (check hostfingerprints or web.cacerts config setting) warning
& there is abort operation after sometime. The details given below :
root@ubuntu:/home/harshad# hg clone http://hg.mozilla.org/mozilla-central/
warning: hg.mozilla.org certificate with fingerprint
73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56 not verified
(check hostfingerprints or web.cacerts config setting)
real URL is https://hg.mozilla.org/mozilla-central/
destination directory: mozilla-central
applying clone bundle from
https://s3-us-west-2.amazonaws.com/moz-hg-bundles-us-west-2/mozilla-central/4a6a71f4aa22e4dc3961884ce505ce34bdd799a2.gzip-v2.hg
warning: s3-us-west-2.amazonaws.com certificate with fingerprint
9d:35:10:89:3f:58:cb:5b:7a:89:54:d2:25:9c:67:84:c4:a9:8e:01 not verified
(check hostfingerprints or web.cacerts config setting)
adding changesets
adding
manifests
adding file
changes
transaction
abort!
rollback
completed
abort: stream ended unexpectedly (got 237434 bytes, expected 359992937)
root@ubuntu:/home/harshad#
I have 02 queries :
1. How to solve the above problem?
2. When I tried clone process without superuser credentials, I got the
process abort immediately.
harshad@ubuntu:~$ hg clone http://hg.mozilla.org/mozilla-central/
abort: certificate for hg.mozilla.org has unexpected fingerprint
73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56
(check hostfingerprint configuration)
harshad@ubuntu:~$
My query here is then why the clone process (under superuser credentials),
added changesets, manifests and downloaded 237434 bytes, ideally it should
have aborted immediately?
Initially, I have asked Henrik Skupin sir (Senior Software Engineer,
Mozilla Corporation) about query 1, he suggested me to ask in the
mozilla.dev.version-controls mailing list for help.
Requesting you to help me in solving the problem.
Waiting for your reply.
Thanks & Regards
Harshad
Gregory Szorc
May 4, 2017, 1:53:00 PM5/4/17
to harshad wadkar, dev-version-control
On Thu, May 4, 2017 at 4:52 AM, harshad wadkar <harshad...@gmail.com>
wrote:
> Respected Madam / Sir,
>
> I would like to use Marionette harness for testing.
>
> For that I have installed marionette harness using
> pip install marionette_harness (https://pypi.org/project/
> marionette-harness/
> )
>
> The python scripts in the downloaded harness looked outdated.
>
> Tried to pull and update your local copy of mozilla-central using
> hg clone http://hg.mozilla.org/mozilla-central/
>
> But getting (check hostfingerprints or web.cacerts config setting) warning
> & there is abort operation after sometime. The details given below :
>
> root@ubuntu:/home/harshad# hg clone http://hg.mozilla.org/mozilla-central/
> warning: hg.mozilla.org certificate with fingerprint
> 73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56 not verified
> (check hostfingerprints or web.cacerts config setting)
>
Mercurial 3.9+ refuses to connect to servers insecurely. The fact you are
getting a warning here tells me you are using an old Mercurial client with
less secure defaults. You should upgrade if possible, otherwise you are
susceptible to MitM attacks.
> real URL is https://hg.mozilla.org/mozilla-central/
> destination directory: mozilla-central
> applying clone bundle from
> https://s3-us-west-2.amazonaws.com/moz-hg-bundles-
> us-west-2/mozilla-central/4a6a71f4aa22e4dc3961884ce505ce
> 34bdd799a2.gzip-v2.hg
You must be cloning from within AWS because our servers advertise S3 URLs
for "clone bundles" within AWS IP addresses. That's fine.
What is weird about this (and not related to your original post) is that it
is attempting to clone a gzip-v2 bundle instead of the "streaming" one. The
URL should end with "packed1.hg." I suspect something is setting the
ui.clonebundleprefers config option to override the defaults. This is not
cool!
>
> warning: s3-us-west-2.amazonaws.com certificate with fingerprint
> 9d:35:10:89:3f:58:cb:5b:7a:89:54:d2:25:9c:67:84:c4:a9:8e:01 not verified
> (check hostfingerprints or web.cacerts config setting)
>
This means that your Mercurial client hasn't loaded the CA certificate for
s3-us-west-2.amazonaws.com and therefore can't trust the connection. (Same
deal as the warning for hg.mozilla.org above.)
The certificate chains are:
0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=*.
s3-us-west-2.amazonaws.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Baltimore CA-2 G2
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Baltimore CA-2 G2
i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
0 s:/C=US/ST=California/L=Mountain View/O=Mozilla Foundation/CN=
hg.mozilla.org
i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
So your client doesn't have a few DigiCert root CAs loaded. These are
pretty common certificates. So either your Mercurial client isn't
configured to load a CA store (if this happens with a system package then
the package maintainer has failed) or your CA store is out of date.
You can resolve the problem by having your global hgrc (usually
/etc/mercurial/hgrc) have a `[web] cacerts=/path/to/file` pointing to an
up-to-date CA certificate bundle file. This is documented at
https://www.mercurial-scm.org/wiki/SecureConnections
> adding changesets
> adding
> manifests
> adding file
> changes
> transaction
> abort!
