"ssl required" while trying to push to https-repository

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

"ssl required" while trying to push to https-repository

Andreas Piening
Hi mercurial-list,

I use mercurial 1.0.1-r2 and want to share my repositories with  
hgwebdir.cgi. I configured apache2 for ssl (https) and authentication  
and to use the hgwebdir.cgi for directory-listing and I rewrite  
anything to hgwebdir.cgi. ATM it looks like this:

<VirtualHost *:443>
         ServerName hg.myrepository.de
         DocumentRoot "/var/hg/hg.myrepository.de/"

         RewriteEngine On
         RewriteRule ^/(.*) /hgwebdir.cgi/$1

         <Directory "/var/hg/hg.myrepository.de/">
                 DirectoryIndex hgwebdir.cgi
                 AddHandler cgi-script .cgi
                 Options +ExecCGI +FollowSymLinks
                 AllowOverride None

                 # Controls who can get stuff from this server.
                 Order allow,deny
                 Allow from all

                 AuthUserFile /var/hg/hg.myrepository.de/.htpasswd
                 AuthName "My Mercurial Repositories"
                 AuthType Basic
                 Require valid-user
         </Directory>

         <IfModule mpm_peruser_module>
                 ServerEnvironment apache apache
         </IfModule>
</VirtualHost>

Since I want allways want use https for clone/pull AND push, I created  
a http-vhost which just redirects to this https-one. But I use https  
directly in my tests.

Everythin except pushing works out of the box:
I can access the hgwebdir and it shows up my testrepository.
The authentication works, and I can browse the repository and see  
changes that I've made on my testrepository directly on the filesystem.
I can clone the repository from https. The authentication comes up,  
works like a charm.

But when I do any sort of push, like
hg push https://hg.myrepository.de/testrepository/

I get this:
pushing to https://hg.myrepository.de/testrepository/
http authorization required
realm: My Mercurial Repositories
user: testuser
password:
searching for changes
ssl required

Seems like the searching for changes works, but then this "ssl  
required" message comes up.

Any help or hint would be appreciated.

Thank you in advance

Andreas Piening
_______________________________________________
Mercurial mailing list
[hidden email]
http://selenic.com/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Fwd: "ssl required" while trying to push to https-repository

Andreas Piening
Hi mercurial-list,

I'm not sure if you've received my last email, since I have not  
received my request back over the list:

I continued trying to get hg push to work over https, without luck.
I generally followed this guide: http://www.selenic.com/mercurial/wiki/index.cgi/HgWebDirStepByStep
I also completed my apache-config from here: http://www.dpshp.de/howtos/howto_hg.html
And I found another one with my problem (feels good not to be alone): http://www.nabble.com/Getting-%22ssl-required%22-when-using-an-https-URL-to15887836.html#a15887836

Can anyone give me a hint what may be wrong with my configuration?  
(see below)
Or can someone assist in debugging this problem?

Thank you in advance!

Andreas Piening

P.S. please read the original mail below =>

Anfang der weitergeleiteten E-Mail:

> Von: Andreas Piening <[hidden email]>
> Datum: 23. August 2008 18:05:50 MESZ
> An: [hidden email]
> Betreff: "ssl required" while trying to push to https-repository
>
> Hi mercurial-list,
>
> I use mercurial 1.0.1-r2 and want to share my repositories with  
> hgwebdir.cgi. I configured apache2 for ssl (https) and  
> authentication and to use the hgwebdir.cgi for directory-listing and  
> I rewrite anything to hgwebdir.cgi. ATM it looks like this:
>
> <VirtualHost *:443>
>        ServerName hg.myrepository.de
>        DocumentRoot "/var/hg/hg.myrepository.de/"
>
>        RewriteEngine On
>        RewriteRule ^/(.*) /hgwebdir.cgi/$1
>
>        <Directory "/var/hg/hg.myrepository.de/">
>                DirectoryIndex hgwebdir.cgi
>                AddHandler cgi-script .cgi
>                Options +ExecCGI +FollowSymLinks
>                AllowOverride None
>
>                # Controls who can get stuff from this server.
>                Order allow,deny
>                Allow from all
>
>                AuthUserFile /var/hg/hg.myrepository.de/.htpasswd
>                AuthName "My Mercurial Repositories"
>                AuthType Basic
>                Require valid-user
>        </Directory>
>
>        <IfModule mpm_peruser_module>
>                ServerEnvironment apache apache
>        </IfModule>
> </VirtualHost>
>
> Since I want allways want use https for clone/pull AND push, I  
> created a http-vhost which just redirects to this https-one. But I  
> use https directly in my tests.
>
> Everythin except pushing works out of the box:
> I can access the hgwebdir and it shows up my testrepository.
> The authentication works, and I can browse the repository and see  
> changes that I've made on my testrepository directly on the  
> filesystem.
> I can clone the repository from https. The authentication comes up,  
> works like a charm.
>
> But when I do any sort of push, like
> hg push https://hg.myrepository.de/testrepository/
>
> I get this:
> pushing to https://hg.myrepository.de/testrepository/
> http authorization required
> realm: My Mercurial Repositories
> user: testuser
> password:
> searching for changes
> ssl required
>
> Seems like the searching for changes works, but then this "ssl  
> required" message comes up.
>
> Any help or hint would be appreciated.
>
> Thank you in advance
>
> Andreas Piening

