On Wed, Sep 22, 2010 at 7:29 AM, Richard Hipp <[email protected]> wrote: > > > On Wed, Sep 22, 2010 at 10:26 AM, Wes Freeman <[email protected]> wrote: >> >> It still happens to me on the current release. There is an open ticket >> here: >> http://www.fossil-scm.org/index.html/info/727af73f46 >> >> Wes > > I would welcome patches from anybody who understands SSL better then me.... >
FWIW, I'm still hoping work will settle down a bit so I can take a crack at this. If you look back on the mailing list, there was a bit of discussion and I put forth a patch to generate discussion about possible solutions. Briefly, the problem seems to be that fossil doesn't load the local certificate store. It's not an issue on OS X because for some reason openssl loads system and user certificate stores automatically. This may also be the case on windows, or it may require additional fiddling with the windows API. (IIRC, the actual error openssl is returning is X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT or similar). However, on Linux, the issue is more complicated because there is no "central" store like on OS X. I've seen the certificate store at /etc/pki/tls/cert.pem and /etc/ssl/certs/ca-certificates.crt and still others are just a directory full of certificates. Dr. Hipp suggested building in a set of default lookup locations (stored in the per-user fossil config) and allowing the user to manipulate those in case they weren't sufficient. -B >> >> On Wed, Sep 22, 2010 at 10:15 AM, Michael Barrow <[email protected]> >> wrote: >>> >>> On a couple of my machines, I'm getting the "I don't recognize this >>> certificate" error where fossil asks if you would like to accept now, not >>> accept, or accept forever. We say "a" to accept forever, but it continues to >>> ask us each time. I looked in the .fossil database and see an entry there >>> that has a stored cert. No, I didn't suck out that cert and confirm that it >>> is the right one, but I did delete it and fossil repopulated the database. >>> We're running: >>> This is fossil version [73c24ae363] 2010-03-18 14:20:33 UTC >>> Is it time to stop being lazy and jump forward a few releases? >>> >>> -- >>> Michael Barrow >>> michael at barrow dot me >>> >> >> _______________________________________________ >> fossil-users mailing list >> [email protected] >> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users >> > > > > -- > D. Richard Hipp > [email protected] > > _______________________________________________ > fossil-users mailing list > [email protected] > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > > _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
