I am trying to access BitBucket from work. The only access to the Internet is through an authentication HTTP proxy, which proxies HTTP on port 8080 and SSL on port 8070. This proxy server conducts a man-in-the-middle attack on SSL connections, browsers can only create HTTPS connections to the Internet from -for installing a fake Websense certificate for all customers.
I can connect to BitBucket using Git, but not using Mercurial. I am using Mercurial version 2.0.2.
With Git, I use the following configuration in .gitconfig
[user] name = Firstname Lastname email = firstname_lastname@domain.co.uk [http] proxy = http://name: password@nnn.nnn.nnn.nnn :8080
And can clone the repository with the following command
D:\MercurialTesting>git clone http:// Firstname_Lastname@bitbucket.org /Firstname_Lastname/bb102repo.git test1 Cloning into 'test1'... Password for 'bitbucket.org': remote: Counting objects: 3, done. remote: Total 3 (delta 0), reused 0 (delta 0) Unpacking objects: 100% (3/3), done. D:\MercurialTesting>
With the addition of this configuration setting
[http] sslverify = false
I can also clone the repository via https url https: // Firstname_Lastname@bitbucket.org /Firstname_Lastname/bb102repo.git
Using Mercurial, although this is a different story. Using the following configuration in mercurial.ini
[http_proxy] host = nnn.nnn.nnn.nnn:8080 user = firstname_lastname@domain.co.uk passwd = password
Mercurial will access my own Mercurial server at home without any problems.
D:\MercurialTesting>hg --debug clone http://nnn.nnn.nnn.nnn/hg/Workspaces/Test1 using http://nnn.nnn.nnn.nnn/hg/Workspaces/Test1 proxying through http://nnn.nnn.nnn.nnn:8080 sending capabilities command http authorization required realm: Mercurial Repositories user: username password: http auth: user username, password ******* destination directory: Test1 query 1; heads sending batch command http auth: user username, password ******* requesting all changes sending getbundle command http auth: user username, password ******* adding changesets changesets: 1 chunks add changeset 711ff2c6f5b2 changesets: 2 chunks add changeset 9034b963b4c1 . . .
Using the same configuration and trying to access BitBucket through Mercurial, it just hangs.
D:\MercurialTesting>hg --debug clone http://bitbucket.org/Firstname_Lastname/bb101repo using http://bitbucket.org/Firstname_Lastname/bb101repo proxying through http://nnn.nnn.nnn.nnn:8080 sending capabilities command abort: error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond D:\MercurialTesting>
Using the same configuration with SSL through the url https://bitbucket.org/Firstname_Lastname/bb101repo Mercurial hangs exactly the same. During this process, Wireshark does not detect network activity at all.
Changing the settings in Mercurial.ini to match the port through which the proxy server serves SSL is not affected. Setting the http_proxy environment variable does not matter, but setting the https_proxy environment variable completely changes the output. Setting https_proxy and adding --insecure to the hg command invokes:
D:\MercurialTesting>hg --debug clone http://bitbucket.org/Firstname_Lastname/bb101repo --insecure using http://bitbucket.org/Firstname_Lastname/bb101repo proxying through http://nnn.nnn.nnn.nnn:8080 sending capabilities command warning: bitbucket.org certificate with fingerprint 79:ce:0d:30:b0:17:29:6a:d1:9f:dd:d3:62:80:70:28:5e:9f:c2:e3 not verified (check hostfingerprints or web.cacerts config setting) http authorization required realm: Bitbucket.org HTTP user: Firstname_Lastname password: http auth: user Firstname_Lastname, password *** warning: bitbucket.org certificate with fingerprint 79:ce:0d:30:b0:17:29:6a:d1:9f:dd:d3:62:80:70:28:5e:9f:c2:e3 not verified (check hostfingerprints or web.cacerts config setting) abort: HTTP Error 502: Success D:\MercurialTesting>
And now Wireshark detects the exchange between my workstation and the proxy server. What I find most confusing is that nothing changes the fact that I set https_proxy, hg always uses the http proxy parameter from Mercurial.ini and produces the same output above, regardless of whether I set the https_proxy to the correct data for SSL proxy or complete trash. The only difference is that if the https_proxy environment variable is not set at all, then hg just freezes, as described above.
The formats for https_proxy that I tried include all the options:
https_proxy=ip.ip.ip.ip:8070 https_proxy=ip.ip.ip.ip:8080 https_proxy=username: password@ip.ip.ip.ip :8070 https_proxy=username: password@ip.ip.ip.ip :8080 https_proxy=http://ip.ip.ip.ip:8070 https_proxy=http://ip.ip.ip.ip:8080 https_proxy=http://username: password@ip.ip.ip.ip :8070 https_proxy=http://username: password@ip.ip.ip.ip :8080
The results are the same no matter what I installed it on.
So the questions I could really help with are:
Why can I access my Mercurial repositories at home, but not on BitBucket?
Why can I access BitBucket using Git, but not with Mercurial, using the same configuration?
Does anyone have any ideas how I can make this work, or what can I check next?