On 05/31/11 09:47, Steve Landers wrote: > I've been quite happily using fossil over https until yesterday, when my SSL > certificate was due to expire and rather than renew it, I purchased another > one for the domain. This meant the installed certificate was different that > the previous one, and now I'm getting the "WARNING: Certificate doesn't > match the saved certificate for this host!" message on all operations that > touch the server. When prompted to "Accept certificate [a=always/y/N]? " I > answer always, but I am still prompted each time. > > I tried re-setting the remote url using "fossil remote-url" but still the > same. > > I search of the mailing list archives didn't point out anything obvious to > me, but I do admit I might have skimmed over useful insights. > > So, before I code dive can anyone shed any light on what (if anything) is > wrong. Including my expectations?
It's probably related to: http://www.fossil-scm.org/index.html/info/727af73f46 I don't remember the details, but I think the problem is that if some sort of SSL verification error occurs, it doesn't reach the function which is supposed to cache the server certificate (even if you've told it to do so). It may be that because the old server certificate is cached, a mismatch occurs, and the new one isn't cached over the old one. (Again, I'm not sure I remember all the details). If you manually remove the cached server certificate using the sqlite3 command, you may be able to unconditionally cache the new server certificate. -- Kind regards, Jan Danielsson
signature.asc
Description: OpenPGP digital signature
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