_______________________________________________
Mercurial mailing list
[hidden email]
http://selenic.com/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

Benoit Boissinot
On Thu, Aug 28, 2008 at 12:14 AM, Andreas Piening
<[hidden email]> wrote:
> Hi mercurial-list,
>
> Can anyone give me a hint what may be wrong with my configuration?
> (see below)
> Or can someone assist in debugging this problem?
>
I don't know much with apache but I can give some hints for debugging it.

It seems hg thinks you're not using https, if you want to add some
debugging code
you can enhance the error message in mercurial/hgweb/hgweb_mod.py
(around line 360).
For example you could send the wsgi.url_scheme in the error message.

regards,

Benoit
_______________________________________________
Mercurial mailing list
[hidden email]
http://selenic.com/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

Andreas Piening
Hi Benoit,

thank you for your quick answer.

I searched the file "/usr/lib64/python2.5/site-packages/mercurial/
hgweb/hgweb_mod.py" and found one occurance of "wsgi.url_scheme", but  
it was at line 276 (mercurial 1.0.1-r3 now):

     def templater(self, req):

         # determine scheme, port and server name
         # this is needed to create absolute urls

         proto = req.env.get('wsgi.url_scheme')
         if proto == 'https':
             proto = 'https'
             default_port = "443"
         else:
             proto = 'http'
             default_port = "80"

         port = req.env["SERVER_PORT"]
         port = port != default_port and (":" + port) or ""
         urlbase = '%s://%s%s' % (proto, req.env['SERVER_NAME'], port)
         staticurl = self.config("web", "staticurl") or req.url +  
'static/'
         if not staticurl.endswith('/'):
             staticurl += '/'

I added the line
print "proto %s" % proto
directly afterthe line
proto = req.env.get('wsgi.url_scheme')
but no output occured. I checked the loggs, too.
I also tried
req.write(proto)
to see the message on the "client"-side, but it doesn't come up. Even  
if this code part has url-manipulating content, it doesn't seem to me  
that this part is reached while trying to push via https. The string  
"ssl required" does not occur in this file either.

So I grepped for it and found one occurence in the file "/usr/lib64/
python2.5/site-packages/mercurial/hgweb/protocol.py":

     # require ssl by default, auth info cannot be sniffed and
     # replayed
     ssl_req = web.configbool('web', 'push_ssl', True)
     if ssl_req:
         if req.env.get('wsgi.url_scheme') != 'https':
             bail('ssl required\n')
             return
         proto = 'https'
     else:
         proto = 'http'

I tried to comment the bail-call, and now I get a strack trace while  
trying to push to https:

