HTTPS for Mercurial 1.9.2 on windows server 2008/IIS 7 giving me Errno 10054

Asked 4/10, 2011 at 16:10 Answered 29/6, 2013 at 17:3

Solved python iis-7 mercurial https tortoisehg

We are a small company (its a Microsoft shop) we are currently using subversion with VisualSVN installed (pretty easy to setup btw) I am currently evaluating Mercurial because of branching nightmare in svn.

So first i followed http://www.firegarden.com/software/hosting-mercurial-repo-iis7-windows-server-2008r2-x64-python-isapi-cgi with latest mercurial source code 1.9.2 and python 2.7 got the below error

Failed to import callback module 'hgwebdir_wsgi'
The specified module could not be found.

so i scratched that and then i followed this http://www.jeremyskinner.co.uk/mercurial-on-iis7/ and it worked until i reached the step Enabling SSL which is where the problem is. i even setup ssl certs using OpenSSL http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html still nothing. this is the error i get

URLError: [Errno 10054] An existing connection was forcibly closed by the remote host
[command returned code 255...]

Server side i have this hgweb.config

[collections]
C:\repository\hg = C:/repository/hg

[web]
#push_ssl = false
allow_push = *
baseurl = /hg
cacerts =

web.config

 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>
<system.webServer>
    <handlers>
        <add name="Python" path="*.cgi" verb="*" modules="CgiModule" scriptProcessor="C:\Python27\python.exe -u &quot;%s&quot;" resourceType="Unspecified" />
    </handlers>
    <rewrite>
        <rules>
            <rule name="rewrite to hgweb" patternSyntax="Wildcard">
                <match url="*" />
                <conditions>
                    <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                </conditions>
                <action type="Rewrite" url="hgweb.cgi/{R:1}" />
            </rule>
        </rules>
    </rewrite>
    <security>
         <requestFiltering>
           <requestLimits maxAllowedContentLength ="2147482624" />
        </requestFiltering>
    </security>
</system.webServer>
<system.web>
    <httpRuntime executionTimeout="540000" maxRequestLength="2097151"/>
</system.web>

client side hgrc

[paths]
default = https://webtest/hg/test/

[hostfingerprints]
webtest = 50:de:a4:d9:72:59:68:fd:91 ...

EDIT I tried to install MacHg on my macbook to test. i used http://machghelp.jasonfharris.com/kb/connections/how-do-i-add-a-server-certificate-or-fingerprint-for-https as walkthrough and it WORKS!! so this eliminates server(i.e.server can push & pull from both http & https) so now i am sure its my windows/TortoiseHg which has problem. (but following these steps for tortoiseHg gives me nothing :( )

EDIT2 One more finding... i can't even clone using https, it only works for http. I tried to clone one of codeplex projects using https and that works!...This is really frustrating

Am i missing something? any help will be appreciated.

Promise answered 4/10, 2011 at 16:10 Comment(7)

Try to connect https URL with just any browser - and show answer of IIS here (or grok it) – Polyandrist 4/10, 2011 at 18:7

it opens up default repository page with certificate error – Promise 4/10, 2011 at 18:47

Which cert error??? If it's untrustred root due to self-signed cert - add it to trustedRoot (if nobody suggest better solution) – Polyandrist 4/10, 2011 at 18:51

Server certificate cannot be checked.doesnot match server the URL. But its same for my svn server too and it works without any problem – Promise 4/10, 2011 at 19:47

You should write in to the Mercurial mailing list. They will probably provide the best help. – Alchemize 5/10, 2011 at 20:12

Thank you @paul, i will try that and post my findings – Promise 5/10, 2011 at 22:20

Shameless plug here, but do try hglabhq.com . – Pastorship 1/7, 2013 at 9:45

It worked when i used Older version i.e. Mercurial 1.8.4. So i stopped investigating any further

Promise answered 22/12, 2011 at 18:55 Comment(0)

Setting up certificates with Mercurial is described in https://www.mercurial-scm.org/wiki/CACertificates

On this page there is that note that says "use openssl, not IIS, to generate certificates" - apparently an IIS7 self-signed certificates does not validate in the SSL library used by Mercurial.

If you install TortoiseHg, your Mercurial certificates will be read from hgrc.d/cacert.pm. This means you must add your self-signed certificate here.

Otherwise, the most efficient way to get help troubleshooting your installation is via Mercurial IRC

Rale answered 14/10, 2011 at 19:33 Comment(0)

It worked when i used Older version i.e. Mercurial 1.8.4. So i stopped investigating any further

Promise answered 22/12, 2011 at 18:55 Comment(0)

Make sure you go into IIS SSL settings and check "ignore" on client certificates.

Hyaline answered 21/6, 2013 at 17:57 Comment(0)

I'm just posting this for anyone else coming into the thread from a search.

There's currently an issue using the largefiles extension in the mercurial python module when hosted via IIS. See this post if you're encountering issues pushing large changesets (or large files) to IIS via TortoiseHg.

The problem ultimlately turns out to be a bug in SSL processing introduced Python 2.7.3 (probably explaining why there are so many unresolve posts of people looking for problems with Mercurial). Rolling back to Python 2.7.2 let me get a little further ahead (blocked at 30Mb pushes instead of 15Mb), but to properly solve the problem I had to install the IISCrypto utility to completely disable transfers over SSLv2.

Simard answered 28/6, 2013 at 19:46 Comment(0)

I wrote up some detailed instructions for getting Mercurial to work under IIS. We're on Mercurial 2.6, and it works.

Chian answered 29/6, 2013 at 17:3 Comment(0)

Recommended topics

Hot tags