6dd4b07138eb8f479cc4205036c9d6a1794a9f80
galt
  Mon Nov 15 13:30:07 2021 -0800
Add domain exceptions whitelist for allowing us to configure a small number of exceptions that are old servers that are still incompatible with openssl. hg.conf setting httpsCertCheckDomainExceptions or env var https_cert_check_domain_exceptions. This setting is not intended to be used for new servers which should just be advised on correct openssl compatibility, which usually means getting their server to output their intermediate certs as well, or even the cert chain which is typically just 3 certs. refs #28458

diff --git src/product/mirrorManual.txt src/product/mirrorManual.txt
index 121d8b6..f8dd4d1 100644
--- src/product/mirrorManual.txt
+++ src/product/mirrorManual.txt
@@ -1335,30 +1335,33 @@
     getScriptName(), cartUsualString(cart, "formMethod", "POST"));
 
 If you add &formMethod=GET and a subsequently fetched form is still
 posting, you might need to alter the "<FORM..." statement to use the
 cartUsualString.
 
 The hg18 hgTracks config page generates a GET URL that is too long for
 FireFox, so after debugging hgTables, you will probably want to add
 &formMethod=POST to an URL (or clear cart, load session etc).
 
 One thing that does not work with GET is "upload file" inputs.
 
 # HTTPS Certificate Check for Verification Settings are: abort warn none
 # currently the default is warn
 httpsCertCheck=warn
+# domains to whitelist, skip cert checking, space-separated list
+httpsCertCheckDomainExceptions=somedomain1.com somedomain2.edu
+
 
 # Proxy support
 
 net.c now has support for http(s) proxy servers
 which may be required by some installations
 to get through the firewall to external resources
 such as (but not limited to) for example 
 bigWig or bigBed data via custom track bigDataUrl.
 
 One must add the setting "httpProxy", "httpsProxy", "ftpProxy" to hg.conf
 
     httpProxy=http://someProxyServer:3128
     httpsProxy=http://someProxyServer:3128
     ftpProxy=ftp://127.0.0.1:2121