Hi Dmitry,
I built fossil with https support on Linux but it keeps asking me about the certificate even if I accept with 'a' (always). I tried merging trunk to ssl branch to see if it resolves the problem but it persists. If I keep saying 'a' to certificate prompts, I can clone successfully. But then if I sync, it again prompts me and then prints the REPLACE INTO statement in console, followed by a message to run fossil all rebuild, which also does not help. Please help. This is how I built it: fossil open fossil.fsl ssl vi Makefile (to enable FOSSIL_ENABLE_SSL=1) make This is fossil version [d92945e5da] 2009-11-09 21:22:32 UTC - Altu -----Original Message----- From: Dmitry Chestnykh <dch...@gmail.com> To: fossil-users@lists.fossil-scm.org Sent: Thu, Nov 5, 2009 7:07 am Subject: Re: [fossil-users] HTTPS implementation Okay, here's how I currently implemented it.Everything SSL is in http_ssl.c, which has a similar interface to http_socket.c, and http_transport.c calls these functions.When a user connects to https server, s/he's presented with "Unknown SSL certificate" prompt, which prints some values from certificate, for example:Unknown SSL certificate: countryName = RU stateOrProvinceName = Some-State organizationName = Coding Robots commonName = codingrobots.com emailAddress = x...@xxx.comissued By:...and asks him to decline, accept or always accept this certificate. (Usually, when using HTTPS, SSL certificates signed by trusted root CAs are automatically accepted, however this requires keeping a list of root certificates -- I ignored this for now -- all certificates are untrusted by default).If certificate is declined by the user, connection fails. If it's accepted, it continues.If user chooses to always accept a certificate, Fossil saves it to ~/.fossil database in global_config table with the following format:key=cert:hostnamevalue=PEM certificatewhere PEM certificate is a certificate saved in PEM (text) format:-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----The next time user connects to this hostname, Fossil looks up the certificate in global_config for the hostname and adds its to the trusted certificates list, so that user won't get prompted to accept it again.That's it. It works for me on Mac OS X. Though I haven't yet checked if it actually encrypts anything, but it should :-) (Need a working traffic sniffer...).Feel free to try to compile and test it: http://codingrobots.org/p/fossilPS Also, everything is under #isdef FOSSIL_ENABLE_SSL (which is currently defined in config.h). I'm not good in Makefiles and stuff, so I'm not sure how the actual configuration should be done.--Dmitry ChestnykhCoding Robotshttp://www.codingrobots.comdmi...@codingrobots.com_______________________________________________fossil-users mailing listfossil-us...@lists.fossil-scm.orghttp://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users