Hello, I'm not sure if my previous email made it into the list (I don't see it in archive), so I'll post the same details about implementation plus something I changed recently.
Here's an update on the current status of HTTPS implementation. First of all, I think it's ready :-) (I tested it on Ubuntu 9.10 and Mac OS X 10.6. Does anyone want to test it on Windows?). As OpenSSL may be not available on some platforms, and many people don't want external dependencies (other than zlib), I've made it disabled by default for now. If you want to compile Fossil with SSL support, use the following command: $ FOSSIL_ENABLE_SSL=1 make or edit Makefile and uncomment the line to always enable it. When you first connect to HTTPS server, Fossil will print description of certificate and ask you to accept, always accept or decline it (or it will automatically accept it if it's a proper certificate signed by certification authority, but only on Mac OS X -- see below). If you choose to always accept the certificate, Fossil will remember it in user configuration (~/.fossil). (global_config table, name=cert:hostname, value=<certificate in PEM format>). It will then automatically accept the same certificate for the same hostname. (If certificate changes, which is most likely to be a man-in-the-middle attack if you didn't change it, Fossil will issue a warning and ask to accept a new certificate -- this is how browsers behave). I choose not to include root CA certificates, because 1) it would require ~200 Kb of space, 2) root certificates must be compiled into fossil binary... imagine a 200 Kb string in .c file :-/ So, on most platforms you will be asked to accept certificate even if it was signed by CA (this is what browsers do for self-signed certificates). I don't think it's a problem. However, I learned that on Mac OS X OpenSSL integrates with Keychain, so for this platform certificates signed by CA will be accepted automatically. Changes to Fossil are: new file http_ssl.c (http://codingrobots.org/p/fossil/finfo?name=src/http_ssl.c), plus changes to http_transport.c, Makefile, makemake.tcl, main.mk. What is the consensus on including this into Fossil? Should I push changes into main repository? -- Dmitry Chestnykh Coding Robots http://www.codingrobots.com dmi...@codingrobots.com _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