Traceback (most recent call last):
   File "/Library/Python/2.5/site-packages/mercurial/dispatch.py",  
line 45, in _runcatch
     return _dispatch(ui, args)
   File "/Library/Python/2.5/site-packages/mercurial/dispatch.py",  
line 364, in _dispatch
     ret = _runcommand(ui, options, cmd, d)
   File "/Library/Python/2.5/site-packages/mercurial/dispatch.py",  
line 417, in _runcommand
     return checkargs()
   File "/Library/Python/2.5/site-packages/mercurial/dispatch.py",  
line 373, in checkargs
     return cmdfunc()
   File "/Library/Python/2.5/site-packages/mercurial/dispatch.py",  
line 356, in <lambda>
     d = lambda: func(ui, repo, *args, **cmdoptions)
   File "/Library/Python/2.5/site-packages/mercurial/commands.py",  
line 2109, in push
     r = repo.push(other, opts['force'], revs=revs)
   File "/Library/Python/2.5/site-packages/mercurial/localrepo.py",  
line 1517, in push
     if remote.capable('unbundle'):
   File "/Library/Python/2.5/site-packages/mercurial/repo.py", line  
23, in capable
     if name in self.capabilities:
   File "/Library/Python/2.5/site-packages/mercurial/httprepo.py",  
line 281, in get_caps
     self.caps = util.set(self.do_read('capabilities').split())
   File "/Library/Python/2.5/site-packages/mercurial/httprepo.py",  
line 350, in do_read
     fp = self.do_cmd(cmd, **args)
   File "/Library/Python/2.5/site-packages/mercurial/httprepo.py",  
line 304, in do_cmd
     resp = urllib2.urlopen(request(cu, data, headers))
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 121, in urlopen
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 380, in open
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 491, in http_response
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 412, in error
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 353, in _call_chain
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 816, in http_error_401
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 794, in http_error_auth_reqed
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 804, in retry_http_basic_auth
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 380, in open
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 491, in http_response
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 418, in error
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 353, in _call_chain
   File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/
python2.5/urllib2.py", line 499, in http_error_default
HTTPError: HTTP Error 500: Internal Server Error
abort: HTTP Error 500: Internal Server Error

So it seems you're right: hg thinks I use http. I have no idea why,  
anyone?

Thank you in advance,

Andreas

Am 28.08.2008 um 00:24 schrieb Benoit Boissinot:

> On Thu, Aug 28, 2008 at 12:14 AM, Andreas Piening
> <[hidden email]> wrote:
>> Hi mercurial-list,
>>
>> Can anyone give me a hint what may be wrong with my configuration?
>> (see below)
>> Or can someone assist in debugging this problem?
>>
> I don't know much with apache but I can give some hints for  
> debugging it.
>
> It seems hg thinks you're not using https, if you want to add some
> debugging code
> you can enhance the error message in mercurial/hgweb/hgweb_mod.py
> (around line 360).
> For example you could send the wsgi.url_scheme in the error message.
>
> regards,
>
> Benoit

_______________________________________________
Mercurial mailing list
[hidden email]
http://selenic.com/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

Benoit Boissinot
On Thu, Aug 28, 2008 at 1:12 AM, Andreas Piening
<[hidden email]> wrote:
> Hi Benoit,
>
> thank you for your quick answer.
>
> I searched the file
> "/usr/lib64/python2.5/site-packages/mercurial/hgweb/hgweb_mod.py" and found
> one occurance of "wsgi.url_scheme", but it was at line 276 (mercurial
> 1.0.1-r3 now):

Sorry, I pointed to the wrong file, I was looking at crew-tip.

>
> So I grepped for it and found one occurence in the file
> "/usr/lib64/python2.5/site-packages/mercurial/hgweb/protocol.py":
>
>    # require ssl by default, auth info cannot be sniffed and
>    # replayed
>    ssl_req = web.configbool('web', 'push_ssl', True)
>    if ssl_req:
>        if req.env.get('wsgi.url_scheme') != 'https':
>            bail('ssl required\n')
>            return
>        proto = 'https'
>    else:
>        proto = 'http'
>
> I tried to comment the bail-call, and now I get a strack trace while trying
> to push to https:
>

Can you change the bail call to : bail('ssl required (found: %s)' %
req.env.get('wsgi.url_scheme')) ?
If it's http, I don't really know what the problem is, maybe something
in your apache configuration.
(btw you should have the same problem when browsing the repo, the urls
will start with http)

regards,

Benoit
_______________________________________________
Mercurial mailing list
[hidden email]
http://selenic.com/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

Andreas Piening
Hi Benoit, hi mercurial list,

I have changed the line to the value you suggested, and I get "ssl  
required (found: http)". This is very strange, since the https should  
be extracted from my default-push-url which starts with https.
Anyways, the extraction of the https from the url is not the only  
problem. I hard-coded the proto to https but then I get the stack-trace.