> rollback
> completed
> abort: stream ended unexpectedly (got 237434 bytes, expected 359992937)
>
This very poor error message should be fixed in the just-released Mercurial
4.2.
> root@ubuntu:/home/harshad#
>
> I have 02 queries :
> 1. How to solve the above problem?
> 2. When I tried clone process without superuser credentials, I got the
> process abort immediately.
>
> harshad@ubuntu:~$ hg clone http://hg.mozilla.org/mozilla-central/
> abort: certificate for hg.mozilla.org has unexpected fingerprint
> 73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56
> (check hostfingerprint configuration)
> harshad@ubuntu:~$
>
> My query here is then why the clone process (under superuser credentials),
> added changesets, manifests and downloaded 237434 bytes, ideally it should
> have aborted immediately?
>
> Initially, I have asked Henrik Skupin sir (Senior Software Engineer,
> Mozilla Corporation) about query 1, he suggested me to ask in the
> mozilla.dev.version-controls mailing list for help.
>
> Requesting you to help me in solving the problem.
>
> Waiting for your reply.
>
> Thanks & Regards
>
> Harshad
> _______________________________________________
> dev-version-control mailing list
> dev-versi...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-version-control
>
wrote:
> Respected Madam / Sir,
>
> I would like to use Marionette harness for testing.
>
> For that I have installed marionette harness using
> pip install marionette_harness (https://pypi.org/project/
> marionette-harness/
> )
>
> The python scripts in the downloaded harness looked outdated.
>
> Tried to pull and update your local copy of mozilla-central using
> hg clone http://hg.mozilla.org/mozilla-central/
>
> But getting (check hostfingerprints or web.cacerts config setting) warning
> & there is abort operation after sometime. The details given below :
>
> root@ubuntu:/home/harshad# hg clone http://hg.mozilla.org/mozilla-central/
> warning: hg.mozilla.org certificate with fingerprint
> 73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56 not verified
> (check hostfingerprints or web.cacerts config setting)
>
getting a warning here tells me you are using an old Mercurial client with
less secure defaults. You should upgrade if possible, otherwise you are
susceptible to MitM attacks.
> real URL is https://hg.mozilla.org/mozilla-central/
> destination directory: mozilla-central
> applying clone bundle from
> https://s3-us-west-2.amazonaws.com/moz-hg-bundles-
> us-west-2/mozilla-central/4a6a71f4aa22e4dc3961884ce505ce
> 34bdd799a2.gzip-v2.hg
for "clone bundles" within AWS IP addresses. That's fine.
What is weird about this (and not related to your original post) is that it
is attempting to clone a gzip-v2 bundle instead of the "streaming" one. The
URL should end with "packed1.hg." I suspect something is setting the
ui.clonebundleprefers config option to override the defaults. This is not
cool!
>
> warning: s3-us-west-2.amazonaws.com certificate with fingerprint
> 9d:35:10:89:3f:58:cb:5b:7a:89:54:d2:25:9c:67:84:c4:a9:8e:01 not verified
> (check hostfingerprints or web.cacerts config setting)
>
s3-us-west-2.amazonaws.com and therefore can't trust the connection. (Same
deal as the warning for hg.mozilla.org above.)
The certificate chains are:
0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=*.
s3-us-west-2.amazonaws.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Baltimore CA-2 G2
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Baltimore CA-2 G2
i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
0 s:/C=US/ST=California/L=Mountain View/O=Mozilla Foundation/CN=
hg.mozilla.org
i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
So your client doesn't have a few DigiCert root CAs loaded. These are
pretty common certificates. So either your Mercurial client isn't
configured to load a CA store (if this happens with a system package then
the package maintainer has failed) or your CA store is out of date.
You can resolve the problem by having your global hgrc (usually
/etc/mercurial/hgrc) have a `[web] cacerts=/path/to/file` pointing to an
up-to-date CA certificate bundle file. This is documented at
https://www.mercurial-scm.org/wiki/SecureConnections
> adding changesets
> adding
> manifests
> adding file
> changes
> transaction
> abort!
> rollback
> completed
> abort: stream ended unexpectedly (got 237434 bytes, expected 359992937)
>
4.2.
> root@ubuntu:/home/harshad#
>
> I have 02 queries :
> 1. How to solve the above problem?
> 2. When I tried clone process without superuser credentials, I got the
> process abort immediately.
>
> harshad@ubuntu:~$ hg clone http://hg.mozilla.org/mozilla-central/
> abort: certificate for hg.mozilla.org has unexpected fingerprint
> 73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56
> (check hostfingerprint configuration)
> harshad@ubuntu:~$
>
> My query here is then why the clone process (under superuser credentials),
> added changesets, manifests and downloaded 237434 bytes, ideally it should
> have aborted immediately?
>
> Initially, I have asked Henrik Skupin sir (Senior Software Engineer,
> Mozilla Corporation) about query 1, he suggested me to ask in the
> mozilla.dev.version-controls mailing list for help.
>
> Requesting you to help me in solving the problem.
>
> Waiting for your reply.
>
> Thanks & Regards
>
> Harshad
> dev-version-control mailing list
> dev-versi...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-version-control
>
0 new messages