* The error shown when a certificate can't be checked because no local store is found needs to spell out the `-Ossl.cert_reqs=none` parameter for getting the old insecure behaviour, and maybe a pointer to more help.
* Perhaps the error shown when a self-signed certificate doesn't validate against the local store also wants some love.
* An entry in doc/en/whats-new/whats-new-in-2.5.txt needs adding spelling out the user-facing aspects of this change, as it's a nice improvement but some people may need to change their configuration on upgrading.
Summarising from earlier rambling chat:
* The error shown when a certificate can't be checked because no local store is found needs to spell out the `-Ossl. cert_reqs= none` parameter for getting the old insecure behaviour, and maybe a pointer to more help. whats-new/ whats-new- in-2.5. txt needs adding spelling out the user-facing aspects of this change, as it's a nice improvement but some people may need to change their configuration on upgrading.
* Perhaps the error shown when a self-signed certificate doesn't validate against the local store also wants some love.
* An entry in doc/en/
The mercurial wiki page linked earlier is a useful comparison: mercurial. selenic. com/wiki/ CACertificates>
<http://