2013/10/28 Ron Wilson <ronw.m...@gmail.com>:
> In any case, the cert displayed did not look like a self-signed cert, so I
> would be
> concerned that the incorrect cert was displayed.
The "jan-httpsproxytunnel" branch doesn't change anything
related to certificate handling. I just included the full logs
for completeness.
The problem in fossil trunk is that when doing a https
request through a http tunnel the "GET <host>:<port>/"
request is going to be encrypted, so there is no way for the
proxy to know where the request should be directed to.
Therefore, an unencrypted "CONNECT <host>:<port>"
must be sent to the proxy first, that's what is fixed in
the "jan-httpsproxytunnel" branch. I would welcome
this fix in trunk, the change looks good to me! Saving
the password from the URL is just a minor issue, it's
the only 'problem' I encountered.
> From the question/response dialog, I assume that Fossil was what rejected
> the
> cert, so I have to wonder why?
The cert was rejected because the issuing authority was not
registered as being thrusted yet, I think that's correct behavior.
> Beyond, I think there should be a choice between "yes, just this time" and
> "always now and all future times", specifically, "yes for the duration of
> this
> command", since Fossil often performs multiple HTTP/HTTPS exchanges
> during a pull/push/sync.
Yes, I agree, but that's not "jan-httpsproxytunnel"'s fault.
Regards,
Jan Nijtmans
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