Am 28.08.2008 um 09:59 schrieb Benoit Boissinot:

> On Thu, Aug 28, 2008 at 1:12 AM, Andreas Piening
> <[hidden email]> wrote:
>> Hi Benoit,
>>
>> thank you for your quick answer.
>>
>> I searched the file
>> "/usr/lib64/python2.5/site-packages/mercurial/hgweb/hgweb_mod.py"  
>> and found
>> one occurance of "wsgi.url_scheme", but it was at line 276 (mercurial
>> 1.0.1-r3 now):
>
> Sorry, I pointed to the wrong file, I was looking at crew-tip.
>>
>> So I grepped for it and found one occurence in the file
>> "/usr/lib64/python2.5/site-packages/mercurial/hgweb/protocol.py":
>>
>>   # require ssl by default, auth info cannot be sniffed and
>>   # replayed
>>   ssl_req = web.configbool('web', 'push_ssl', True)
>>   if ssl_req:
>>       if req.env.get('wsgi.url_scheme') != 'https':
>>           bail('ssl required\n')
>>           return
>>       proto = 'https'
>>   else:
>>       proto = 'http'
>>
>> I tried to comment the bail-call, and now I get a strack trace  
>> while trying
>> to push to https:
>>
>
> Can you change the bail call to : bail('ssl required (found: %s)' %
> req.env.get('wsgi.url_scheme')) ?
> If it's http, I don't really know what the problem is, maybe something
> in your apache configuration.
> (btw you should have the same problem when browsing the repo, the urls
> will start with http)
>
> regards,
>
> Benoit

_______________________________________________
Mercurial mailing list
[hidden email]
http://selenic.com/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

Benoit Boissinot
On Thu, Aug 28, 2008 at 8:37 PM, Andreas Piening
<[hidden email]> wrote:
> Hi Benoit, hi mercurial list,
>
> I have changed the line to the value you suggested, and I get "ssl required
> (found: http)". This is very strange, since the https should be extracted
> from my default-push-url which starts with https.
> Anyways, the extraction of the https from the url is not the only problem. I
> hard-coded the proto to https but then I get the stack-trace.
>

It's probably some apache configuration problem then :/

In your first mail you said:
> Since I want allways want use https for clone/pull AND push, I created
> a http-vhost which just redirects to this https-one. But I use https
> directly in my tests.

Maybe it's related, try not to create any http vhost (maybe what I'm saying
doesn't make sense, then ignore it :)

regards,

Benoit
_______________________________________________
Mercurial mailing list
[hidden email]
http://selenic.com/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

Andreas Piening
Hi Benoit,

I have removed the http-host, but it has not been accessed while I was  
trying to push: I have checked this in the access-log.
However, it doesn't do a change to my error.

I'm new to mercurial and this is my first setup, but following the  
setup-guide I have no reason for this mysterious error to occur.
I have no idea what could force mercurial not to use https, while the  
web-directory is accessable with the same URL.

Is there anything known about problems with self-signed SSL-
certificates with mercurial?

Thank you in advance,

Andreas Piening

Am 28.08.2008 um 20:51 schrieb Benoit Boissinot:

> On Thu, Aug 28, 2008 at 8:37 PM, Andreas Piening
> <[hidden email]> wrote:
>> Hi Benoit, hi mercurial list,
>>
>> I have changed the line to the value you suggested, and I get "ssl  
>> required
>> (found: http)". This is very strange, since the https should be  
>> extracted
>> from my default-push-url which starts with https.
>> Anyways, the extraction of the https from the url is not the only  
>> problem. I
>> hard-coded the proto to https but then I get the stack-trace.
>>
>
> It's probably some apache configuration problem then :/
>
> In your first mail you said:
>> Since I want allways want use https for clone/pull AND push, I  
>> created
>> a http-vhost which just redirects to this https-one. But I use https
>> directly in my tests.
>
> Maybe it's related, try not to create any http vhost (maybe what I'm  
> saying
> doesn't make sense, then ignore it :)
>
> regards,
>
> Benoit

_______________________________________________
Mercurial mailing list
[hidden email]
http://selenic.com/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

marco.behler
Hi Andreas,
I'm having the very same problem (using Nginx instead of Apache, though). Have you found a solution yet?

Furthermore, I'm running Debian Etch, with Mercurial 1.0.1.

