mercurial @1.9.3_0 SNI not supported?

[m@…]

It seems that port mercurial @1.9.3_0 does not support SNI (Server Name Indication) properly.

When hg connects to a server that hosts multiple virtual hosts with individual SSL certificates, it takes the first certificate always (thus, the certificate from the host that serves ​https://IP/).

In my ~\.hgrc I defined fingerprint F_B for server S_B. However, hg complains about an invalid certificate with fingerprint F_A. This fingerprint F_A belongs to server S_A, and not to S_B; thus, mercurial chooses the wrong certificate. As soon as I change the fingerprint of S_B to F_A (thus, an actually wrong one) in ~\.hgrc, it will work.

[m@…]

This issue could be caused to port openssl​ and / or port python27​. However, at the moment I have no way of replicating this issue without mercurial.

[ryandesign (Ryan Carsten Schmidt)]

Have you already reported this issue to the developers of mercurial? Or do you have reason to believe it's a MacPorts-specific problem?

[m@…]

Good point. After I had investigated this issue further, I was able to narrow it down to the fact that Mercurial does not support Python 3.2. While Python 3.2 supports SNI, 2.x does not and will never do. See ​http://mercurial.selenic.com/bts/issue3090 for more details.

I suggest you close this issue.

[deric@…]

Thanks for the rundown, closing.