Having resolved recent SSL certificate issues with Mercurial/TortoiseHG, I now encountered a similar issue with the wildcard certificate for
*.google.com where getting a clone would result in a
"SSL: Server certificate verify failed" error.
One way around this issue is to add the fingerprint for this certificate to your configuration. Currently for
*.google.com this is
00:d5:88:35:29:b9:7f:03:92:60:c2:04:e4:b7:01:f0:07:53:15:a8 and one way to get this from a Unix command line is with
openssl s_client -connect code.google.com:443 < /dev/null 2> /dev/null | openssl x509 -in cert-code -fingerprint -noout -in /dev/stdin | tr "[:upper:]" "[:lower:]". This corresponds with Chrome’s certificate view’s thumbprint field, you just need to add colons.
Right click in Explorer, select
TortoiseHG » Global Settings and then click
Edit File and add the following:
code.google.com = 00:d5:88:35:29:b9:7f:03:92:60:c2:04:e4:b7:01:f0:07:53:15:a8
This should make Mercurial/TortoiseHG work, at least until the certificate expires and you need to update it with the latest fingerprint.