Andreas Piening wrote
Hi Benoit,

I have removed the http-host, but it has not been accessed while I was  
trying to push: I have checked this in the access-log.
However, it doesn't do a change to my error.

I'm new to mercurial and this is my first setup, but following the  
setup-guide I have no reason for this mysterious error to occur.
I have no idea what could force mercurial not to use https, while the  
web-directory is accessable with the same URL.

Is there anything known about problems with self-signed SSL-
certificates with mercurial?

Thank you in advance,

Andreas Piening

Am 28.08.2008 um 20:51 schrieb Benoit Boissinot:

> On Thu, Aug 28, 2008 at 8:37 PM, Andreas Piening
> <andreas.piening@rrz.uni-hamburg.de> wrote:
>> Hi Benoit, hi mercurial list,
>>
>> I have changed the line to the value you suggested, and I get "ssl  
>> required
>> (found: http)". This is very strange, since the https should be  
>> extracted
>> from my default-push-url which starts with https.
>> Anyways, the extraction of the https from the url is not the only  
>> problem. I
>> hard-coded the proto to https but then I get the stack-trace.
>>
>
> It's probably some apache configuration problem then :/
>
> In your first mail you said:
>> Since I want allways want use https for clone/pull AND push, I  
>> created
>> a http-vhost which just redirects to this https-one. But I use https
>> directly in my tests.
>
> Maybe it's related, try not to create any http vhost (maybe what I'm  
> saying
> doesn't make sense, then ignore it :)
>
> regards,
>
> Benoit

_______________________________________________
Mercurial mailing list
Mercurial@selenic.com
http://selenic.com/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

Andreas Piening
Hi behlma,

tryed everything I know of, but no solution yet, sorry. If I get  
anything that may help to fix or solve this problem, I'll post it to  
the list.

Please can you tell me, if you use a self-signed SSL-certificate, too?

Thank you in advance,

Andreas

Am 04.09.2008 um 11:20 schrieb behlma:

>
> Hi Andreas,
> I'm having the very same problem (using Nginx instead of Apache,  
> though).
> Have you found a solution yet?
>
> Furthermore, I'm running Debian Etch, with Mercurial 1.0.1.
>
>
> Andreas Piening wrote:
>>
>> Hi Benoit,
>>
>> I have removed the http-host, but it has not been accessed while I  
>> was
>> trying to push: I have checked this in the access-log.
>> However, it doesn't do a change to my error.
>>
>> I'm new to mercurial and this is my first setup, but following the
>> setup-guide I have no reason for this mysterious error to occur.
>> I have no idea what could force mercurial not to use https, while the
>> web-directory is accessable with the same URL.
>>
>> Is there anything known about problems with self-signed SSL-
>> certificates with mercurial?
>>
>> Thank you in advance,
>>
>> Andreas Piening
>>
>> Am 28.08.2008 um 20:51 schrieb Benoit Boissinot:
>>
>>> On Thu, Aug 28, 2008 at 8:37 PM, Andreas Piening
>>> <[hidden email]> wrote:
>>>> Hi Benoit, hi mercurial list,
>>>>
>>>> I have changed the line to the value you suggested, and I get "ssl
>>>> required
>>>> (found: http)". This is very strange, since the https should be
>>>> extracted
>>>> from my default-push-url which starts with https.
>>>> Anyways, the extraction of the https from the url is not the only
>>>> problem. I
>>>> hard-coded the proto to https but then I get the stack-trace.
>>>>
>>>
>>> It's probably some apache configuration problem then :/
>>>
>>> In your first mail you said:
>>>> Since I want allways want use https for clone/pull AND push, I
>>>> created
>>>> a http-vhost which just redirects to this https-one. But I use  
>>>> https
>>>> directly in my tests.
>>>
>>> Maybe it's related, try not to create any http vhost (maybe what I'm
>>> saying
>>> doesn't make sense, then ignore it :)
>>>
>>> regards,
>>>
>>> Benoit
>>
>> _______________________________________________
>> Mercurial mailing list
>> [hidden email]
>> http://selenic.com/mailman/listinfo/mercurial
>>
>>
>
> --
> View this message in context: http://www.nabble.com/%22ssl-required%22-while-trying-to-push-to-https-repository-tp19123064p19304703.html
> Sent from the Mercurial mailing list archive at Nabble.com.
>
> _______________________________________________
> Mercurial mailing list
> [hidden email]
> http://selenic.com/mailman/listinfo/mercurial

