Dear Richard,
--------------------------------------------
From: Richard Hipp <d...@sqlite.org>
Sent: Fri, 5 Dec 2014 13:22:40 -0500
To: fossil-dev@lists.fossil-scm.org
Subject: Re: [fossil-dev] Fossil-scm.org SSL login mismatch
>
That's because the multi-domain cert is for *www*.fossil-scm.org
I see the problem.
The only page that doesn't contain https://www.fossil-scm.org/fossil/login
Is https://www.fossil-scm.org/fossil/doc/tip/www/index.wiki
So you would just need to update the index.wiki page (or whatever page
contains the menu) to be https://www.fossil-scm.org/fossil/login
While we're talking about SSL, can Fossil support HSTS, disabling SSL v3,
forward secrecy?
Thanks,
JB
On Fri, Dec 5, 2014 at 11:30 AM, Jungle Boogie <jungleboog...@gmail.com>
wrote:
Hello All,
I'm not certain if this is expected behavior or an issue with the website
but when browsing to https://fossil-scm.org/index.html/login
(I would personally say the former)
Google Chrome tells me:
our connection is not private
Attackers might be trying to steal your information from fossil-scm.org
(for example, passwords, messages, or credit cards).
This server could not prove that it is fossil-scm.org; its security
certificate is from sqlite.org. This may be caused by a misconfiguration
or an attacker intercepting your connection.
However, prefixing the domain with a www. works:
https://www.fossil-scm.org/index.html/login
--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si
--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si
_______________________________________________
fossil-dev mailing list
fossil-dev@lists.fossil-scm.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/fossil-dev