_______________________________________________
Mercurial mailing list
[hidden email]
http://selenic.com/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

marco.behler

Andreas Piening wrote
>Please can you tell me, if you use a self-signed SSL-certificate, too?
Yep.
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

marco.behler
Andreas,
could it be that we are missing a library? Anything? Me. Wants. SSL.


behlma wrote
Andreas Piening wrote
>Please can you tell me, if you use a self-signed SSL-certificate, too?
Yep.
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

Eric Veiras Galisson
Hi,

i share my hg repos via https and hgwebdir.cgi, using apache2 and a
self signed certificate, and have no problem.



On Sun, Sep 14, 2008 at 1:10 PM, behlma <[hidden email]> wrote:

>
> Andreas,
> could it be that we are missing a library? Anything? Me. Wants. SSL.
>
>
>
> behlma wrote:
>>
>>
>>
>> Andreas Piening wrote:
>>>
>>>>Please can you tell me, if you use a self-signed SSL-certificate, too?
>>>
>>
>> Yep.
>>
>>
>
> --
> View this message in context: http://www.nabble.com/%22ssl-required%22-while-trying-to-push-to-https-repository-tp19123064p19479319.html
> Sent from the Mercurial mailing list archive at Nabble.com.
>
> _______________________________________________
> Mercurial mailing list
> [hidden email]
> http://selenic.com/mailman/listinfo/mercurial
>



--
Eric Veiras Galisson
http://www.veiras.info
_______________________________________________
Mercurial mailing list
[hidden email]
http://selenic.com/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: "ssl required" while trying to push to https-repository

Daniel Cestari
In reply to this post by Andreas Piening
When running mercurial's hgweb script as a FastCGI process, this problem
appears, it is solved by adding a parameter called HTTPS with an "on" value.

An example of this on NGINX is:

server {
  listen 443;
  ...
  ...
  ...
  ssl stuff here
  ...
  ...
  fastcgi_pass socket:address;
  fastcgi_param NAME value;
  ...
  fastcgi_param HTTPS on;   #<-- IMPORTANT PART
  ...
}

Andreas Piening wrote
Hi mercurial-list,

I use mercurial 1.0.1-r2 and want to share my repositories with  
hgwebdir.cgi. I configured apache2 for ssl (https) and authentication  
and to use the hgwebdir.cgi for directory-listing and I rewrite  
anything to hgwebdir.cgi. ATM it looks like this:

<VirtualHost *:443>
         ServerName hg.myrepository.de
         DocumentRoot "/var/hg/hg.myrepository.de/"

         RewriteEngine On
         RewriteRule ^/(.*) /hgwebdir.cgi/$1

         <Directory "/var/hg/hg.myrepository.de/">
                 DirectoryIndex hgwebdir.cgi
                 AddHandler cgi-script .cgi
                 Options +ExecCGI +FollowSymLinks
                 AllowOverride None

                 # Controls who can get stuff from this server.
                 Order allow,deny
                 Allow from all

                 AuthUserFile /var/hg/hg.myrepository.de/.htpasswd
                 AuthName "My Mercurial Repositories"
                 AuthType Basic
                 Require valid-user
         </Directory>

         <IfModule mpm_peruser_module>
                 ServerEnvironment apache apache
         </IfModule>
</VirtualHost>

Since I want allways want use https for clone/pull AND push, I created  
a http-vhost which just redirects to this https-one. But I use https  
directly in my tests.

Everythin except pushing works out of the box:
I can access the hgwebdir and it shows up my testrepository.
The authentication works, and I can browse the repository and see  
changes that I've made on my testrepository directly on the filesystem.
I can clone the repository from https. The authentication comes up,  
works like a charm.

But when I do any sort of push, like
hg push https://hg.myrepository.de/testrepository/

I get this:
pushing to https://hg.myrepository.de/testrepository/
http authorization required
realm: My Mercurial Repositories
user: testuser
password:
searching for changes
ssl required

Seems like the searching for changes works, but then this "ssl  
required" message comes up.

Any help or hint would be appreciated.

Thank you in advance

Andreas Piening
_______________________________________________
Mercurial mailing list
Mercurial@selenic.com
http://selenic.com/mailman/listinfo/mercurial